ash/test/support/policy_field/resources/ticket.ex
Tore Pettersen 37755a870b
feat: Allow field policies to hide private fields (#1289)
* Allow field policies to hide private fields

* Create option for how to handle private fields

* Improve docs
2024-07-15 08:16:52 -04:00

78 lines
1.6 KiB
Elixir

defmodule Ash.Test.Support.PolicyField.Ticket do
@moduledoc false
use Ash.Resource,
domain: Ash.Test.Support.PolicyField.Domain,
data_layer: Ash.DataLayer.Ets,
authorizers: [Ash.Policy.Authorizer]
ets do
private? true
end
actions do
default_accept :*
defaults [:read, :destroy, create: :*, update: :*]
end
attributes do
uuid_primary_key :id
attribute :top_secret, :string do
public?(false)
end
attribute :internal_status, :string do
public?(true)
end
attribute :status, :string do
public?(true)
end
attribute :name, :string do
public?(true)
end
end
relationships do
belongs_to :representative, Ash.Test.Support.PolicyField.User do
public?(true)
allow_nil? false
end
belongs_to :reporter, Ash.Test.Support.PolicyField.User do
public?(true)
allow_nil? false
end
end
policies do
policy always() do
authorize_if always()
end
end
field_policies do
private_fields :hide
field_policy :status do
authorize_if relates_to_actor_via(:representative)
authorize_if relates_to_actor_via(:reporter)
end
field_policy :internal_status, actor_attribute_equals(:role, :representative) do
authorize_if always()
end
field_policy :internal_status, [
accessing_from(Ash.Test.Support.PolicyField.User, :tickets),
actor_attribute_equals(:role, :user)
] do
authorize_if always()
end
field_policy [:name, :reporter_id, :representative_id] do
authorize_if always()
end
end
end