mirror of
https://github.com/ash-project/ash.git
synced 2024-09-20 13:33:20 +12:00
5967ed3a48
* improvement!: use `%Ash.NotSelected{}` for unselected values
* improvement!: default `require_atomic?` to `true`
* improvement!: raise errors on unknown generic action arguments
* improvement!: default bulk strategy to `:atomic`
* improvement!: warnings on `require_atomic?` `true` actions
improvement!: revise `Ash.NotSelected` to `Ash.NotLoaded`
improvement!: errors on unknown action inputs across the board
* doc: clarify wording in notifiers.md
closes #889
* improvement!: default `api.authorization.authorize` to `:by_default`
* improvement!: require the api when constructing changesets
this commit also fixes some work from prior commits around
the default value for the `authorize` option
* improvement!: code_interface.define_for -> code_interface.api
`code_interface.define_for` is now `code_interface.api`. Additionally, it is set automatically if the `api` option is specified on `use Ash.Resource`.
* improvement!: remove registries
* improvement!: pubsub notifier default to `previous_values?: false`
improvement!: requires_original_data? callback defaults to false
* improvement!: rename Ash.Calculation -> Ash.Resource.Calculation
improvement!: improve `Ash.Query.Calculation.new` signature
improvement!: anonymous function calculations now take lists and return lists
improvement!: make callback contexts into structs
improvement!: pass context to builtin lifecycle hook changes
improvement!: calculation arguments are now in the `arguments` key of the context
* chore: fix build
* improvement!: remove `aggregates` and `calculations` from `Filter.parse` and `Filter.parse_input`
* improvement: update spark to 2.0
* improvement!: make picosat_elixir optional with `simple_sat`
* improvement!: rename api to domain
* docs: add more info to upgrading guide
* docs: tweak docs formatting
* improvement!: remove `Ash.Changeset.new!`
* docs: update docs for `Ash.Changeset.new/1`
* improvement!: deprecate `private?: false` in favor of `public?: true`
* doc: add upgrade guide for private -> public
* improvement: update reactor to 3.0
* improvement!: default `default_accept` is now `[]`
* improvement!: `Ash.CiString.new/1` returns `nil` on `nil` input
* improvement!(Ash.Reactor): Improve integration with Ash 3.0 changes.
* improvement!: clean up and reorganize `Ash` functions
this is in preparation of deprecating the functions that are defined
on the api
improvement!: remove context-based functionality
* chore: update docs references from `Ash.Domain` to `Ash`
* chore: fix bad merge
* chore: fix context access in atomic changes
* improvement!: Deprecate calling functions on (domain) api in favor of `Ash`
* improvement!: add `attribute_public?` and update `attribute_writable?` behavior
* improvement!: update atomic behaviors, default to invalid
* chore: update downcase docs
* improvement!: changeset.filters -> changeset.filter
* improvement!: remove deprecated functions
* improvement!: remove and simplify `Ash.Filter.TemplateHelpers`
* improvement: import Ash.Expr in modules where it is used
improvement: require Ash.QUery in modules where it makes sense
* fix!: keyword lists are no longer special cased in ash expressions
* improvement: add structs for more context implementations
* chore: small tweaks, finish `:all` -> `:*` conversion
* chore: update DSL docs for multitenancy.global?
* improvement: ensure selects are applied on destroys
chore: remove TODOs
* chore: some docs changes
* improvement!: introduce strict mode to calculations
* chore: update tests
* improvement: support custom expressions
* docs: document custom expressions
* chore: fix and test custom expressions and function fragments
docs: update relevant docs w/ the changes
* improvement!: reverse order of before action & before transaction hooks
* improvement!: default read actions are now paginatable
* improvement!: require explicit accept lists in default actions
* chore: update docs
* improvement!: remove Ash.Flow and Ash.Engine
* chore: unlock unused deps
* chore: don't use unused variable
* chore: include ash flow change in upgrade guide
* improvement!: standardize various exception keys and names
* improvement!: use `Splode` for errors
* improvement: update upgrade guide to include Splode
* feat: code interface on the domain
