Add policies for AuthorAliasRegistry resource.

lib/decentralised_book_index/metadata/author_alias_registry.ex

@@ -2,7 +2,8 @@ defmodule DecentralisedBookIndex.Metadata.AuthorAliasRegistry do
   use Ash.Resource,
     otp_app: :decentralised_book_index,
     domain: DecentralisedBookIndex.Metadata,
-    data_layer: AshPostgres.DataLayer
+    data_layer: AshPostgres.DataLayer,
+    authorizers: [Ash.Policy.Authorizer]
 
   alias DecentralisedBookIndex.Metadata
 
@@ -29,6 +30,28 @@ defmodule DecentralisedBookIndex.Metadata.AuthorAliasRegistry do
     end
   end
 
+  policies do
+    bypass actor_attribute_equals(:role, :admin) do
+      authorize_if always()
+    end
+
+    policy action_type(:read) do
+      authorize_if always()
+    end
+
+    policy action_type(:create) do
+      authorize_if actor_attribute_equals(:role, :moderator)
+    end
+
+    policy action_type(:update) do
+      authorize_if actor_attribute_equals(:role, :moderator)
+    end
+
+    policy action_type(:destroy) do
+      authorize_if actor_attribute_equals(:role, :moderator)
+    end
+  end
+
   attributes do
     uuid_primary_key :id, writable?: true