Add resource policies for Group, MemberGroup, MembershipFeeType, MembershipFeeCycle

- Group/MemberGroup/MembershipFeeType/MembershipFeeCycle: HasPermission policy
- normal_user: Group and MembershipFeeCycle create/update/destroy; pages /groups/new, /groups/:slug/edit
- Add policy tests for all four resources

lib/membership_fees/membership_fee_cycle.ex

@@ -28,7 +28,8 @@ defmodule Mv.MembershipFees.MembershipFeeCycle do
   """
   use Ash.Resource,
     domain: Mv.MembershipFees,
-    data_layer: AshPostgres.DataLayer
+    data_layer: AshPostgres.DataLayer,
+    authorizers: [Ash.Policy.Authorizer]
 
   postgres do
     table "membership_fee_cycles"
@@ -83,6 +84,13 @@ defmodule Mv.MembershipFees.MembershipFeeCycle do
     end
   end
 
+  policies do
+    policy action_type([:read, :create, :update, :destroy]) do
+      description "Check permissions from role (all read; normal_user and admin create/update/destroy)"
+      authorize_if Mv.Authorization.Checks.HasPermission
+    end
+  end
+
   attributes do
     uuid_v7_primary_key :id
 

lib/membership_fees/membership_fee_type.ex

@@ -24,7 +24,8 @@ defmodule Mv.MembershipFees.MembershipFeeType do
   """
   use Ash.Resource,
     domain: Mv.MembershipFees,
-    data_layer: AshPostgres.DataLayer
+    data_layer: AshPostgres.DataLayer,
+    authorizers: [Ash.Policy.Authorizer]
 
   postgres do
     table "membership_fee_types"
@@ -61,6 +62,13 @@ defmodule Mv.MembershipFees.MembershipFeeType do
     end
   end
 
+  policies do
+    policy action_type([:read, :create, :update, :destroy]) do
+      description "Check permissions from role (all can read, only admin can create/update/destroy)"
+      authorize_if Mv.Authorization.Checks.HasPermission
+    end
+  end
+
   validations do
     # Prevent interval changes after creation
     validate fn changeset, _context ->