* improvement: only require primary key if resource has actions or fields
improvement: only build schema if resource has actions or fields
improvement: verify primary key in its own verifier
* improvement: add `resource/1` builtin check
* improvement!: move simple_notifiers to an option instead of a DSL builder
improvement!: update spark for better autocomplete, configure autocomplete for key functions
docs: replace `an domain` with `a domain`
* improvement: better code interface documentation
* fix: set tenant on query so that root calles to Api.aggreagte work as expected (#929)
* chore: fixes from previous improvements
* chore: update splode
* chore: update splode
* improvement!: swap position of sort order and arguments in calculation sorting
* improvement!: add `include_nil?` aggregate option, and default it to `false`
* improvement: support notifiers within actions
* improvement: support specifying multiple filters
* improvement: add `sortable?` flags to all fields
improvement: support multiple filters on relationships
* improvement: support sensitive? on calculations and arguments
* improvement: validate resources in inputs to code interface
* chore: don't require explicit accept lists when using `default_accept :*`
* chore: update spark
* chore: update public attribute handling per 3.0
* improvement: update reactor and tests
* chore: better error message
* chore: fix rebase issue
* chore: handle merge issues
improvement: don't require domain on relationships if destination has domain
* improvement!: errors on unknown inputs for calculations
* improvement: always choose to cast atomic
* improvement: support casting some embeds atomically
* improvement: various 3.0 updates, documented in upgrade.md
* chore: Add failing tests for loads with with explicit domains. (#948)
Co-authored-by: James Harton <james@harton.nz>
* improvement: ensure non-static dynamic domains works
* improvement: add Ash.ToTenant protocol
* chore: add docs for no ToTenant option
* fix: properly construct new query in `build/3`
* chore: update simple_sat dependency
* chore: don't reselect when missing primary keys
* chore: remove IO.inspect
* chore: update spark
* chore: update spark
* improvement: use `Keyword.put_new` in `Ash.Context.to_opts` (#953)
* improvement: support bulk and atomic operations in code interfaces
---------
Co-authored-by: James Harton <james@harton.nz>
Co-authored-by: WIGGLES <55168935+WIGGLES-dev@users.noreply.github.com>
Co-authored-by: Dmitry Maganov <vonagam@gmail.com>
192 lines
6.2 KiB
Elixir
192 lines
6.2 KiB
Elixir
defmodule Ash.Test.Policy.ComplexTest do
|
|
@doc false
|
|
use ExUnit.Case, async?: false
|
|
require Ash.Query
|
|
|
|
alias Ash.Test.Support.PolicyComplex.{Bio, Comment, Post, User}
|
|
|
|
setup do
|
|
Application.put_env(:ash, :policies, show_policy_breakdowns?: true)
|
|
|
|
on_exit(fn ->
|
|
Application.delete_env(:ash, :policies)
|
|
end)
|
|
|
|
me = User.create!("me", %{email: "me@app.com", bio_text: "this is my bio"}, authorize?: false)
|
|
my_friend = User.create!("my friend", %{email: "my_friend@app.com"}, authorize?: false)
|
|
|
|
a_friend_of_my_friend =
|
|
User.create!("a friend of my friend", %{email: "friends_friend@app.com"}, authorize?: false)
|
|
|
|
User.add_friend!(me, my_friend.id, actor: me, authorize?: false)
|
|
User.add_friend!(my_friend, a_friend_of_my_friend.id, actor: my_friend, authorize?: false)
|
|
post_by_me = Post.create!("post by me", actor: me, authorize?: false)
|
|
post_by_my_friend = Post.create!("post by my friend", actor: my_friend, authorize?: false)
|
|
|
|
post_by_a_friend_of_my_friend =
|
|
Post.create!("post by a friend of my friend",
|
|
actor: a_friend_of_my_friend,
|
|
authorize?: false
|
|
)
|
|
|
|
comment_by_me_on_my_post =
|
|
Comment.create!(post_by_me.id, "comment by me on my own post", actor: me, authorize?: false)
|
|
|
|
comment_by_my_friend_on_my_post =
|
|
Comment.create!(post_by_me.id, "comment by my friend on my",
|
|
actor: my_friend,
|
|
authorize?: false
|
|
)
|
|
|
|
# comment_by_a_friend_of_a_friend_on_my_post =
|
|
Comment.create!(
|
|
post_by_me.id,
|
|
"comment by a friend of a friend on my post",
|
|
actor: a_friend_of_my_friend,
|
|
authorize?: false
|
|
)
|
|
|
|
comment_by_a_friend_of_a_friend_on_his_own_post =
|
|
Comment.create!(
|
|
post_by_a_friend_of_my_friend.id,
