local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 52 Pull requests 2 Projects 1 Releases 4 Packages 1 Activity Actions
mitgliederverwaltung/CHANGELOG.md
Simon 2bb01bd201
All checks were successful
continuous-integration/drone/push Build is passing
Details
Improve UX of join requests and fix minor bugs (#492) 
## Description of the implemented changes
The changes were:
- [x] Bugfixing
- [x] New Feature
- [ ] Breaking Change
- [ ] Refactoring

This PR improves the join-request flow and presentation quality, fixes several data-display issues in join/join-request screens, and adds a usability improvement in global settings (directly opening the join link). It also includes dependency updates and changelog maintenance.

## What has been changed?
- Join form (`JoinLive`) now renders inputs based on actual field types (including checkbox/date/number/email behavior instead of generic text-only handling).
- Join form custom-field labels are resolved from configured custom fields (fallback remains safe if lookup fails).
- Join-request details page (`JoinRequestLive.Show`) now:
  - resolves and shows custom field names instead of raw IDs,
  - formats boolean-like values (`on/true/1`, `off/false/0`) as localized `Yes/No`,
  - formats ISO date strings for better readability,
  - keeps legacy field handling while improving output consistency.
- Join-request detail layout was improved semantically and visually (`dl/dt/dd` structure for label/value rows).
- Global settings page now includes an **Open** button for the join URL (`target="_blank"`, `rel="noopener noreferrer"`, ARIA label).
- Added/updated tests around:
  - join field type rendering,
  - custom field labels in join-request views,
  - related auth/global-settings behavior.
- Updated translations (`default.pot`, `en`, `de`) for new UI strings.
- Updated dependencies/tooling (`mix.lock`, `mix.exs`, CI/renovate-related updates).
- Updated `CHANGELOG.md` entries for unreleased changes.

## Definition of Done
### Code Quality
- [x] No new technical depths
- [x] Linting passed
- [x] Documentation is added were needed

### Accessibility
- [x] New elements are properly defined with html-tags
- [x] Colour contrast follows WCAG criteria
- [x] Aria labels are added when needed
- [x] Everything is accessible by keyboard
- [x] Tab-Order is comprehensible
- [x] All interactive elements have a visible focus

### Testing
- [x] Tests for new code are written
- [ ] All tests pass
- [ ] axe-core dev tools show no critical or major issues

## Additional Notes
- Reviewer focus areas:
  - `lib/mv_web/live/join_live.ex`: input type derivation and custom field lookup strategy (`authorize?: false` read path used intentionally for field metadata).
  - `lib/mv_web/live/join_request_live/show.ex`: value-formatting logic (especially backward compatibility for legacy `form_data` payloads).
  - `lib/mv_web/live/global_settings_live.ex`: external-link behavior and accessibility attributes.
- The branch also contains dependency update commits; please review lockfile and CI-related changes separately from functional join/join-request changes.

Reviewed-on: #492
Co-authored-by: Simon <s.thiessen@local-it.org>
Co-committed-by: Simon <s.thiessen@local-it.org>
2026-05-06 14:34:42 +02:00

7.5 KiB
Raw Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Changed

  • Join request display and settings workflow Improved join request rendering and related settings behavior in one cohesive update:
    • Join request fields now respect their configured field types in the details view.
    • Custom field labels in join request views were standardized.
    • Join request field formatting was corrected for more consistent output.
    • Join link settings now include a direct "Open" action in addition to copy/share workflows.

Fixed

  • Runtime ENV handling Empty or invalid environment variables (e.g. SMTP_PORT=, PORT=, POOL_SIZE=, DATABASE_PORT=) no longer cause ArgumentError at boot. Instead raises clear errors for required vars set but empty (e.g. DATABASE_HOST, PHX_HOST/DOMAIN, SECRET_KEY_BASE).
  • PostgreSQL 18 Docker volume path Corrected the database volume path to match PostgreSQL 18 expectations.

Dependency updates

  • Mix dependencies were updated.
  • Renovate Docker image was updated to v43.165.
  • Rauthy Docker image was updated to v0.35.1.
  • just was updated to v1.50.0.

[1.1.1] - 2026-03-16

Added

  • FORCE_SEEDS Environment variable. When set to "true", bootstrap (and optionally dev) seeds are run even when the admin user already exists, so you can re-apply changed seed data (e.g. new roles or custom fields) without deleting the admin user.
  • Improved OIDC-only mode Admin can enable “Only OIDC sign-in” in settings; when enabled, direct registration is disabled and sign-in page redirects to OIDC when configured.
  • Success toast auto-dismiss Success flash messages (e.g. “Settings saved”) hide automatically after 5 seconds instead of requiring the user to close them.

