local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 51 Pull requests 13 Projects 1 Releases Packages 1 Activity Actions
mitgliederverwaltung/docs/feature-roadmap.md
Moritz c8968636a8
All checks were successful
continuous-integration/drone/push Build is passing
Details
feat: remove birth_date field from Member resource 
Users who need birthday data can use custom fields instead.
Closes #161
2025-12-02 14:58:50 +01:00

31 KiB
Raw Blame History

Feature Roadmap & Implementation Plan

Project: Mila - Membership Management System
Last Updated: 2025-11-10
Status: Planning Phase

Table of Contents

  1. Phase 1: Feature Area Breakdown
  2. Phase 2: API Endpoint Definition
  3. Phase 3: Implementation Task Creation
  4. Phase 4: Task Organization and Prioritization

Phase 1: Feature Area Breakdown

Feature Areas

1. Authentication & Authorization 🔐

Current State:

  • OIDC authentication (Rauthy)
  • Password-based authentication
  • User sessions and tokens
  • Basic authentication flows
  • OIDC account linking with password verification (PR #192, closes #171)
  • Secure OIDC email collision handling (PR #192)
  • Automatic linking for passwordless users (PR #192)

Closed Issues:

  • #171 - OIDC handling and linking (closed 2025-11-13)

Open Issues:

  • #146 - Translate "or" in the login screen (Low)
  • #144 - Add language switch dropdown to login screen (Low)

Missing Features:

  • Role-based access control (RBAC)
  • Permission system
  • Password reset flow
  • Email verification
  • Two-factor authentication (future)

Related Issues:

  • #191 - Implement Roles in Ash (M)
  • #190 - Implement Permissions in Ash (M)
  • #151 - Define implementation plan for roles and permissions (M) [3/7 tasks done]

2. Member Management 👥

Current State:

  • Member CRUD operations
  • Member profile with personal data
  • Address management
  • Membership status tracking
  • Full-text search (PostgreSQL tsvector)
  • Fuzzy search with trigram matching (PR #187, closes #162)
  • Combined FTS + trigram search (PR #187)
  • 6 GIN trigram indexes for fuzzy matching (PR #187)
  • Sorting by basic fields
  • User-Member linking (optional 1:1)
  • Email synchronization between User and Member
  • Bulk email copy - Copy selected members' email addresses to clipboard (Issue #230)

Closed Issues:

  • #162 - Fuzzy and substring search (closed 2025-11-12)

Open Issues:

  • #169 - Allow combined creation of Users/Members (M, Low priority)
  • #168 - Allow user-member association in edit/create views (M, High priority)
  • #165 - Pagination for list of members (S, Low priority)
  • #160 - Implement clear icon in searchbar (S, Low priority)
  • #154 - Concept advanced search (Low priority, needs refinement)

Missing Features:

  • Advanced filters (date ranges, multiple criteria)
  • Pagination (currently all members loaded)
  • Bulk operations (bulk delete, bulk update)
  • Member import/export (CSV, Excel)
  • Member profile photos/avatars
  • Member history/audit log
  • Duplicate detection

3. Custom Fields (CustomFieldValue System) 🔧

Current State:

  • CustomFieldValue types (string, integer, boolean, date, email)
  • CustomFieldValue type management
  • Dynamic custom field value assignment to members
  • Union type storage (JSONB)
  • Default field visibility configuration

Closed Issues:

  • #194 - Custom Fields: Harden implementation (S)
  • #197 - Custom Fields: Add option to show custom fields in member overview (M)
  • #161 - Remove birthday field from default configuration (S) - Closed 2025-12-02

Open Issues:

  • #157 - Concept how custom fields are handled (M, High priority) [0/4 tasks]
  • #153 - Sorting functionalities for custom fields (M, Low priority)

Missing Features:

  • Field groups/categories
  • Conditional fields (show field X if field Y = value)
  • Field validation rules (min/max, regex patterns)
  • Required custom fields
  • Multi-select fields
  • File upload fields
  • Sorting by custom fields
  • Searching by custom fields

4. User Management 👤

Current State:

  • User CRUD operations
  • User list view
  • User profile view
  • Admin password setting
  • User-Member relationship