|
|
"comment by a friend of a friend on his own post",
|
|
actor: a_friend_of_my_friend,
|
|
authorize?: false
|
|
)
|
|
|
|
comment_by_a_friend_of_a_friend_on_my_friends_post =
|
|
Comment.create!(
|
|
post_by_my_friend.id,
|
|
"comment by a friend of a friend on my friend's post",
|
|
actor: a_friend_of_my_friend,
|
|
authorize?: false
|
|
)
|
|
|
|
[
|
|
me: me,
|
|
my_friend: my_friend,
|
|
post_by_me: post_by_me,
|
|
post_by_my_friend: post_by_my_friend,
|
|
comment_by_me_on_my_post: comment_by_me_on_my_post,
|
|
comment_by_my_friend_on_my_post: comment_by_my_friend_on_my_post,
|
|
comment_by_a_friend_of_a_friend_on_his_own_post:
|
|
comment_by_a_friend_of_a_friend_on_his_own_post,
|
|
comment_by_a_friend_of_a_friend_on_my_friends_post:
|
|
comment_by_a_friend_of_a_friend_on_my_friends_post
|
|
]
|
|
end
|
|
|
|
test "it properly limits on reads", %{
|
|
me: me,
|
|
post_by_me: post_by_me,
|
|
post_by_my_friend: post_by_my_friend
|
|
} do
|
|
assert [post_by_me.id, post_by_my_friend.id] |> Enum.sort() ==
|
|
Post
|
|
|> Ash.read!(actor: me)
|
|
|> Enum.map(& &1.id)
|
|
|> Enum.sort()
|
|
end
|
|
|
|
test "it applies policies from the domain", %{me: me} do
|
|
assert_raise Ash.Error.Forbidden,
|
|
~r/authorize unless: actor.forbidden_by_domain == true | ✓ |/,
|
|
fn ->
|
|
Ash.read!(Post, actor: %{me | forbidden_by_domain: true})
|
|
end
|
|
end
|
|
|
|
test "it properly limits on reads of comments", %{
|
|
me: me,
|
|
comment_by_me_on_my_post: comment_by_me_on_my_post,
|
|
comment_by_my_friend_on_my_post: comment_by_my_friend_on_my_post
|
|
} do
|
|
assert [comment_by_me_on_my_post.id, comment_by_my_friend_on_my_post.id] |> Enum.sort() ==
|
|
Comment
|
|
|> Ash.read!(actor: me)
|
|
|> Enum.map(& &1.id)
|
|
|> Enum.sort()
|
|
end
|
|
|
|
test "it properly scopes filters", %{me: me} do
|
|
assert [_] =
|
|
Post
|
|
|> Ash.Query.filter(comments.text == "comment by a friend of a friend on my post")
|
|
|> Ash.read!(actor: me, authorize?: false)
|
|
|
|
assert [] =
|
|
Post
|
|
|> Ash.Query.filter_input(
|
|
comments: [text: "comment by a friend of a friend on my post"]
|
|
)
|
|
|> Ash.read!(actor: me)
|
|
end
|
|
|
|
test "it properly scopes single loads", %{me: me} do
|
|
assert [%{best_friend: %{name: "me"}}] =
|
|
User
|
|
|> Ash.Query.filter(best_friend.name == "me")
|
|
|> Ash.Query.deselect(:private_email)
|
|
|> Ash.read!(actor: me)
|
|
|> Ash.load!(:best_friend, actor: me)
|
|
end
|
|
|
|
test "aggregates can be loaded and filtered on", %{me: me} do
|
|
Post
|
|
|> Ash.Query.load(:count_of_comments)
|
|
|> Ash.Query.filter(count_of_comments == 10)
|
|
|> Ash.read!(actor: me)
|
|
end
|
|
|
|
test "aggregates join paths are authorized", %{me: me, post_by_me: post_by_me} do
|
|
count_of_commenters_without_authorization =
|
|
Post
|
|
|> Ash.Query.load(:count_of_commenters)
|
|
|> Ash.Query.filter(id == ^post_by_me.id)
|
|
|> Ash.read_one!(authorize?: false)
|
|
|> Map.get(:count_of_commenters)
|
|
|
|
assert count_of_commenters_without_authorization == 3
|
|
|
|
count_of_commenters_with_authorization =
|
|
Post
|
|
|> Ash.Query.load(:count_of_commenters)
|
|
|> Ash.Query.filter(id == ^post_by_me.id)
|
|
|> Ash.read_one!(actor: me)
|
|
|> Map.get(:count_of_commenters)
|
|
|
|
assert count_of_commenters_with_authorization == 2
|
|
end
|
|
|
|
test "aggregates in calculations are authorized", %{me: me} do
|
|
Post
|
|
|> Ash.Query.load([:count_of_comments_calc, :count_of_comments])
|
|
|> Ash.read!(actor: me, authorize?: true)
|
|
end
|
|
|
|
test "data can be loaded without forbidden errors from selecting", %{me: me} do
|
|
users =
|
|
Ash.Test.Support.PolicyComplex.User
|
|
|> Ash.Query.deselect(:private_email)
|
|
|> Ash.read!(actor: me)
|
|
|
|
users
|
|
|> Ash.load!([:posts], actor: me, authorize?: true)
|
|
end
|
|
|
|
test "loading data honors `accessing_from` policies", %{me: me} do
|
|
Ash.load!(me, [:bio], authorize?: true, actor: me)
|
|
me |> User.set_bio!("New bio!", authorize?: true, actor: me)
|
|
|
|
User
|
|
|> Ash.Query.filter(bio == "New bio!")
|
|
|> Ash.Query.deselect(:private_email)
|
|
|> Ash.read_one!(authorize?: true, actor: me)
|
|
|
|
me |> Ash.load!([:bio_text], authorize?: true, actor: me)
|
|
|
|
assert_raise Ash.Error.Forbidden, fn ->
|
|
Ash.read!(Bio, actor: me, authorize?: true)
|
|
end
|
|
end
|
|
end
|