mirror of
https://github.com/ash-project/ash.git
synced 2024-09-20 13:33:20 +12:00
b899a6ecf3
Implemented lazy evaluation of individual checks, so that checks that are demonstrably irrelevant when building policies are not checked at all. This will often mean no need to visit the sat solver at all, or only with a very minimal set of filter checks.
48 lines
1.3 KiB
Elixir
48 lines
1.3 KiB
Elixir
defmodule Ash.Test.Authorizer do
|
|
@moduledoc """
|
|
A test authorizer.
|
|
Only works for synchronous engine requests.
|
|
"""
|
|
@behaviour Ash.Authorizer
|
|
|
|
use Agent
|
|
|
|
def start_link(opts) do
|
|
Agent.start_link(
|
|
fn ->
|
|
%{
|
|
strict_check_result: maybe_forbidden(opts[:strict_check]),
|
|
check_result: maybe_forbidden(opts[:check]),
|
|
strict_check_context: opts[:strict_check_context]
|
|
}
|
|
end,
|
|
name: __MODULE__
|
|
)
|
|
end
|
|
|
|
defp maybe_forbidden(:forbidden), do: {:error, Ash.Error.Forbidden.exception([])}
|
|
defp maybe_forbidden(other), do: other
|
|
|
|
def initial_state(_, _, _, _), do: %{}
|
|
def strict_check_context(_), do: get(:strict_check_context, [])
|
|
|
|
def strict_check(state, _),
|
|
do: get(:strict_check_result, :authorized) |> continue(state) |> wrap_authorized(state)
|
|
|
|
def check_context(_), do: []
|
|
|
|
def check(state, _), do: get(:check_result, :authorized) |> continue(state)
|
|
|
|
defp continue(:continue, state), do: {:continue, state}
|
|
defp continue(other, _), do: other
|
|
|
|
defp wrap_authorized(:authorized, state), do: {:authorized, state}
|
|
defp wrap_authorized(other, _), do: other
|
|
|
|
defp get(key, default) do
|
|
Agent.get(__MODULE__, &Map.get(&1, key)) || default
|
|
catch
|
|
:exit, _ ->
|
|
default
|
|
end
|
|
end
|