mirror of
https://github.com/ash-project/ash.git
synced 2024-09-21 14:03:04 +12:00
109 lines
2.4 KiB
Elixir
109 lines
2.4 KiB
Elixir
defmodule Ash.Test.Policy.Actions.BelongsToTest do
|
|
@moduledoc false
|
|
use ExUnit.Case, async: true
|
|
|
|
alias Ash.Test.Domain, as: Domain
|
|
|
|
defmodule Post do
|
|
@moduledoc false
|
|
use Ash.Resource, domain: Domain, data_layer: Ash.DataLayer.Ets
|
|
|
|
ets do
|
|
private?(true)
|
|
end
|
|
|
|
actions do
|
|
default_accept :*
|
|
defaults([:read, :destroy, create: :*, update: :*])
|
|
|
|
update :update_with_reviewer do
|
|
require_atomic? false
|
|
argument :reviewer_id, :uuid, allow_nil?: true
|
|
change manage_relationship(:reviewer_id, :reviewer, type: :append_and_remove)
|
|
end
|
|
end
|
|
|
|
attributes do
|
|
uuid_primary_key :id
|
|
attribute :title, :string, allow_nil?: false, public?: true
|
|
end
|
|
|
|
relationships do
|
|
belongs_to :reviewer, Ash.Test.Policy.Actions.BelongsToTest.Reviewer,
|
|
allow_nil?: true,
|
|
public?: true
|
|
end
|
|
end
|
|
|
|
defmodule Reviewer do
|
|
@moduledoc false
|
|
use Ash.Resource,
|
|
domain: Domain,
|
|
data_layer: Ash.DataLayer.Ets,
|
|
authorizers: [Ash.Policy.Authorizer]
|
|
|
|
ets do
|
|
private?(true)
|
|
end
|
|
|
|
actions do
|
|
default_accept :*
|
|
defaults [:read, :destroy, create: :*, update: :*]
|
|
end
|
|
|
|
attributes do
|
|
uuid_primary_key :id
|
|
attribute :name, :string, allow_nil?: false, public?: true
|
|
end
|
|
|
|
policies do
|
|
policy always() do
|
|
authorize_if never()
|
|
end
|
|
end
|
|
end
|
|
|
|
test "update via manage_relationship fails when :read on related resource is not authorised" do
|
|
reviewer =
|
|
Reviewer
|
|
|> Ash.Changeset.for_create(:create, %{name: "Zach"})
|
|
|> Ash.create!(authorize?: false)
|
|
|
|
post =
|
|
Post
|
|
|> Ash.Changeset.for_create(:create, %{
|
|
title: "A Post"
|
|
})
|
|
|> Ash.create!()
|
|
|
|
assert_raise Ash.Error.Forbidden, fn ->
|
|
post
|
|
|> Ash.Changeset.for_update(:update_with_reviewer, %{
|
|
reviewer_id: reviewer.id
|
|
})
|
|
|> Ash.update!()
|
|
end
|
|
end
|
|
|
|
test "authorize?: false opt is passed through to the action" do
|
|
reviewer =
|
|
Reviewer
|
|
|> Ash.Changeset.for_create(:create, %{name: "Zach"})
|
|
|> Ash.create!(authorize?: false)
|
|
|
|
post =
|
|
Post
|
|
|> Ash.Changeset.for_create(:create, %{
|
|
title: "A Post"
|
|
})
|
|
|> Ash.create!()
|
|
|
|
post
|
|
|> Ash.Changeset.for_update(
|
|
:update_with_reviewer,
|
|
%{reviewer_id: reviewer.id},
|
|
authorize?: false
|
|
)
|
|
|> Ash.update!(authorize?: false)
|
|
end
|
|
end
|