From d004affd7481442b0ace693d17baa76a26025a44 Mon Sep 17 00:00:00 2001
From: KKlochko <KKlochko@protonmail.com>
Date: Tue, 15 Apr 2025 10:07:57 +0300
Subject: [PATCH] Add policies for AuthorAliasRegistry resource.

---
 .../metadata/author_alias_registry.ex         | 25 ++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/lib/decentralised_book_index/metadata/author_alias_registry.ex b/lib/decentralised_book_index/metadata/author_alias_registry.ex
index 84149f7..dd5555f 100644
--- a/lib/decentralised_book_index/metadata/author_alias_registry.ex
+++ b/lib/decentralised_book_index/metadata/author_alias_registry.ex
@@ -2,7 +2,8 @@ defmodule DecentralisedBookIndex.Metadata.AuthorAliasRegistry do
   use Ash.Resource,
     otp_app: :decentralised_book_index,
     domain: DecentralisedBookIndex.Metadata,
-    data_layer: AshPostgres.DataLayer
+    data_layer: AshPostgres.DataLayer,
+    authorizers: [Ash.Policy.Authorizer]
 
   alias DecentralisedBookIndex.Metadata
 
@@ -29,6 +30,28 @@ defmodule DecentralisedBookIndex.Metadata.AuthorAliasRegistry do
     end
   end
 
+  policies do
+    bypass actor_attribute_equals(:role, :admin) do
+      authorize_if always()
+    end
+
+    policy action_type(:read) do
+      authorize_if always()
+    end
+
+    policy action_type(:create) do
+      authorize_if actor_attribute_equals(:role, :moderator)
+    end
+
+    policy action_type(:update) do
+      authorize_if actor_attribute_equals(:role, :moderator)
+    end
+
+    policy action_type(:destroy) do
+      authorize_if actor_attribute_equals(:role, :moderator)
+    end
+  end
+
   attributes do
     uuid_primary_key :id, writable?: true