Missing Features:

  • User roles assignment UI
  • User permissions management
  • User activity log
  • User invitation system
  • User onboarding flow
  • Self-service profile editing
  • Password change flow

5. Navigation & UX 🧭

Current State:

  • Basic navigation structure
  • Navbar with profile button
  • Member list as landing page
  • Breadcrumbs (basic)

Open Issues:

  • #188 - Check if searching just on typing is accessible (S, Low priority)
  • #174 - Accessibility - aria-sort in tables (S, Low priority)

Missing Features:

  • Dashboard/Home page
  • Quick actions menu
  • Recent activity widget
  • Keyboard shortcuts
  • Mobile navigation
  • Context-sensitive help
  • Onboarding tooltips

6. Internationalization (i18n) 🌍

Current State:

  • Gettext integration
  • German translations
  • English translations
  • Translation files for auth, errors, default

Open Issues:

  • #146 - Translate "or" in the login screen (Low)
  • #144 - Add language switch dropdown to login screen (Low)

Missing Features:

  • Language switcher UI
  • User-specific language preferences
  • Date/time localization
  • Number formatting (currency, decimals)
  • Complete translation coverage
  • RTL support (future)

7. Payment & Fees Management 💰

Current State:

  • Basic "paid" boolean field on members
  • ⚠️ No payment tracking

Open Issues:

  • #156 - Set up & document testing environment for vereinfacht.digital (L, Low priority)

Missing Features:

  • Membership fee configuration
  • Payment records/transactions
  • Payment history per member
  • Payment reminders
  • Payment status tracking (pending, paid, overdue)
  • Invoice generation
  • vereinfacht.digital API integration
  • SEPA direct debit support
  • Payment reports

Related Milestones:

  • Import transactions via vereinfacht API

8. Admin Panel & Configuration ⚙️

Current State:

  • AshAdmin integration (basic)
  • ⚠️ No user-facing admin UI

Open Issues:

  • #186 - Create Architecture docs in Repo (S, Low priority)

Missing Features:

  • Global settings management
  • Club/Organization profile
  • Email templates configuration
  • CustomFieldValue type management UI (user-facing)
  • Role and permission management UI
  • System health dashboard
  • Audit log viewer
  • Backup/restore functionality

Related Milestones:

  • As Admin I can configure settings globally

9. Communication & Notifications 📧

Current State:

  • Swoosh mailer integration
  • Email confirmation (via AshAuthentication)
  • Password reset emails (via AshAuthentication)
  • ⚠️ No member communication features

Missing Features:

  • Email broadcast to members
  • Email templates (customizable)
  • Email to member groups/filters

10. Reporting & Analytics 📊

Current State:

  • No reporting features

Missing Features:

  • Member statistics dashboard
  • Membership growth charts
  • Payment reports
  • Custom report builder
  • Export to PDF/CSV/Excel
  • Scheduled reports
  • Data visualization

11. Data Import/Export 📥📤

Current State:

  • Seed data script
  • ⚠️ No user-facing import/export

Missing Features:

  • CSV import for members
  • Excel import for members
  • Import validation and preview
  • Import error handling
  • Bulk data export
  • Backup export
  • Data migration tools

12. Testing & Quality Assurance 🧪

Current State:

  • ExUnit test suite
  • Unit tests for resources
  • Integration tests for email sync
  • LiveView tests
  • Component tests
  • CI/CD pipeline (Drone)

Missing Features:

  • E2E tests (browser automation)
  • Performance testing
  • Load testing
  • Security penetration testing
  • Accessibility testing automation
  • Visual regression testing
  • Test coverage reporting

13. Infrastructure & DevOps 🚀

Current State:

  • Docker Compose for development
  • Production Dockerfile
  • Drone CI/CD pipeline
  • Renovate for dependency updates
  • ⚠️ No staging environment

Open Issues:

  • #186 - Create Architecture docs in Repo (S, Low priority)

Missing Features:

  • Staging environment
  • Automated deployment
  • Database backup automation
  • Monitoring and alerting
  • Error tracking (Sentry, etc.)
  • Log aggregation
  • Health checks and uptime monitoring

