Add policies for AuthorAliasRegistry resource.

2 months ago · d004affd74
parent 1d0abee1de
commit d004affd74
1 changed files with 24 additions and 1 deletions
--- a/lib/decentralised_book_index/metadata/author_alias_registry.ex
+++ b/lib/decentralised_book_index/metadata/author_alias_registry.ex
@ -2,7 +2,8 @@ defmodule DecentralisedBookIndex.Metadata.AuthorAliasRegistry do
  use Ash.Resource,
    otp_app: :decentralised_book_index,
    domain: DecentralisedBookIndex.Metadata,
-    data_layer: AshPostgres.DataLayer
+    data_layer: AshPostgres.DataLayer,
+    authorizers: [Ash.Policy.Authorizer]

  alias DecentralisedBookIndex.Metadata

@ -29,6 +30,28 @@ defmodule DecentralisedBookIndex.Metadata.AuthorAliasRegistry do
    end
  end

+  policies do
+    bypass actor_attribute_equals(:role, :admin) do
+      authorize_if always()
+    end
+
+    policy action_type(:read) do
+      authorize_if always()
+    end
+
+    policy action_type(:create) do
+      authorize_if actor_attribute_equals(:role, :moderator)
+    end
+
+    policy action_type(:update) do
+      authorize_if actor_attribute_equals(:role, :moderator)
+    end
+
+    policy action_type(:destroy) do
+      authorize_if actor_attribute_equals(:role, :moderator)
+    end
+  end
+
  attributes do
    uuid_primary_key :id, writable?: true