local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 66 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

MembershipFeeCycle: own_data read :linked via bypass and HasPermission scope

Browse source 
- own_data gets read scope :linked; apply_scope in HasPermission; bypass check for own_data.
- PermissionSetsTest expects own_data :linked, others :all for MFC read.
This commit is contained in:
Moritz 2026-02-04 09:20:10 +01:00
parent 890a4d3752
commit 178f5a01c7
6 changed files with 140 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/membership_fees/membership_fee_cycle.ex
View file

@ -84,7 +84,13 @@ defmodule Mv.MembershipFees.MembershipFeeCycle do
end
end
# READ: bypass for own_data (:linked) then HasPermission for :all; create/update/destroy: HasPermission only.
policies do
bypass action_type(:read) do
description "own_data: read only cycles where member_id == actor.member_id"
authorize_if Mv.Authorization.Checks.MembershipFeeCycleReadLinkedForOwnData
end
policy action_type([:read, :create, :update, :destroy]) do
description "Check permissions from role (all read; normal_user and admin create/update/destroy)"
authorize_if Mv.Authorization.Checks.HasPermission