mirror of
https://github.com/ash-project/ash.git
synced 2024-09-19 21:13:10 +12:00
improvement: allow policy conditions to be applied inside their block
```elixir policy do condition [...] authorize_if ... end ```
This commit is contained in:
parent
3c2f51224a
commit
34d6f229c5
4 changed files with 17 additions and 5 deletions
|
@ -178,7 +178,7 @@ defmodule Ash.Policy.Authorizer do
|
|||
"""
|
||||
]
|
||||
],
|
||||
args: [:condition],
|
||||
args: [{:optional, :condition}],
|
||||
target: Ash.Policy.Policy,
|
||||
no_depend_modules: [:condition],
|
||||
transform: {Ash.Policy.Policy, :transform, []},
|
||||
|
@ -274,7 +274,7 @@ defmodule Ash.Policy.Authorizer do
|
|||
"A check or list of checks that must be true in order for this field policy to apply. If not specified, it always applies."
|
||||
]
|
||||
],
|
||||
args: [:fields, {:optional, :condition, {Ash.Policy.Check.Static, result: true}}],
|
||||
args: [:fields, {:optional, :condition}],
|
||||
target: Ash.Policy.FieldPolicy,
|
||||
transform: {Ash.Policy.FieldPolicy, :transform, []},
|
||||
entities: [
|
||||
|
|
|
@ -16,11 +16,18 @@ defmodule Ash.Policy.FieldPolicy do
|
|||
if Enum.empty?(field_policy.policies) do
|
||||
{:error, "Field policies must have at least one check."}
|
||||
else
|
||||
field_policy =
|
||||
if field_policy.condition in [nil, []] do
|
||||
%{field_policy | condition: [{Ash.Policy.Check.Static, result: true}]}
|
||||
else
|
||||
field_policy
|
||||
end
|
||||
|
||||
{:ok,
|
||||
%{
|
||||
field_policy
|
||||
| policies: Enum.map(field_policy.policies, &set_field_policy_opt/1),
|
||||
condition: Enum.map(List.wrap(field_policy.condition || []), &set_field_policy_opt/1)
|
||||
condition: Enum.map(List.wrap(field_policy.condition), &set_field_policy_opt/1)
|
||||
}}
|
||||
end
|
||||
end
|
||||
|
|
|
@ -54,10 +54,14 @@ defmodule Ash.Policy.Policy do
|
|||
def transform(policy) do
|
||||
if Enum.empty?(policy.policies) do
|
||||
{:error, "Policies must have at least one check."}
|
||||
else
|
||||
if policy.condition in [nil, []] do
|
||||
{:ok, %{policy | condition: [{Ash.Policy.Check.Static, result: true}]}}
|
||||
else
|
||||
{:ok, policy}
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
defp build_requirements_expression(policies, authorizer) do
|
||||
{at_least_one_policy_expression, authorizer} =
|
||||
|
|
|
@ -45,7 +45,8 @@ defmodule Ash.Test.Actions.AggregateTest do
|
|||
end
|
||||
|
||||
policies do
|
||||
policy always() do
|
||||
policy do
|
||||
condition(always())
|
||||
authorize_if expr(public == true)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue