mirror of
https://github.com/ash-project/ash.git
synced 2024-09-20 21:43:02 +12:00
87 lines
2 KiB
Elixir
87 lines
2 KiB
Elixir
|
defmodule Ash.Test.Changeset.AuthorizerTest do
|
||
|
@moduledoc false
|
||
|
use ExUnit.Case, async: false
|
||
|
|
||
|
require Ash.Query
|
||
|
|
||
|
defmodule Post do
|
||
|
use Ash.Resource,
|
||
|
data_layer: Ash.DataLayer.Ets,
|
||
|
authorizers: [
|
||
|
Ash.Test.Authorizer
|
||
|
]
|
||
|
|
||
|
ets do
|
||
|
private? true
|
||
|
end
|
||
|
|
||
|
attributes do
|
||
|
uuid_primary_key :id
|
||
|
|
||
|
attribute :title, :string, allow_nil?: false
|
||
|
end
|
||
|
end
|
||
|
|
||
|
defmodule Api do
|
||
|
use Ash.Api
|
||
|
|
||
|
resources do
|
||
|
resource Post
|
||
|
end
|
||
|
end
|
||
|
|
||
|
describe "strict check can filter results" do
|
||
|
test "a simple filter is applied" do
|
||
|
start_supervised(
|
||
|
{Ash.Test.Authorizer,
|
||
|
strict_check: {:filter, [title: "foo"]}, strict_check_context: [:query]}
|
||
|
)
|
||
|
|
||
|
Post
|
||
|
|> Ash.Changeset.for_create(:create, %{title: "test"})
|
||
|
|> Api.create!()
|
||
|
|
||
|
Post
|
||
|
|> Ash.Changeset.for_create(:create, %{title: "foo"})
|
||
|
|> Api.create!()
|
||
|
|
||
|
assert [%Post{title: "foo"}] = Api.read!(Post, authorize?: true)
|
||
|
end
|
||
|
|
||
|
test "a simple filter can also be applied to changesets" do
|
||
|
start_supervised(
|
||
|
{Ash.Test.Authorizer,
|
||
|
strict_check: {:filter, [title: "foo"]}, strict_check_context: [:query, :changeset]}
|
||
|
)
|
||
|
|
||
|
# Filter always fails on creates
|
||
|
assert_raise Ash.Error.Forbidden, fn ->
|
||
|
Post
|
||
|
|> Ash.Changeset.for_create(:create, %{title: "test"})
|
||
|
|> Api.create!(authorize?: true)
|
||
|
end
|
||
|
|
||
|
good_post =
|
||
|
Post
|
||
|
|> Ash.Changeset.for_create(:create, %{title: "foo"})
|
||
|
|> Api.create!()
|
||
|
|
||
|
bad_post =
|
||
|
Post
|
||
|
|> Ash.Changeset.for_create(:create, %{title: "test"})
|
||
|
|> Api.create!()
|
||
|
|
||
|
# Filters apply to the base data
|
||
|
assert_raise Ash.Error.Forbidden, fn ->
|
||
|
bad_post
|
||
|
|> Ash.Changeset.for_update(:update, %{title: "next"})
|
||
|
|> Api.update!(authorize?: true)
|
||
|
end
|
||
|
|
||
|
good_post
|
||
|
|> Ash.Changeset.for_update(:update, %{title: "next"})
|
||
|
|> Api.update!(authorize?: true)
|
||
|
end
|
||
|
end
|
||
|
end
|