test: add test for aggregate field policy (#644)

2024-09-20 05:23:03 +12:00 · 2023-07-10 15:00:55 +02:00 · 2023-07-10 15:00:55 +02:00 · c442d83534
commit c442d83534
parent 1eebedd189
3 changed files with 31 additions and 3 deletions
--- a/lib/ash/actions/helpers.ex
+++ b/lib/ash/actions/helpers.ex
@ -531,7 +531,7 @@ defmodule Ash.Actions.Helpers do
  end

  defp replace_dynamic_loads(record, field, type, %Ash.Changeset{} = changeset)
-       when type in [:attribute, :calculation] do
+       when type in [:attribute, :calculation, :aggregate] do
    query =
      changeset.resource
      |> Ash.Query.new()
@ -541,7 +541,7 @@ defmodule Ash.Actions.Helpers do
  end

  defp replace_dynamic_loads(record, field, type, query)
-       when type in [:attribute, :calculation] do
+       when type in [:attribute, :calculation, :aggregate] do
    query.calculations
    |> Enum.reduce(
      record,
--- a/test/policy/field_policy_test.exs
+++ b/test/policy/field_policy_test.exs
@ -25,7 +25,8 @@ defmodule Ash.Test.Policy.FieldPolicyTest do

  describe "introspection" do
    test "introspection returns field policies" do
-      assert [%Ash.Policy.FieldPolicy{}] = Ash.Policy.Info.field_policies(User)
+      assert [%Ash.Policy.FieldPolicy{}, %Ash.Policy.FieldPolicy{}] =
+               Ash.Policy.Info.field_policies(User)
    end
  end

@ -57,6 +58,18 @@ defmodule Ash.Test.Policy.FieldPolicyTest do
               |> Map.get(:role)
    end

+    test "can load a resource with a forbidden aggregate", %{
+      representative: representative
+    } do
+      assert %Ash.ForbiddenField{field: :ticket_count, type: :aggregate} ==
+               User
+               |> Ash.Query.for_read(:read, authorize?: true, actor: representative)
+               |> Ash.Query.filter(id == ^representative.id)
+               |> Ash.Query.load([:ticket_count])
+               |> Api.read_one!(authorize?: true, actor: representative)
+               |> Map.get(:ticket_count)
+    end
+
    test "when reading as a user that cant see the field, its value is not displayed", %{
      representative: representative,
      user: user
--- a/test/support/policy_field/resources/user.ex
+++ b/test/support/policy_field/resources/user.ex
@ -20,6 +20,17 @@ defmodule Ash.Test.Support.PolicyField.User do
    end
  end

+  relationships do
+    has_many :tickets, Ash.Test.Support.PolicyField.Ticket do
+      source_attribute :id
+      destination_attribute :reporter_id
+    end
+  end
+
+  aggregates do
+    count :ticket_count, :tickets
+  end
+
  policies do
    policy always() do
      authorize_if always()
@ -30,5 +41,9 @@ defmodule Ash.Test.Support.PolicyField.User do
    field_policy :role do
      authorize_if actor_attribute_equals(:role, :representative)
    end
+
+    field_policy :ticket_count do
+      authorize_if actor_attribute_equals(:role, :reporter)
+    end
  end
 end