mirror of
https://github.com/ash-project/ash.git
synced 2024-09-20 13:33:20 +12:00
60 lines
1.2 KiB
Elixir
60 lines
1.2 KiB
Elixir
defmodule Ash.Test.Policy.StrictConditionTest do
|
|
use ExUnit.Case, async: true
|
|
|
|
defmodule Resource do
|
|
@moduledoc false
|
|
use Ash.Resource, data_layer: Ash.DataLayer.Ets, authorizers: [Ash.Policy.Authorizer]
|
|
|
|
ets do
|
|
private?(true)
|
|
end
|
|
|
|
actions do
|
|
defaults([:create, :read, :update, :destroy])
|
|
end
|
|
|
|
attributes do
|
|
uuid_primary_key :id
|
|
attribute :visible, :boolean, allow_nil?: false
|
|
end
|
|
|
|
policies do
|
|
default_access_type :strict
|
|
|
|
policy [action(:read), expr(visible = true)] do
|
|
authorize_if always()
|
|
end
|
|
end
|
|
end
|
|
|
|
defmodule Api do
|
|
@moduledoc false
|
|
use Ash.Api
|
|
|
|
authorization do
|
|
authorize :by_default
|
|
end
|
|
|
|
resources do
|
|
resource Resource
|
|
end
|
|
end
|
|
|
|
test "condition in strict policy is evaluated" do
|
|
Resource
|
|
|> Ash.Changeset.for_create(:create, %{visible: true}, authorize?: false)
|
|
|> Api.create!()
|
|
|
|
Resource
|
|
|> Ash.Changeset.for_create(:create, %{visible: false}, authorize?: false)
|
|
|> Api.create!()
|
|
|
|
[visible_resource] =
|
|
Resource
|
|
|> Ash.Query.for_read(:read, actor: %{id: "foo"})
|
|
|> Api.read!()
|
|
|> IO.inspect()
|
|
|
|
assert visible_resource.visible == true
|
|
end
|
|
end
|