Changed

  • Seeds run only when needed Bootstrap and dev seeds are skipped on application start when the admin user already exists (Mv.Release.bootstrap_seeds_applied?/0). This avoids duplicate data and speeds up startup in dev and production after the first run. Set FORCE_SEEDS=true to override and re-run.
  • Unauthenticated access Users who are not logged in are redirected to sign-in without showing a “no permission” message; the message is only shown to logged-in users who lack access.

Fixed

  • SMTP configuration Repaired so that both port 587 (TLS/STARTTLS) and 465 (SSL) work correctly.

[1.1.0] - 2026-03-13

Added

  • Browser timezone for datetime display Date/time values (e.g. join request submitted at, approved at, rejected at) are shown in the users local timezone.
  • Registration toggle New global setting to disable direct registration (/register). When disabled, visitors are redirected to sign-in and the register link is hidden; join form remains available.
  • Configurable SMTP in global settings SMTP host, port, user, password, and TLS options configurable via Admin → Global Settings. Test-email action to verify delivery. Join confirmation and other transactional emails use this configuration.
  • Theme and language selector on unauthenticated pages Sign-in and join pages now offer theme (light/dark) and locale (e.g. German/English) controls in the header.
  • Duplicate-email handling for join form If an applicants email is already a member or already has a pending join request, the system sends a clarifying email (already-member or already-pending) and shows the same success message (anti-enumeration).
  • Reviewed-by display for join requests Approval UI shows who reviewed a request via a dedicated display field, without loading the User record.
  • Improved field order and seeds for join request approval Approval screen field order improved; seed data updated for join-form and approval flows.
  • Tests for SMTP mailer configuration Tests for SMTP config and for join confirmation email delivery failure (domain and LiveView).

Changed

  • SMTP settings layout SMTP options reordered and grouped in global settings for clearer configuration.
  • Join confirmation mail Uses configurable SMTP from settings; on delivery failure the join form shows an error and no success message.
  • i18n Gettext catalogs updated for new and changed strings.

Fixed

  • Login page translation Corrected translation/locale handling on the sign-in page.

[1.0.0] and earlier

Added

  • Roles and Permissions System (RBAC) - Complete implementation (#345, 2026-01-08)
    • Four hardcoded permission sets: own_data, read_only, normal_user, admin
    • Database-backed roles with permission set references
    • Member resource policies with scope filtering (:own, :linked, :all)
    • Authorization checks via Mv.Authorization.Checks.HasPermission
    • System role protection (critical roles cannot be deleted)
    • Role management UI at /admin/roles
  • Membership Fees System - Full implementation
    • Membership fee types with intervals (monthly, quarterly, half_yearly, yearly)
    • Individual billing cycles per member with payment status tracking
    • Cycle generation and regeneration
    • Global membership fee settings
    • UI components for fee management
  • Global Settings Management - Singleton settings resource
    • Club name configuration (with environment variable support)
    • Member field visibility settings
    • Membership fee default settings
  • Sidebar Navigation - Replaced navbar with standard-compliant sidebar (#260, 2026-01-12)
  • CSV Import Templates - German and English templates (#329, 2026-01-13)
    • Template files in priv/static/templates/
    • CSV specification documented
  • User-Member linking with fuzzy search autocomplete (#168)
  • PostgreSQL trigram-based member search with typo tolerance
  • WCAG 2.1 AA compliant autocomplete dropdown with ARIA support
  • Bilingual UI (German/English) for member linking workflow
  • Bulk email copy feature - Copy email addresses of selected members to clipboard (#230)
    • Email format: "First Last " with semicolon separator (compatible with email clients)
    • CopyToClipboard JavaScript hook with fallback for older browsers
    • Button shows count of visible selected members (respects search/filter)
    • German/English translations
  • Docker secrets support via _FILE environment variables for all sensitive configuration (SECRET_KEY_BASE, TOKEN_SIGNING_SECRET, OIDC_CLIENT_SECRET, DATABASE_URL, DATABASE_PASSWORD)

Changed

  • Actor Handling Refactoring (2026-01-09)
    • Standardized actor access with current_actor/1 helper function
    • ash_actor_opts/1 helper for consistent authorization options
    • submit_form/3 wrapper for form submissions with actor
    • All Ash operations now properly pass actor parameter
  • Error Handling Improvements (2026-01-13)
    • Replaced Ash.read! with proper error handling in LiveViews
    • Consistent flash message handling for authorization errors
    • Early return patterns for unauthenticated users

Fixed

  • Email validation false positive when linking user and member with identical emails (#168 Problem #4)
  • Relationship data extraction from Ash manage_relationship during validation
  • Copy button count now shows only visible selected members when filtering
  • Language headers in German .po files (corrected from "en" to "de")
  • Critical deny-filter bug in authorization system (2026-01-08)
  • HasPermission auto_filter and strict_check implementation (2026-01-08)