From 775564ea1d1c51d7ce06bd3e28fc4ada9c1fe873 Mon Sep 17 00:00:00 2001 From: KKlochko Date: Mon, 14 Apr 2025 22:08:03 +0300 Subject: [PATCH] Add policies for AuthorRole resource. --- .../metadata/author_role.ex | 25 ++++++++++++++++++- .../metadata/author_roles_test.exs | 23 ++++++++++------- 2 files changed, 38 insertions(+), 10 deletions(-) diff --git a/lib/decentralised_book_index/metadata/author_role.ex b/lib/decentralised_book_index/metadata/author_role.ex index 60557cd..3ae0806 100644 --- a/lib/decentralised_book_index/metadata/author_role.ex +++ b/lib/decentralised_book_index/metadata/author_role.ex @@ -3,10 +3,33 @@ defmodule DecentralisedBookIndex.Metadata.AuthorRole do otp_app: :decentralised_book_index, domain: DecentralisedBookIndex.Metadata, data_layer: AshPostgres.DataLayer, - extensions: [AshJsonApi.Resource] + extensions: [AshJsonApi.Resource], + authorizers: [Ash.Policy.Authorizer] alias DecentralisedBookIndex.Metadata + policies do + bypass actor_attribute_equals(:role, :admin) do + authorize_if always() + end + + policy action_type(:read) do + authorize_if always() + end + + policy action_type(:create) do + authorize_if actor_attribute_equals(:role, :moderator) + end + + policy action_type(:update) do + authorize_if actor_attribute_equals(:role, :moderator) + end + + policy action_type(:destroy) do + authorize_if actor_attribute_equals(:role, :admin) + end + end + json_api do type "author_role" end diff --git a/test/decentralised_book_index/metadata/author_roles_test.exs b/test/decentralised_book_index/metadata/author_roles_test.exs index 17ef673..70421d2 100644 --- a/test/decentralised_book_index/metadata/author_roles_test.exs +++ b/test/decentralised_book_index/metadata/author_roles_test.exs @@ -3,11 +3,16 @@ defmodule DecentralisedBookIndex.Metadata.AuthorRolesTest do alias DecentralisedBookIndex.Metadata + setup do + user = generate(user(role: :moderator)) + %{user: user} + end + describe "create action" do - test "an author's role must belongs to an author" do - {:ok, author} = Metadata.create_author("Author", "An description") + test "an author's role must belongs to an author", %{user: user} do + {:ok, author} = Metadata.create_author("Author", "An description", nil, nil, actor: user) - assert {:ok, author_role} = Metadata.create_author_role(author.id, 1, "role") + assert {:ok, author_role} = Metadata.create_author_role(author.id, 1, "role", actor: user) {:ok, author_role} = author_role @@ -16,22 +21,22 @@ defmodule DecentralisedBookIndex.Metadata.AuthorRolesTest do assert author.id == author_role.author_id end - test "an author's role can be blank" do - {:ok, author} = Metadata.create_author("Author", "An description") + test "an author's role can be blank", %{user: user} do + {:ok, author} = Metadata.create_author("Author", "An description", nil, nil, actor: user) - {:ok, author_role} = Metadata.create_author_role(author.id, 1, "") + {:ok, author_role} = Metadata.create_author_role(author.id, 1, "", actor: user) refute author_role.role end end describe "author's avatar image" do - test "update avatar image" do + test "update avatar image", %{user: user} do avatar_url = "/images/avatar.avif" - {:ok, author} = Metadata.create_author("Author", "An description") + {:ok, author} = Metadata.create_author("Author", "An description", nil, nil, actor: user) - assert {:ok, author} = Metadata.assign_author_avatar_image(author, avatar_url) + assert {:ok, author} = Metadata.assign_author_avatar_image(author, avatar_url, actor: user) assert author.avatar_url == avatar_url end