Related Milestones:

  • We have a staging environment
  • We implement security measures

14. Security & Compliance 🔒

Current State:

  • OIDC authentication
  • Password hashing (bcrypt)
  • CSRF protection
  • SQL injection prevention (Ecto)
  • Sobelow security scans
  • Dependency auditing

Missing Features:

  • Role-based access control (see #1)
  • Audit logging
  • GDPR compliance features (data export, deletion)
  • Session management (timeout, concurrent sessions)
  • Rate limiting
  • IP whitelisting/blacklisting
  • Security headers configuration
  • Data retention policies

Related Milestones:

  • We implement security measures

15. Accessibility & Usability

Current State:

  • Semantic HTML
  • Basic ARIA labels
  • ⚠️ Needs comprehensive audit

Open Issues:

  • #188 - Check if searching just on typing is accessible (S, Low priority)
  • #174 - Accessibility - aria-sort in tables (S, Low priority)

Missing Features:

  • Comprehensive accessibility audit (WCAG 2.1 Level AA)
  • Keyboard navigation improvements
  • Screen reader optimization
  • High contrast mode
  • Font size adjustments
  • Focus management
  • Skip links
  • Error announcements

Feature Area Summary

Feature Area Current Status Priority Complexity
Authentication & Authorization 60% complete High Medium
Member Management 85% complete High Low-Medium
Custom Fields 50% complete High Medium
User Management 60% complete Medium Low
Navigation & UX 50% complete Medium Low
Internationalization 70% complete Low Low
Payment & Fees 5% complete High High
Admin Panel 20% complete Medium Medium
Communication 30% complete Medium Medium
Reporting 0% complete Medium Medium-High
Import/Export 10% complete Low Medium
Testing & QA 60% complete Medium Low-Medium
Infrastructure 70% complete Medium Medium
Security 50% complete High Medium-High
Accessibility 40% complete Medium Medium

Open Milestones (From Issues)

  1. Ich kann einen neuen Kontakt anlegen (Closed)
  2. I can search through the list of members - fulltext (Closed) - #162 implemented (Fuzzy Search), #154 needs refinement
  3. 🔄 I can sort the list of members for specific fields (Open) - Related: #153
  4. 🔄 We have a intuitive navigation structure (Open)
  5. 🔄 We have different roles and permissions (Open) - Related: #191, #190, #151
  6. 🔄 As Admin I can configure settings globally (Open)
  7. Accounts & Logins (Partially closed) - #171 implemented (OIDC linking), #169/#168 still open
  8. 🔄 I can add custom fields (Open) - Related: #194, #157, #161
  9. 🔄 Import transactions via vereinfacht API (Open) - Related: #156
  10. 🔄 We have a staging environment (Open)
  11. 🔄 We implement security measures (Open)

Phase 2: API Endpoint Definition

Endpoint Types

Since this is a Phoenix LiveView application with Ash Framework, we have three types of endpoints:

  1. LiveView Endpoints - Mount points and event handlers
  2. HTTP Controller Endpoints - Traditional REST-style endpoints
  3. Ash Resource Actions - Backend data layer API

Authentication Requirements Legend

  • 🔓 Public - No authentication required
  • 🔐 Authenticated - Requires valid user session
  • 👤 User Role - Requires specific user role
  • 🛡️ Admin Only - Requires admin privileges

1. Authentication & Authorization Endpoints

HTTP Controller Endpoints

Method Route Purpose Auth Request Response
GET /auth/user/password/sign_in Show password login form 🔓 - HTML form
POST /auth/user/password/sign_in Submit password login 🔓 {email, password} Redirect + session cookie
GET /auth/user/rauthy Initiate OIDC flow 🔓 - Redirect to Rauthy
GET /auth/user/rauthy/callback Handle OIDC callback 🔓 {code, state} Redirect + session cookie
POST /auth/user/sign_out Sign out user 🔐 - Redirect to login
GET /auth/user/password/reset Show password reset form 🔓 - HTML form
POST /auth/user/password/reset Request password reset 🔓 {email} Success message + email sent
GET /auth/user/password/reset/:token Show reset password form 🔓 - HTML form
POST /auth/user/password/reset/:token Submit new password 🔓 {password, password_confirmation} Redirect to login

