Add policies for Publisher resource.

2 months ago · 12c805c0bf
parent 840549dd66
commit 12c805c0bf
1 changed files with 24 additions and 1 deletions
--- a/lib/decentralised_book_index/metadata/publisher.ex
+++ b/lib/decentralised_book_index/metadata/publisher.ex
@ -3,11 +3,34 @@ defmodule DecentralisedBookIndex.Metadata.Publisher do
    otp_app: :decentralised_book_index,
    domain: DecentralisedBookIndex.Metadata,
    data_layer: AshPostgres.DataLayer,
-    extensions: [AshJsonApi.Resource]
+    extensions: [AshJsonApi.Resource],
+    authorizers: [Ash.Policy.Authorizer]

  require Ash.Query
  alias DecentralisedBookIndex.Metadata

+  policies do
+    bypass actor_attribute_equals(:role, :admin) do
+      authorize_if always()
+    end
+
+    policy action_type(:read) do
+      authorize_if always()
+    end
+
+    policy action_type(:create) do
+      authorize_if actor_attribute_equals(:role, :moderator)
+    end
+
+    policy action_type(:update) do
+      authorize_if actor_attribute_equals(:role, :moderator)
+    end
+
+    policy action_type(:destroy) do
+      authorize_if actor_attribute_equals(:role, :admin)
+    end
+  end
+
  json_api do
    type "publisher"
  end