mitgliederverwaltung/CHANGELOG.md

# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

### Added
- **Improved OIDC-only mode** – Admin can enable “Only OIDC sign-in” in settings; when enabled, direct registration is disabled and sign-in page redirects to OIDC when configured.
- **Success toast auto-dismiss** – Success flash messages (e.g. “Settings saved”) hide automatically after 5 seconds instead of requiring the user to close them.

### Changed
- **Unauthenticated access** – Users who are not logged in are redirected to sign-in without showing a “no permission” message; the message is only shown to logged-in users who lack access.

### Fixed
- **SMTP configuration** – Repaired so that both port 587 (TLS/STARTTLS) and 465 (SSL) work correctly.

## [1.1.0] - 2026-03-13

### Added
- **Browser timezone for datetime display** – Date/time values (e.g. join request submitted at, approved at, rejected at) are shown in the user’s local timezone.
- **Registration toggle** – New global setting to disable direct registration (`/register`). When disabled, visitors are redirected to sign-in and the register link is hidden; join form remains available.
- **Configurable SMTP in global settings** – SMTP host, port, user, password, and TLS options configurable via Admin → Global Settings. Test-email action to verify delivery. Join confirmation and other transactional emails use this configuration.
- **Theme and language selector on unauthenticated pages** – Sign-in and join pages now offer theme (light/dark) and locale (e.g. German/English) controls in the header.
- **Duplicate-email handling for join form** – If an applicant’s email is already a member or already has a pending join request, the system sends a clarifying email (already-member or already-pending) and shows the same success message (anti-enumeration).
- **Reviewed-by display for join requests** – Approval UI shows who reviewed a request via a dedicated display field, without loading the User record.
- **Improved field order and seeds for join request approval** – Approval screen field order improved; seed data updated for join-form and approval flows.
- **Tests for SMTP mailer configuration** – Tests for SMTP config and for join confirmation email delivery failure (domain and LiveView).

### Changed
- **SMTP settings layout** – SMTP options reordered and grouped in global settings for clearer configuration.
- **Join confirmation mail** – Uses configurable SMTP from settings; on delivery failure the join form shows an error and no success message.
- **i18n** – Gettext catalogs updated for new and changed strings.

### Fixed
- **Login page translation** – Corrected translation/locale handling on the sign-in page.

---

## [1.0.0] and earlier

### Added
- **Roles and Permissions System (RBAC)** - Complete implementation (#345, 2026-01-08)
  - Four hardcoded permission sets: `own_data`, `read_only`, `normal_user`, `admin`
  - Database-backed roles with permission set references
  - Member resource policies with scope filtering (`:own`, `:linked`, `:all`)
  - Authorization checks via `Mv.Authorization.Checks.HasPermission`
  - System role protection (critical roles cannot be deleted)
  - Role management UI at `/admin/roles`
- **Membership Fees System** - Full implementation
  - Membership fee types with intervals (monthly, quarterly, half_yearly, yearly)
  - Individual billing cycles per member with payment status tracking
  - Cycle generation and regeneration
  - Global membership fee settings
  - UI components for fee management
- **Global Settings Management** - Singleton settings resource
  - Club name configuration (with environment variable support)
  - Member field visibility settings
  - Membership fee default settings
- **Sidebar Navigation** - Replaced navbar with standard-compliant sidebar (#260, 2026-01-12)
- **CSV Import Templates** - German and English templates (#329, 2026-01-13)
  - Template files in `priv/static/templates/`
  - CSV specification documented
- User-Member linking with fuzzy search autocomplete (#168)
- PostgreSQL trigram-based member search with typo tolerance
- WCAG 2.1 AA compliant autocomplete dropdown with ARIA support
- Bilingual UI (German/English) for member linking workflow
- **Bulk email copy feature** - Copy email addresses of selected members to clipboard (#230)
  - Email format: "First Last <email>" with semicolon separator (compatible with email clients)
  - CopyToClipboard JavaScript hook with fallback for older browsers
  - Button shows count of visible selected members (respects search/filter)
  - German/English translations
- Docker secrets support via `_FILE` environment variables for all sensitive configuration (SECRET_KEY_BASE, TOKEN_SIGNING_SECRET, OIDC_CLIENT_SECRET, DATABASE_URL, DATABASE_PASSWORD)

### Changed
- **Actor Handling Refactoring** (2026-01-09)
  - Standardized actor access with `current_actor/1` helper function
  - `ash_actor_opts/1` helper for consistent authorization options
  - `submit_form/3` wrapper for form submissions with actor
  - All Ash operations now properly pass `actor` parameter
- **Error Handling Improvements** (2026-01-13)
  - Replaced `Ash.read!` with proper error handling in LiveViews
  - Consistent flash message handling for authorization errors
  - Early return patterns for unauthenticated users

### Fixed
- Email validation false positive when linking user and member with identical emails (#168 Problem #4)
- Relationship data extraction from Ash manage_relationship during validation
- Copy button count now shows only visible selected members when filtering
- Language headers in German `.po` files (corrected from "en" to "de")
- Critical deny-filter bug in authorization system (2026-01-08)
- HasPermission auto_filter and strict_check implementation (2026-01-08)