Add CustomField resource policies and tests

- Add policies block with HasPermission for read/create/update/destroy - Add authorizers: [Ash.Policy.Authorizer] to CustomField resource - Add custom_field_policies_test.exs (read all roles, write admin only) - Fix CustomField path in roles-and-permissions doc (lib/membership)
2026-01-29 12:12:07 +01:00 · 2026-01-29 12:12:07 +01:00 · 36b5d5880b
commit 36b5d5880b
parent ca88a230b9
3 changed files with 203 additions and 12 deletions
--- a/lib/membership/custom_field.ex
+++ b/lib/membership/custom_field.ex
@ -50,7 +50,8 @@ defmodule Mv.Membership.CustomField do
  """
  use Ash.Resource,
    domain: Mv.Membership,
-    data_layer: AshPostgres.DataLayer
+    data_layer: AshPostgres.DataLayer,
+    authorizers: [Ash.Policy.Authorizer]

  postgres do
    table "custom_fields"
@ -79,6 +80,13 @@ defmodule Mv.Membership.CustomField do
    end
  end

+  policies do
+    policy action_type([:read, :create, :update, :destroy]) do
+      description "Check permissions from user's role"
+      authorize_if Mv.Authorization.Checks.HasPermission
+    end
+  end
+
  attributes do
    uuid_primary_key :id