mirror of
https://github.com/ash-project/ash.git
synced 2024-09-20 13:33:20 +12:00
fix: properly add aggregate authorization everywhere
This commit is contained in:
parent
650205a9bc
commit
9a91937c88
2 changed files with 65 additions and 8 deletions
|
@ -300,6 +300,17 @@ defmodule Ash.Actions.Read do
|
||||||
),
|
),
|
||||||
query <- Map.put(query, :sort, sort),
|
query <- Map.put(query, :sort, sort),
|
||||||
query <- add_select_if_none_exists(query),
|
query <- add_select_if_none_exists(query),
|
||||||
|
query <- %{
|
||||||
|
query
|
||||||
|
| filter:
|
||||||
|
add_calc_context_to_filter(
|
||||||
|
query.filter,
|
||||||
|
opts[:actor],
|
||||||
|
opts[:authorize?],
|
||||||
|
query.tenant,
|
||||||
|
opts[:tracer]
|
||||||
|
)
|
||||||
|
},
|
||||||
pre_authorization_query <- query,
|
pre_authorization_query <- query,
|
||||||
{:ok, query} <- authorize_query(query, opts),
|
{:ok, query} <- authorize_query(query, opts),
|
||||||
query_before_pagination <- query,
|
query_before_pagination <- query,
|
||||||
|
@ -316,7 +327,7 @@ defmodule Ash.Actions.Read do
|
||||||
pre_authorization_query,
|
pre_authorization_query,
|
||||||
opts[:actor],
|
opts[:actor],
|
||||||
query.tenant,
|
query.tenant,
|
||||||
agg_refs(query, data_layer_calculations),
|
agg_refs(query, data_layer_calculations ++ [{nil, query.filter}]),
|
||||||
opts[:authorize?]
|
opts[:authorize?]
|
||||||
),
|
),
|
||||||
data_layer_calculations <-
|
data_layer_calculations <-
|
||||||
|
@ -348,6 +359,14 @@ defmodule Ash.Actions.Read do
|
||||||
filter,
|
filter,
|
||||||
query.tenant
|
query.tenant
|
||||||
),
|
),
|
||||||
|
filter <-
|
||||||
|
add_calc_context_to_filter(
|
||||||
|
filter,
|
||||||
|
opts[:actor],
|
||||||
|
opts[:authorize?],
|
||||||
|
query.tenant,
|
||||||
|
opts[:tracer]
|
||||||
|
),
|
||||||
filter <-
|
filter <-
|
||||||
update_aggregate_filters(
|
update_aggregate_filters(
|
||||||
filter,
|
filter,
|
||||||
|
@ -1036,10 +1055,28 @@ defmodule Ash.Actions.Read do
|
||||||
message: "unhandled calculation in filter statement #{inspect(ref)}"
|
message: "unhandled calculation in filter statement #{inspect(ref)}"
|
||||||
|
|
||||||
%Ash.Query.Ref{attribute: %Ash.Query.Calculation{} = calc} = ref ->
|
%Ash.Query.Ref{attribute: %Ash.Query.Calculation{} = calc} = ref ->
|
||||||
%{
|
calc = add_calc_context(calc, actor, authorize?, tenant, tracer)
|
||||||
ref
|
|
||||||
| attribute: add_calc_context(calc, actor, authorize?, tenant, tracer)
|
if calc.module.has_expression?() do
|
||||||
}
|
{:ok, expr} =
|
||||||
|
Ash.Filter.hydrate_refs(
|
||||||
|
calc.module.expression(calc.opts, calc.context),
|
||||||
|
%{
|
||||||
|
resource: ref.resource,
|
||||||
|
public?: false
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
add_calc_context_to_filter(
|
||||||
|
expr,
|
||||||
|
actor,
|
||||||
|
authorize?,
|
||||||
|
tenant,
|
||||||
|
tracer
|
||||||
|
)
|
||||||
|
else
|
||||||
|
%{ref | attribute: calc}
|
||||||
|
end
|
||||||
|
|
||||||
%Ash.Query.Ref{attribute: %Ash.Query.Aggregate{} = agg} = ref ->
|
%Ash.Query.Ref{attribute: %Ash.Query.Aggregate{} = agg} = ref ->
|
||||||
%{
|
%{
|
||||||
|
@ -1415,7 +1452,18 @@ defmodule Ash.Actions.Read do
|
||||||
}
|
}
|
||||||
|
|
||||||
_ ->
|
_ ->
|
||||||
aggregate
|
%{
|
||||||
|
aggregate
|
||||||
|
| join_filters:
|
||||||
|
add_join_filters(
|
||||||
|
aggregate.join_filters,
|
||||||
|
aggregate.relationship_path,
|
||||||
|
ref.resource ||
|
||||||
|
Ash.Resource.Info.related(resource, ref.relationship_path),
|
||||||
|
relationship_path_filters,
|
||||||
|
ref.relationship_path
|
||||||
|
)
|
||||||
|
}
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
aggregate
|
aggregate
|
||||||
|
@ -2032,7 +2080,16 @@ defmodule Ash.Actions.Read do
|
||||||
}
|
}
|
||||||
|
|
||||||
:error ->
|
:error ->
|
||||||
aggregate
|
%{
|
||||||
|
aggregate
|
||||||
|
| join_filters:
|
||||||
|
add_join_filters(
|
||||||
|
aggregate.join_filters,
|
||||||
|
aggregate.relationship_path,
|
||||||
|
query.resource,
|
||||||
|
path_filters
|
||||||
|
)
|
||||||
|
}
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
aggregate
|
aggregate
|
||||||
|
|
|
@ -1921,7 +1921,7 @@ defmodule Ash.Filter do
|
||||||
include_exists?,
|
include_exists?,
|
||||||
with_references?
|
with_references?
|
||||||
) do
|
) do
|
||||||
if function_exported?(module, :expression, 2) do
|
if module.has_expression?() do
|
||||||
expression = module.expression(opts, context)
|
expression = module.expression(opts, context)
|
||||||
|
|
||||||
case hydrate_refs(expression, %{
|
case hydrate_refs(expression, %{
|
||||||
|
|
Loading…
Reference in a new issue