mirror of
https://github.com/ash-project/ash.git
synced 2024-09-21 22:13:02 +12:00
37755a870b
* Allow field policies to hide private fields * Create option for how to handle private fields * Improve docs
78 lines
1.6 KiB
Elixir
78 lines
1.6 KiB
Elixir
defmodule Ash.Test.Support.PolicyField.Ticket do
|
|
@moduledoc false
|
|
use Ash.Resource,
|
|
domain: Ash.Test.Support.PolicyField.Domain,
|
|
data_layer: Ash.DataLayer.Ets,
|
|
authorizers: [Ash.Policy.Authorizer]
|
|
|
|
ets do
|
|
private? true
|
|
end
|
|
|
|
actions do
|
|
default_accept :*
|
|
defaults [:read, :destroy, create: :*, update: :*]
|
|
end
|
|
|
|
attributes do
|
|
uuid_primary_key :id
|
|
|
|
attribute :top_secret, :string do
|
|
public?(false)
|
|
end
|
|
|
|
attribute :internal_status, :string do
|
|
public?(true)
|
|
end
|
|
|
|
attribute :status, :string do
|
|
public?(true)
|
|
end
|
|
|
|
attribute :name, :string do
|
|
public?(true)
|
|
end
|
|
end
|
|
|
|
relationships do
|
|
belongs_to :representative, Ash.Test.Support.PolicyField.User do
|
|
public?(true)
|
|
allow_nil? false
|
|
end
|
|
|
|
belongs_to :reporter, Ash.Test.Support.PolicyField.User do
|
|
public?(true)
|
|
allow_nil? false
|
|
end
|
|
end
|
|
|
|
policies do
|
|
policy always() do
|
|
authorize_if always()
|
|
end
|
|
end
|
|
|
|
field_policies do
|
|
private_fields :hide
|
|
|
|
field_policy :status do
|
|
authorize_if relates_to_actor_via(:representative)
|
|
authorize_if relates_to_actor_via(:reporter)
|
|
end
|
|
|
|
field_policy :internal_status, actor_attribute_equals(:role, :representative) do
|
|
authorize_if always()
|
|
end
|
|
|
|
field_policy :internal_status, [
|
|
accessing_from(Ash.Test.Support.PolicyField.User, :tickets),
|
|
actor_attribute_equals(:role, :user)
|
|
] do
|
|
authorize_if always()
|
|
end
|
|
|
|
field_policy [:name, :reporter_id, :representative_id] do
|
|
authorize_if always()
|
|
end
|
|
end
|
|
end
|