Pass actor parameter through email sync operations

Extract actor from changeset context and pass it to all email sync loader functions to ensure proper authorization when loading linked users and members.
2026-01-09 05:26:02 +01:00 · 2026-01-09 05:26:02 +01:00 · 5ffd2b334e
commit 5ffd2b334e
parent dbd79075f5
3 changed files with 44 additions and 15 deletions
--- a/lib/mv/email_sync/changes/sync_member_email_to_user.ex
+++ b/lib/mv/email_sync/changes/sync_member_email_to_user.ex
@ -41,8 +41,10 @@ defmodule Mv.EmailSync.Changes.SyncMemberEmailToUser do
    Ash.Changeset.around_transaction(changeset, fn cs, callback ->
      result = callback.(cs)

+      actor = Map.get(changeset.context, :actor)
+
      with {:ok, member} <- Helpers.extract_record(result),
-           linked_user <- Loader.get_linked_user(member) do
+           linked_user <- Loader.get_linked_user(member, actor) do
        Helpers.sync_email_to_linked_record(result, linked_user, new_email)
      else
        _ -> result
--- a/lib/mv/email_sync/changes/sync_user_email_to_member.ex
+++ b/lib/mv/email_sync/changes/sync_user_email_to_member.ex
@ -33,7 +33,17 @@ defmodule Mv.EmailSync.Changes.SyncUserEmailToMember do
    if Map.get(context, :syncing_email, false) do
      changeset
    else
-      sync_email(changeset)
+      # Ensure actor is in changeset context - get it from context if available
+      actor = Map.get(changeset.context, :actor) || Map.get(context, :actor)
+
+      changeset_with_actor =
+        if actor && !Map.has_key?(changeset.context, :actor) do
+          Ash.Changeset.put_context(changeset, :actor, actor)
+        else
+          changeset
+        end
+
+      sync_email(changeset_with_actor)
    end
  end

@ -42,7 +52,7 @@ defmodule Mv.EmailSync.Changes.SyncUserEmailToMember do
      result = callback.(cs)

      with {:ok, record} <- Helpers.extract_record(result),
-           {:ok, user, member} <- get_user_and_member(record) do
+           {:ok, user, member} <- get_user_and_member(record, cs) do
        # When called from Member-side, we need to update the member in the result
        # When called from User-side, we update the linked member in DB only
        case record do
@ -61,15 +71,19 @@ defmodule Mv.EmailSync.Changes.SyncUserEmailToMember do
  end

  # Retrieves user and member - works for both resource types
-  defp get_user_and_member(%Mv.Accounts.User{} = user) do
-    case Loader.get_linked_member(user) do
+  defp get_user_and_member(%Mv.Accounts.User{} = user, changeset) do
+    actor = Map.get(changeset.context, :actor)
+
+    case Loader.get_linked_member(user, actor) do
      nil -> {:error, :no_member}
      member -> {:ok, user, member}
    end
  end

-  defp get_user_and_member(%Mv.Membership.Member{} = member) do
-    case Loader.load_linked_user!(member) do
+  defp get_user_and_member(%Mv.Membership.Member{} = member, changeset) do
+    actor = Map.get(changeset.context, :actor)
+
+    case Loader.load_linked_user!(member, actor) do
      {:ok, user} -> {:ok, user, member}
      error -> error
    end