Ash Resource Actions

Resource Action Purpose Auth Input Output
User :sign_in_with_password Password authentication 🔓 {email, password} {:ok, user} or {:error, reason}
User :sign_in_with_rauthy OIDC authentication 🔓 {oidc_id, email, user_info} {:ok, user} or {:error, reason}
User :register_with_password Create user with password 🔓 {email, password} {:ok, user}
User :register_with_rauthy Create user via OIDC 🔓 {oidc_id, email} {:ok, user}
User :request_password_reset Generate reset token 🔓 {email} {:ok, token}
User :reset_password Reset password with token 🔓 {token, password} {:ok, user}
Token :revoke Revoke authentication token 🔐 {jti} {:ok, token}

NEW: Role & Permission Actions (Issue #191, #190, #151)

Resource Action Purpose Auth Input Output
Role :create Create new role 🛡️ {name, description, permissions} {:ok, role}
Role :list List all roles 🔐 - [%Role{}]
Role :update Update role 🛡️ {id, name, permissions} {:ok, role}
Role :delete Delete role 🛡️ {id} {:ok, role}
User :assign_role Assign role to user 🛡️ {user_id, role_id} {:ok, user}
User :remove_role Remove role from user 🛡️ {user_id, role_id} {:ok, user}
Permission :list List all permissions 🔐 - [%Permission{}]
Permission :check Check user permission 🔐 {user_id, resource, action} {:ok, boolean}

2. Member Management Endpoints

LiveView Endpoints

Mount Purpose Auth Query Params Events
/members Member list with search/sort 🔐 ?search=&sort_by=&sort_dir= search, sort, delete, select
/members/new Create new member form 🔐 - save, cancel, add_custom_field_value
/members/:id Member detail view 🔐 - edit, delete, link_user
/members/:id/edit Edit member form 🔐 - save, cancel, add_custom_field_value, remove_custom_field_value

LiveView Event Handlers

Event Purpose Params Response
search Trigger search %{"search" => query} Update member list
sort Sort member list %{"field" => field} Update sorted list
delete Delete member %{"id" => id} Redirect to list
save Create/update member %{"member" => attrs} Redirect or show errors
link_user Link user to member %{"user_id" => id} Update member view
unlink_user Unlink user from member - Update member view
add_custom_field_value Add custom field value %{"custom_field_id" => id, "value" => val} Update form
remove_custom_field_value Remove custom field value %{"custom_field_value_id" => id} Update form

Ash Resource Actions

Resource Action Purpose Auth Input Output
Member :create_member Create member 🔐 {first_name, last_name, email, ...} {:ok, member}
Member :read List/search members 🔐 {search, sort_by, limit, offset} [%Member{}]
Member :update_member Update member 🔐 {id, attrs} {:ok, member}
Member :destroy Delete member 🔐 {id} {:ok, member}
Member :search_fulltext Full-text search 🔐 {query} [%Member{}]
Member :link_to_user Link member to user 🔐 {member_id, user_id} {:ok, member}
Member :unlink_from_user Unlink from user 🔐 {member_id} {:ok, member}

NEW: Enhanced Search & Filter Actions (Issue #162, #154, #165)

Resource Action Purpose Auth Input Output
Member :fuzzy_search Fuzzy text search 🔐 {query, threshold} [%Member{}]
Member :advanced_search Multi-criteria search 🔐 {filters: [{field, op, value}]} [%Member{}]
Member :paginate Paginated member list 🔐 {page, per_page, filters} {members, total, page_info}
Member :sort_by_custom_field Sort by custom field 🔐 {custom_field_id, direction} [%Member{}]
Member :bulk_delete Delete multiple members 🛡️ {ids: [id1, id2, ...]} {:ok, count}
Member :bulk_update Update multiple members 🛡️ {ids, attrs} {:ok, count}
Member :export Export to CSV/Excel 🔐 {format, filters} File download
Member :import Import from CSV 🛡️ {file, mapping} {:ok, imported_count, errors}

