From 6014b53dd11f5cce05d04faefa2fd0835ba272d2 Mon Sep 17 00:00:00 2001 From: KKlochko Date: Tue, 15 Apr 2025 10:45:49 +0300 Subject: [PATCH] Add policies for Book, BookId, AuthorRole, BookEditionsRegistry, DBI_Server. --- .../metadata/author_role.ex | 44 +++++++++---------- lib/decentralised_book_index/metadata/book.ex | 29 +++++++++++- .../metadata/book_editions_registry.ex | 25 ++++++++++- .../metadata/book_id.ex | 25 ++++++++++- .../metadata/dbi_server.ex | 9 +++- 5 files changed, 106 insertions(+), 26 deletions(-) diff --git a/lib/decentralised_book_index/metadata/author_role.ex b/lib/decentralised_book_index/metadata/author_role.ex index 3ae0806..45eb4b1 100644 --- a/lib/decentralised_book_index/metadata/author_role.ex +++ b/lib/decentralised_book_index/metadata/author_role.ex @@ -8,28 +8,6 @@ defmodule DecentralisedBookIndex.Metadata.AuthorRole do alias DecentralisedBookIndex.Metadata - policies do - bypass actor_attribute_equals(:role, :admin) do - authorize_if always() - end - - policy action_type(:read) do - authorize_if always() - end - - policy action_type(:create) do - authorize_if actor_attribute_equals(:role, :moderator) - end - - policy action_type(:update) do - authorize_if actor_attribute_equals(:role, :moderator) - end - - policy action_type(:destroy) do - authorize_if actor_attribute_equals(:role, :admin) - end - end - json_api do type "author_role" end @@ -97,6 +75,28 @@ defmodule DecentralisedBookIndex.Metadata.AuthorRole do end end + policies do + bypass actor_attribute_equals(:role, :admin) do + authorize_if always() + end + + policy action_type(:read) do + authorize_if always() + end + + policy action_type(:create) do + authorize_if actor_attribute_equals(:role, :moderator) + end + + policy action_type(:update) do + authorize_if actor_attribute_equals(:role, :moderator) + end + + policy action_type(:destroy) do + authorize_if actor_attribute_equals(:role, :moderator) + end + end + attributes do uuid_primary_key :id, writable?: true diff --git a/lib/decentralised_book_index/metadata/book.ex b/lib/decentralised_book_index/metadata/book.ex index 0c1b893..617af96 100644 --- a/lib/decentralised_book_index/metadata/book.ex +++ b/lib/decentralised_book_index/metadata/book.ex @@ -3,7 +3,8 @@ defmodule DecentralisedBookIndex.Metadata.Book do otp_app: :decentralised_book_index, domain: DecentralisedBookIndex.Metadata, data_layer: AshPostgres.DataLayer, - extensions: [AshJsonApi.Resource] + extensions: [AshJsonApi.Resource], + authorizers: [Ash.Policy.Authorizer] require Ash.Query alias DecentralisedBookIndex.Metadata @@ -267,6 +268,32 @@ defmodule DecentralisedBookIndex.Metadata.Book do end end + policies do + bypass actor_attribute_equals(:role, :admin) do + authorize_if always() + end + + policy action_type(:read) do + authorize_if always() + end + + policy action_type(:create) do + authorize_if actor_attribute_equals(:role, :moderator) + end + + policy action_type(:update) do + authorize_if actor_attribute_equals(:role, :moderator) + end + + policy action_type(:destroy) do + authorize_if actor_attribute_equals(:role, :admin) + end + end + + validations do + validate numericality(:page_count, greater_than: 0) + end + attributes do uuid_primary_key :id, writable?: true diff --git a/lib/decentralised_book_index/metadata/book_editions_registry.ex b/lib/decentralised_book_index/metadata/book_editions_registry.ex index 806f008..9894757 100644 --- a/lib/decentralised_book_index/metadata/book_editions_registry.ex +++ b/lib/decentralised_book_index/metadata/book_editions_registry.ex @@ -2,7 +2,8 @@ defmodule DecentralisedBookIndex.Metadata.BookEditionsRegistry do use Ash.Resource, otp_app: :decentralised_book_index, domain: DecentralisedBookIndex.Metadata, - data_layer: AshPostgres.DataLayer + data_layer: AshPostgres.DataLayer, + authorizers: [Ash.Policy.Authorizer] alias DecentralisedBookIndex.Metadata @@ -29,6 +30,28 @@ defmodule DecentralisedBookIndex.Metadata.BookEditionsRegistry do end end + policies do + bypass actor_attribute_equals(:role, :admin) do + authorize_if always() + end + + policy action_type(:read) do + authorize_if always() + end + + policy action_type(:create) do + authorize_if actor_attribute_equals(:role, :moderator) + end + + policy action_type(:update) do + authorize_if actor_attribute_equals(:role, :moderator) + end + + policy action_type(:destroy) do + authorize_if actor_attribute_equals(:role, :moderator) + end + end + attributes do uuid_primary_key :id, writable?: true diff --git a/lib/decentralised_book_index/metadata/book_id.ex b/lib/decentralised_book_index/metadata/book_id.ex index 014949d..62402f7 100644 --- a/lib/decentralised_book_index/metadata/book_id.ex +++ b/lib/decentralised_book_index/metadata/book_id.ex @@ -3,7 +3,8 @@ defmodule DecentralisedBookIndex.Metadata.BookId do otp_app: :decentralised_book_index, domain: DecentralisedBookIndex.Metadata, data_layer: AshPostgres.DataLayer, - extensions: [AshJsonApi.Resource] + extensions: [AshJsonApi.Resource], + authorizers: [Ash.Policy.Authorizer] alias DecentralisedBookIndex.Metadata @@ -40,6 +41,28 @@ defmodule DecentralisedBookIndex.Metadata.BookId do end end + policies do + bypass actor_attribute_equals(:role, :admin) do + authorize_if always() + end + + policy action_type(:read) do + authorize_if always() + end + + policy action_type(:create) do + authorize_if actor_attribute_equals(:role, :moderator) + end + + policy action_type(:update) do + authorize_if actor_attribute_equals(:role, :moderator) + end + + policy action_type(:destroy) do + authorize_if actor_attribute_equals(:role, :moderator) + end + end + attributes do uuid_primary_key :id, writable?: true diff --git a/lib/decentralised_book_index/metadata/dbi_server.ex b/lib/decentralised_book_index/metadata/dbi_server.ex index b7ec07b..de9bf2f 100644 --- a/lib/decentralised_book_index/metadata/dbi_server.ex +++ b/lib/decentralised_book_index/metadata/dbi_server.ex @@ -2,7 +2,8 @@ defmodule DecentralisedBookIndex.Metadata.DBIServer do use Ash.Resource, otp_app: :decentralised_book_index, domain: DecentralisedBookIndex.Metadata, - data_layer: AshPostgres.DataLayer + data_layer: AshPostgres.DataLayer, + authorizers: [Ash.Policy.Authorizer] alias DecentralisedBookIndex.Metadata @@ -31,6 +32,12 @@ defmodule DecentralisedBookIndex.Metadata.DBIServer do end end + policies do + bypass actor_attribute_equals(:role, :admin) do + authorize_if always() + end + end + attributes do uuid_primary_key :id