mirror of
https://github.com/ash-project/ash.git
synced 2024-09-21 14:03:04 +12:00
5967ed3a48
* improvement!: use `%Ash.NotSelected{}` for unselected values * improvement!: default `require_atomic?` to `true` * improvement!: raise errors on unknown generic action arguments * improvement!: default bulk strategy to `:atomic` * improvement!: warnings on `require_atomic?` `true` actions improvement!: revise `Ash.NotSelected` to `Ash.NotLoaded` improvement!: errors on unknown action inputs across the board * doc: clarify wording in notifiers.md closes #889 * improvement!: default `api.authorization.authorize` to `:by_default` * improvement!: require the api when constructing changesets this commit also fixes some work from prior commits around the default value for the `authorize` option * improvement!: code_interface.define_for -> code_interface.api `code_interface.define_for` is now `code_interface.api`. Additionally, it is set automatically if the `api` option is specified on `use Ash.Resource`. * improvement!: remove registries * improvement!: pubsub notifier default to `previous_values?: false` improvement!: requires_original_data? callback defaults to false * improvement!: rename Ash.Calculation -> Ash.Resource.Calculation improvement!: improve `Ash.Query.Calculation.new` signature improvement!: anonymous function calculations now take lists and return lists improvement!: make callback contexts into structs improvement!: pass context to builtin lifecycle hook changes improvement!: calculation arguments are now in the `arguments` key of the context * chore: fix build * improvement!: remove `aggregates` and `calculations` from `Filter.parse` and `Filter.parse_input` * improvement: update spark to 2.0 * improvement!: make picosat_elixir optional with `simple_sat` * improvement!: rename api to domain * docs: add more info to upgrading guide * docs: tweak docs formatting * improvement!: remove `Ash.Changeset.new!` * docs: update docs for `Ash.Changeset.new/1` * improvement!: deprecate `private?: false` in favor of `public?: true` * doc: add upgrade guide for private -> public * improvement: update reactor to 3.0 * improvement!: default `default_accept` is now `[]` * improvement!: `Ash.CiString.new/1` returns `nil` on `nil` input * improvement!(Ash.Reactor): Improve integration with Ash 3.0 changes. * improvement!: clean up and reorganize `Ash` functions this is in preparation of deprecating the functions that are defined on the api improvement!: remove context-based functionality * chore: update docs references from `Ash.Domain` to `Ash` * chore: fix bad merge * chore: fix context access in atomic changes * improvement!: Deprecate calling functions on (domain) api in favor of `Ash` * improvement!: add `attribute_public?` and update `attribute_writable?` behavior * improvement!: update atomic behaviors, default to invalid * chore: update downcase docs * improvement!: changeset.filters -> changeset.filter * improvement!: remove deprecated functions * improvement!: remove and simplify `Ash.Filter.TemplateHelpers` * improvement: import Ash.Expr in modules where it is used improvement: require Ash.QUery in modules where it makes sense * fix!: keyword lists are no longer special cased in ash expressions * improvement: add structs for more context implementations * chore: small tweaks, finish `:all` -> `:*` conversion * chore: update DSL docs for multitenancy.global? * improvement: ensure selects are applied on destroys chore: remove TODOs * chore: some docs changes * improvement!: introduce strict mode to calculations * chore: update tests * improvement: support custom expressions * docs: document custom expressions * chore: fix and test custom expressions and function fragments docs: update relevant docs w/ the changes * improvement!: reverse order of before action & before transaction hooks * improvement!: default read actions are now paginatable * improvement!: require explicit accept lists in default actions * chore: update docs * improvement!: remove Ash.Flow and Ash.Engine * chore: unlock unused deps * chore: don't use unused variable * chore: include ash flow change in upgrade guide * improvement!: standardize various exception keys and names * improvement!: use `Splode` for errors * improvement: update upgrade guide to include Splode * feat: code interface on the domain * improvement: only require primary key if resource has actions or fields improvement: only build schema if resource has actions or fields improvement: verify primary key in its own verifier * improvement: add `resource/1` builtin check * improvement!: move simple_notifiers to an option instead of a DSL builder improvement!: update spark for better autocomplete, configure autocomplete for key functions docs: replace `an domain` with `a domain` * improvement: better code interface documentation * fix: set tenant on query so that root calles to Api.aggreagte work as expected (#929) * chore: fixes from previous improvements * chore: update splode * chore: update splode * improvement!: swap position of sort order and arguments in calculation sorting * improvement!: add `include_nil?` aggregate option, and default it to `false` * improvement: support notifiers within actions * improvement: support specifying multiple filters * improvement: add `sortable?` flags to all fields improvement: support multiple filters on relationships * improvement: support sensitive? on calculations and arguments * improvement: validate resources in inputs to code interface * chore: don't require explicit accept lists when using `default_accept :*` * chore: update spark * chore: update public attribute handling per 3.0 * improvement: update reactor and tests * chore: better error message * chore: fix rebase issue * chore: handle merge issues improvement: don't require domain on relationships if destination has domain * improvement!: errors on unknown inputs for calculations * improvement: always choose to cast atomic * improvement: support casting some embeds atomically * improvement: various 3.0 updates, documented in upgrade.md * chore: Add failing tests for loads with with explicit domains. (#948) Co-authored-by: James Harton <james@harton.nz> * improvement: ensure non-static dynamic domains works * improvement: add Ash.ToTenant protocol * chore: add docs for no ToTenant option * fix: properly construct new query in `build/3` * chore: update simple_sat dependency * chore: don't reselect when missing primary keys * chore: remove IO.inspect * chore: update spark * chore: update spark * improvement: use `Keyword.put_new` in `Ash.Context.to_opts` (#953) * improvement: support bulk and atomic operations in code interfaces --------- Co-authored-by: James Harton <james@harton.nz> Co-authored-by: WIGGLES <55168935+WIGGLES-dev@users.noreply.github.com> Co-authored-by: Dmitry Maganov <vonagam@gmail.com>
170 lines
4.2 KiB
Elixir
170 lines
4.2 KiB
Elixir
defmodule Ash.Test.Changeset.AuthorizerTest do
|
|
@moduledoc false
|
|
use ExUnit.Case, async: false
|
|
|
|
require Ash.Query
|
|
|
|
defmodule Post do
|
|
use Ash.Resource,
|
|
data_layer: Ash.DataLayer.Ets,
|
|
authorizers: [
|
|
Ash.Test.Authorizer
|
|
],
|
|
domain: Ash.Test.Changeset.AuthorizerTest.Domain
|
|
|
|
ets do
|
|
private? true
|
|
end
|
|
|
|
actions do
|
|
default_accept :*
|
|
defaults [:read, :destroy, create: :*, update: :*]
|
|
|
|
create :title_is_authorization do
|
|
accept []
|
|
|
|
change fn changeset, context ->
|
|
Ash.Changeset.change_attribute(changeset, :title, context.authorize?)