3. Custom Fields (CustomFieldValue System) Endpoints

LiveView Endpoints

Mount Purpose Auth Events
/custom-fields List custom fields 🛡️ new, edit, delete
/custom-fields/new Create custom field 🛡️ save, cancel
/custom-fields/:id/edit Edit custom field 🛡️ save, cancel, delete

Ash Resource Actions

Resource Action Purpose Auth Input Output
CustomField :create Create custom field 🛡️ {name, value_type, description, ...} {:ok, custom_field}
CustomField :read List custom fields 🔐 - [%CustomField{}]
CustomField :update Update custom field 🛡️ {id, attrs} {:ok, custom_field}
CustomField :destroy Delete custom field 🛡️ {id} {:ok, custom_field}
CustomFieldValue :create Add custom field value to member 🔐 {member_id, custom_field_id, value} {:ok, custom_field_value}
CustomFieldValue :update Update custom field value 🔐 {id, value} {:ok, custom_field_value}
CustomFieldValue :destroy Remove custom field value 🔐 {id} {:ok, custom_field_value}

NEW: Enhanced Custom Fields (Issue #194, #157, #161, #153)

Resource Action Purpose Auth Input Output
CustomField :set_default_visibility Show/hide by default 🛡️ {id, visible} {:ok, custom_field}
CustomField :set_required Mark as required 🛡️ {id, required} {:ok, custom_field}
CustomField :add_validation Add validation rule 🛡️ {id, rule_type, params} {:ok, custom_field}
CustomField :create_group Create field group 🛡️ {name, custom_field_ids} {:ok, group}
CustomFieldValue :validate_value Validate custom field value 🔐 {custom_field_id, value} {:ok, valid} or {:error, reason}

4. User Management Endpoints

LiveView Endpoints

Mount Purpose Auth Events
/users User list 🛡️ new, edit, delete, assign_role
/users/new Create user form 🛡️ save, cancel
/users/:id User detail view 🔐 edit, delete, change_password
/users/:id/edit Edit user form 🔐 save, cancel, link_member
/profile Current user profile 🔐 edit, change_password

Ash Resource Actions

Resource Action Purpose Auth Input Output
User :create_user Create user (admin) 🛡️ {email, member_id?} {:ok, user}
User :read List users 🛡️ - [%User{}]
User :update_user Update user 🔐 {id, email, member_id?} {:ok, user}
User :destroy Delete user 🛡️ {id} {:ok, user}
User :admin_set_password Set password (admin) 🛡️ {id, password} {:ok, user}
User :change_password Change own password 🔐 {current_password, new_password} {:ok, user}

NEW: Combined User/Member Management (Issue #169, #168)

Resource Action Purpose Auth Input Output
User :create_with_member Create user + member together 🛡️ {user: {...}, member: {...}} {:ok, %{user, member}}
User :invite_user Send invitation email 🛡️ {email, role_id, member_id?} {:ok, invitation}
User :accept_invitation Accept invitation 🔓 {token, password} {:ok, user}

5. Navigation & UX Endpoints

LiveView Endpoints

Mount Purpose Auth Events
/ Dashboard/Home 🔐 -
/dashboard Dashboard view 🔐 Contextual based on role

HTTP Controller Endpoints

Method Route Purpose Auth Request Response
GET /health Health check 🔓 - {"status": "ok"}
GET / Root redirect - - Redirect to dashboard or login

6. Internationalization Endpoints

HTTP Controller Endpoints

Method Route Purpose Auth Request Response
POST /locale Set user locale 🔐 {locale: "de"} Redirect with cookie
GET /locales List available locales 🔓 - ["de", "en"]

7. Payment & Fees Management Endpoints

LiveView Endpoints (NEW - Issue #156)

Mount Purpose Auth Events
/payments Payment list 🔐 new, record_payment, send_reminder
/payments/:id Payment detail 🔐 edit, delete, mark_paid
/fees Fee configuration 🛡️ create, edit, delete
/invoices Invoice list 🔐 generate, download, send

Ash Resource Actions (NEW)

