CustomFieldValueCreateScope: use get_argument_or_attribute for member_id

- Read member_id via Ash.Changeset.get_argument_or_attribute/2 so it works when set as attribute or argument - Remove unused require Logger - Document member_id source in moduledoc
2026-01-27 15:44:38 +01:00 · 2026-01-27 15:44:38 +01:00 · 5d82769d2d
commit 5d82769d2d
parent ba8c12f3ea
1 changed files with 10 additions and 3 deletions
--- a/lib/mv/authorization/checks/custom_field_value_create_scope.ex
+++ b/lib/mv/authorization/checks/custom_field_value_create_scope.ex
@ -8,6 +8,14 @@ defmodule Mv.Authorization.Checks.CustomFieldValueCreateScope do
  (PermissionSets + :linked/:all) but only implements strict_check, so it
  never adds a filter.
  ## member_id source
  The check reads `member_id` from the create changeset via
  `Ash.Changeset.get_argument_or_attribute/2`, so it works when member_id
  is set as an attribute or as an action argument. The CustomFieldValue
  resource's default create action must accept and require `member_id`
  (e.g. via `default_accept [:value, :member_id, :custom_field_id]`).
  Used in CustomFieldValue policies:
    policy action_type(:create) do
      authorize_if Mv.Authorization.Checks.CustomFieldValueCreateScope
@ -15,7 +23,6 @@ defmodule Mv.Authorization.Checks.CustomFieldValueCreateScope do
  """
  use Ash.Policy.Check
  alias Mv.Authorization.PermissionSets
  require Logger
  @impl true
  def describe(_opts),
@ -53,8 +60,8 @@ defmodule Mv.Authorization.Checks.CustomFieldValueCreateScope do
  defp get_create_member_id(authorizer) do
    changeset = authorizer.changeset || authorizer.subject
-    if changeset && function_exported?(Ash.Changeset, :get_attribute, 2) do
+    if changeset && function_exported?(Ash.Changeset, :get_argument_or_attribute, 2) do
-      Ash.Changeset.get_attribute(changeset, :member_id)
+      Ash.Changeset.get_argument_or_attribute(changeset, :member_id)
    else
      nil
    end