mirror of
https://github.com/team-alembic/ash_authentication.git
synced 2024-09-19 12:52:55 +12:00
docs: Add policies to the sample User resource, so that data is protected by default (#579)
This commit is contained in:
parent
27f4502aba
commit
b1861249b5
1 changed files with 13 additions and 7 deletions
|
@ -169,7 +169,8 @@ generation enabled.
|
|||
defmodule MyApp.Accounts.User do
|
||||
use Ash.Resource,
|
||||
data_layer: AshPostgres.DataLayer,
|
||||
extensions: [AshAuthentication]
|
||||
extensions: [AshAuthentication],
|
||||
authorizers: [Ash.Policy.Authorizer]
|
||||
|
||||
attributes do
|
||||
uuid_primary_key :id
|
||||
|
@ -204,12 +205,17 @@ defmodule MyApp.Accounts.User do
|
|||
identity :unique_email, [:email]
|
||||
end
|
||||
|
||||
# If using policies, add the folowing bypass:
|
||||
# policies do
|
||||
# bypass AshAuthentication.Checks.AshAuthenticationInteraction do
|
||||
# authorize_if always()
|
||||
# end
|
||||
# end
|
||||
# You can customize this if you wish, but this is a safe default that
|
||||
# only allows user data to be interacted with via AshAuthentication.
|
||||
policies do
|
||||
bypass AshAuthentication.Checks.AshAuthenticationInteraction do
|
||||
authorize_if always()
|
||||
end
|
||||
|
||||
policy always() do
|
||||
forbid_if always()
|
||||
end
|
||||
end
|
||||
end
|
||||
```
|
||||
|
||||
|
|
Loading…
Reference in a new issue