mirror of
https://github.com/ash-project/ash.git
synced 2024-09-20 13:33:20 +12:00
chore: add some defensive coding for policies
This commit is contained in:
parent
d7c8cdd1eb
commit
e9d2d8c575
2 changed files with 64 additions and 64 deletions
|
@ -144,6 +144,7 @@ defmodule Ash.Error.Forbidden.Policy do
|
|||
|
||||
policy_explanation =
|
||||
policies
|
||||
|> Kernel.||([])
|
||||
|> Enum.filter(&relevant?(&1, facts))
|
||||
|> Enum.map(&explain_policy(&1, facts, opts[:success?] || false))
|
||||
|> Enum.intersperse("\n")
|
||||
|
|
|
@ -722,13 +722,10 @@ defmodule Ash.Policy.Authorizer do
|
|||
)
|
||||
when struct in [Ash.Resource.Attribute, Ash.Resource.Aggregate, Ash.Resource.Calculation] do
|
||||
action =
|
||||
Ash.Resource.Info.relationship(parent, relationship_path).read_action ||
|
||||
Map.get(Ash.Resource.Info.relationship(parent, relationship_path) || %{}, :relationship) ||
|
||||
Ash.Resource.Info.primary_action!(resource, :read)
|
||||
|
||||
{expr, acc} =
|
||||
expression_for_ref(resource, name, action, ref, acc)
|
||||
|
||||
{expr, acc}
|
||||
end
|
||||
|
||||
defp do_replace_ref(
|
||||
|
@ -736,9 +733,7 @@ defmodule Ash.Policy.Authorizer do
|
|||
%{stack: [{resource, _path, action} | _]} = acc
|
||||
)
|
||||
when struct in [Ash.Resource.Attribute, Ash.Resource.Aggregate, Ash.Resource.Calculation] do
|
||||
{expr, acc} = expression_for_ref(resource, name, action, ref, acc)
|
||||
|
||||
{expr, acc}
|
||||
expression_for_ref(resource, name, action, ref, acc)
|
||||
end
|
||||
|
||||
defp do_replace_ref(ref, acc) do
|
||||
|
@ -783,6 +778,7 @@ defmodule Ash.Policy.Authorizer do
|
|||
end
|
||||
|
||||
defp field_condition(resource, field, action, acc) do
|
||||
if Ash.Policy.Authorizer in Ash.Resource.Info.authorizers(resource) do
|
||||
{authorizer, acc} =
|
||||
case Map.fetch(acc.authorizers, {resource, action}) do
|
||||
{:ok, authorizer} ->
|
||||
|
@ -845,6 +841,9 @@ defmodule Ash.Policy.Authorizer do
|
|||
{:expr, expr,
|
||||
%{acc | authorizers: Map.put(acc.authorizers, {resource, action}, authorizer)}}
|
||||
end
|
||||
else
|
||||
{:none, acc}
|
||||
end
|
||||
end
|
||||
|
||||
@impl true
|
||||
|
|
Loading…
Reference in a new issue