2023-06-23 04:28:39 +12:00
|
|
|
defmodule Ash.Test.Support.PolicyField.User do
|
2023-06-23 06:19:40 +12:00
|
|
|
@moduledoc false
|
2023-06-23 04:28:39 +12:00
|
|
|
use Ash.Resource,
|
|
|
|
data_layer: Ash.DataLayer.Ets,
|
|
|
|
authorizers: [Ash.Policy.Authorizer]
|
|
|
|
|
|
|
|
ets do
|
|
|
|
private? true
|
|
|
|
end
|
|
|
|
|
|
|
|
actions do
|
|
|
|
defaults [:create, :read, :update, :destroy]
|
|
|
|
end
|
|
|
|
|
|
|
|
attributes do
|
|
|
|
uuid_primary_key :id
|
|
|
|
|
|
|
|
attribute :role, :atom do
|
2023-07-12 02:28:07 +12:00
|
|
|
constraints one_of: [:user, :representative, :admin]
|
2023-06-23 04:28:39 +12:00
|
|
|
end
|
2023-12-14 09:08:39 +13:00
|
|
|
|
|
|
|
attribute :points, :integer do
|
|
|
|
# only you can see your own points
|
|
|
|
end
|
2023-06-23 04:28:39 +12:00
|
|
|
end
|
|
|
|
|
2023-07-11 01:00:55 +12:00
|
|
|
relationships do
|
|
|
|
has_many :tickets, Ash.Test.Support.PolicyField.Ticket do
|
|
|
|
source_attribute :id
|
|
|
|
destination_attribute :reporter_id
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
aggregates do
|
|
|
|
count :ticket_count, :tickets
|
|
|
|
end
|
|
|
|
|
2023-06-23 04:28:39 +12:00
|
|
|
policies do
|
|
|
|
policy always() do
|
|
|
|
authorize_if always()
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
field_policies do
|
2023-07-12 02:28:07 +12:00
|
|
|
field_policy_bypass :* do
|
|
|
|
authorize_if actor_attribute_equals(:role, :admin)
|
|
|
|
end
|
|
|
|
|
2023-06-23 04:28:39 +12:00
|
|
|
field_policy :role do
|
|
|
|
authorize_if actor_attribute_equals(:role, :representative)
|
|
|
|
end
|
2023-07-11 01:00:55 +12:00
|
|
|
|
2023-12-14 09:08:39 +13:00
|
|
|
field_policy :points do
|
|
|
|
authorize_if expr(id == ^actor(:id))
|
|
|
|
end
|
|
|
|
|
2023-09-26 04:13:36 +13:00
|
|
|
field_policy :ticket_count, [
|
|
|
|
actor_attribute_equals(:role, :representative),
|
|
|
|
accessing_from(Ash.Test.Support.PolicyField.Ticket, :reporter)
|
|
|
|
] do
|
|
|
|
authorize_if always()
|
|
|
|
end
|
|
|
|
|
|
|
|
field_policy :ticket_count, actor_attribute_equals(:role, :reporter) do
|
|
|
|
authorize_if always()
|
2023-07-11 01:00:55 +12:00
|
|
|
end
|
2023-06-23 04:28:39 +12:00
|
|
|
end
|
|
|
|
end
|