|
|
end
|
|
end
|
|
end
|
|
|
|
attributes do
|
|
uuid_primary_key :id
|
|
|
|
attribute :title, :string, allow_nil?: false, public?: true
|
|
end
|
|
end
|
|
|
|
defmodule Domain do
|
|
use Ash.Domain, otp_app: :ash
|
|
|
|
resources do
|
|
resource Post
|
|
end
|
|
end
|
|
|
|
describe "authorization options" do
|
|
setup do
|
|
on_exit(fn ->
|
|
Application.delete_env(:ash, Domain)
|
|
end)
|
|
end
|
|
|
|
test "authorize :always authorizes automatically" do
|
|
Application.put_env(:ash, Domain,
|
|
authorization: [
|
|
authorize: :by_default
|
|
]
|
|
)
|
|
|
|
start_supervised({Ash.Test.Authorizer, strict_check: :forbidden})
|
|
|
|
assert_raise Ash.Error.Forbidden, fn ->
|
|
Post
|
|
|> Ash.Changeset.for_create(:create, %{title: "test"})
|
|
|> Ash.create!()
|
|
end
|
|
end
|
|
|
|
test "authorize :by_default authorizes if actor is set" do
|
|
Application.put_env(:ash, Domain,
|
|
authorization: [
|
|
authorize: :by_default
|
|
]
|
|
)
|
|
|
|
start_supervised({Ash.Test.Authorizer, strict_check: :authorized})
|
|
|
|
post =
|
|
Post
|
|
|> Ash.Changeset.for_create(:title_is_authorization, %{}, actor: :an_actor)
|
|
|> Ash.create!()
|
|
|
|
assert post.title == "true"
|
|
end
|
|
|
|
test "require_actor? requires an actor for all requests" do
|
|
Application.put_env(:ash, Domain,
|
|
authorization: [
|
|
require_actor?: true,
|
|
authorize: :by_default
|
|
]
|
|
)
|
|
|
|
start_supervised({Ash.Test.Authorizer, strict_check: :forbidden})
|
|
|
|
assert_raise Ash.Error.Forbidden, fn ->
|
|
Post
|
|
|> Ash.Changeset.for_create(:create, %{title: "test"})
|
|
|> Ash.create!()
|
|
end
|
|
|
|
assert_raise Ash.Error.Forbidden, fn ->
|
|
Post
|
|
|> Ash.Changeset.for_create(:create, %{title: "test"})
|
|
|> Ash.create!(actor: nil)
|
|
end
|
|
|
|
assert_raise Ash.Error.Forbidden, fn ->
|
|
Post
|
|
|> Ash.Changeset.for_create(:create, %{title: "test"}, actor: nil)
|
|
|> Ash.create!()
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "strict check can filter results" do
|
|
test "a simple filter is applied" do
|
|
start_supervised(
|
|
{Ash.Test.Authorizer,
|
|
strict_check: {:filter, [title: "foo"]}, strict_check_context: [:query]}
|
|
)
|
|
|
|
Post
|
|
|> Ash.Changeset.for_create(:create, %{title: "test"})
|
|
|> Ash.create!(authorize?: false)
|
|
|
|
Post
|
|
|> Ash.Changeset.for_create(:create, %{title: "foo"})
|
|
|> Ash.create!(authorize?: false)
|
|
|
|
assert [%Post{title: "foo"}] = Ash.read!(Post, authorize?: true)
|
|
end
|
|
|
|
test "a filter cannot be applied to creates" do
|
|
start_supervised(
|
|
{Ash.Test.Authorizer,
|
|
strict_check: {:filter, [title: "foo"]}, strict_check_context: [:query, :changeset]}
|
|
)
|
|
|
|
# Filter always fails on creates
|
|
assert_raise Ash.Error.Forbidden, fn ->
|
|
Post
|
|
|> Ash.Changeset.for_create(:create, %{title: "test"}, authorize?: true)
|
|
|> Ash.create!()
|
|
end
|
|
|
|
good_post =
|
|
Post
|
|
|> Ash.Changeset.for_create(:create, %{title: "foo"}, authorize?: false)
|
|
|> Ash.create!()
|
|
|
|
bad_post =
|
|
Post
|
|
|> Ash.Changeset.for_create(:create, %{title: "test"}, authorize?: false)
|
|
|> Ash.create!()
|
|
|
|
# Filters apply to the base data
|
|
assert_raise Ash.Error.Forbidden, fn ->
|
|
bad_post
|
|
|> Ash.Changeset.for_update(:update, %{title: "next"}, authorize?: true)
|
|
|> Ash.update!()
|
|
end
|
|
|
|
good_post
|
|
|> Ash.Changeset.for_update(:update, %{title: "next"}, authorize?: true)
|
|
|> Ash.update!()
|
|
end
|
|
end
|
|
end
|