Resource Action Purpose Auth Input Output
Fee :create Create fee type 🛡️ {name, amount, frequency} {:ok, fee}
Fee :read List fees 🔐 - [%Fee{}]
Payment :create Record payment 🔐 {member_id, fee_id, amount, date} {:ok, payment}
Payment :list_by_member Member payment history 🔐 {member_id} [%Payment{}]
Payment :mark_paid Mark as paid 🔐 {id} {:ok, payment}
Invoice :generate Generate invoice 🔐 {member_id, fee_id, period} {:ok, invoice}
Invoice :send Send invoice via email 🔐 {id} {:ok, sent}
Payment :import_vereinfacht Import from vereinfacht.digital 🛡️ {transactions} {:ok, count}

8. Admin Panel & Configuration Endpoints

LiveView Endpoints (NEW)

Mount Purpose Auth Events
/admin Admin dashboard 🛡️ -
/admin/settings Global settings 🛡️ save
/admin/organization Organization profile 🛡️ save
/admin/email-templates Email template editor 🛡️ create, edit, preview
/admin/audit-log System audit log 🛡️ filter, export

Ash Resource Actions (NEW)

Resource Action Purpose Auth Input Output
Setting :get Get setting value 🔐 {key} value
Setting :set Set setting value 🛡️ {key, value} {:ok, setting}
Setting :list List all settings 🛡️ - [%Setting{}]
Organization :read Get organization info 🔐 - %Organization{}
Organization :update Update organization 🛡️ {name, logo, ...} {:ok, org}
AuditLog :list List audit entries 🛡️ {filters, pagination} [%AuditLog{}]

9. Communication & Notifications Endpoints

LiveView Endpoints (NEW)

Mount Purpose Auth Events
/communications Communication history 🔐 new, view
/communications/new Create email broadcast 🔐 select_recipients, preview, send
/notifications User notifications 🔐 mark_read, mark_all_read

Ash Resource Actions (NEW)

Resource Action Purpose Auth Input Output
EmailBroadcast :create Create broadcast 🔐 {subject, body, recipient_filter} {:ok, broadcast}
EmailBroadcast :send Send broadcast 🔐 {id} {:ok, sent_count}
EmailTemplate :create Create template 🛡️ {name, subject, body} {:ok, template}
EmailTemplate :render Render template 🔐 {id, variables} rendered_html
Notification :create Create notification System {user_id, type, message} {:ok, notification}
Notification :list_for_user Get user notifications 🔐 {user_id} [%Notification{}]
Notification :mark_read Mark as read 🔐 {id} {:ok, notification}

10. Reporting & Analytics Endpoints

LiveView Endpoints (NEW)

Mount Purpose Auth Events
/reports Reports dashboard 🔐 generate, schedule
/reports/members Member statistics 🔐 filter, export
/reports/payments Payment reports 🔐 filter, export
/reports/custom Custom report builder 🛡️ build, save, run

Ash Resource Actions (NEW)

Resource Action Purpose Auth Input Output
Report :generate_member_stats Member statistics 🔐 {date_range, filters} Statistics object
Report :generate_payment_stats Payment statistics 🔐 {date_range} Statistics object
Report :export_to_csv Export report to CSV 🔐 {report_type, filters} CSV file
Report :export_to_pdf Export report to PDF 🔐 {report_type, filters} PDF file
Report :schedule Schedule recurring report 🛡️ {report_type, frequency, recipients} {:ok, schedule}

11. Data Import/Export Endpoints

LiveView Endpoints (NEW)

Mount Purpose Auth Events
/import Data import wizard 🛡️ upload, map_fields, preview, import
/export Data export tool 🔐 select_data, configure, export

Ash Resource Actions (NEW)

Resource Action Purpose Auth Input Output
Member :import_csv Import members from CSV 🛡️ {file, field_mapping} {:ok, imported, errors}
Member :validate_import Validate import data 🛡️ {file, field_mapping} {:ok, validation_results}
Member :export_csv Export members to CSV 🔐 {filters} CSV file
Member :export_excel Export members to Excel 🔐 {filters} Excel file
Database :export_backup Full database backup 🛡️ - Backup file
Database :import_backup Restore from backup 🛡️ {file} {:ok, restored}

References: