Replace NoActor runtime Mix.env with compile-time config

Use Application.compile_env for release-safety. Config only set in test.exs (defaults to false).
2026-01-22 22:37:04 +01:00 · 2026-01-22 22:37:04 +01:00 · 05c71132e4
commit 05c71132e4
parent 811a276d92
3 changed files with 26 additions and 42 deletions
--- a/lib/mv/authorization/checks/no_actor.ex
+++ b/lib/mv/authorization/checks/no_actor.ex
@ -42,9 +42,9 @@ defmodule Mv.Authorization.Checks.NoActor do
  use Ash.Policy.SimpleCheck

  # Compile-time check: Only allow no-actor bypass in test environment
-  @allow_no_actor_bypass Mix.env() == :test
-  # Alternative (if you want to control via config):
-  # @allow_no_actor_bypass Application.compile_env(:mv, :allow_no_actor_bypass, false)
+  # SECURITY: This must ONLY be true in test.exs, never in prod/dev
+  # Using compile_env instead of Mix.env() for release-safety
+  @allow_no_actor_bypass Application.compile_env(:mv, :allow_no_actor_bypass, false)

  @impl true
  def describe(_opts) do
@ -58,14 +58,9 @@ defmodule Mv.Authorization.Checks.NoActor do
  @impl true
  def match?(nil, _context, _opts) do
    # Actor is nil
-    # Double-check: compile-time AND runtime environment
-    if @allow_no_actor_bypass and Mix.env() == :test do
-      # Test environment: Allow all operations
-      true
-    else
-      # Production/dev: Deny all operations (fail-closed for security)
-      false
-    end
+    # SECURITY: Only allow if compile_env flag is set (test.exs only)
+    # No runtime Mix.env() check - fail-closed by default (false)
+    @allow_no_actor_bypass
  end

  def match?(_actor, _context, _opts) do