Validation: error message admin or linked user; resolve_actor fallback

2026-02-03 15:00:20 +01:00 · 2026-02-03 15:00:20 +01:00 · 60a4181255
commit 60a4181255
parent 4e6b7305b6
4 changed files with 17 additions and 11 deletions
--- a/lib/mv/membership/member/validations/email_change_permission.ex
+++ b/lib/mv/membership/member/validations/email_change_permission.ex
@ -11,7 +11,7 @@ defmodule Mv.Membership.Member.Validations.EmailChangePermission do
  This prevents non-admins from changing another user's linked member email,
  which would sync to that user's account and break email synchronization.

-  No system-actor fallback: missing actor is treated as not allowed.
+  Missing actor is not allowed; the system actor counts as admin (via `Actor.admin?/1`).
  """
  use Ash.Resource.Validation
  use Gettext, backend: MvWeb.Gettext, otp_app: :mv
@ -47,16 +47,22 @@ defmodule Mv.Membership.Member.Validations.EmailChangePermission do
        :ok
      else
        msg =
-          dgettext("default", "Only administrators can change email for members linked to users")
+          dgettext(
+            "default",
+            "Only administrators or the linked user can change the email for members linked to users"
+          )

        {:error, field: :email, message: msg}
      end
    end
  end

-  # Ash stores actor in changeset.context.private.actor; validation context also has .actor
+  # Ash stores actor in changeset.context.private.actor; validation context has .actor; some callsites use context.actor
  defp resolve_actor(changeset, context) do
-    get_in(changeset.context || %{}, [:private, :actor]) ||
+    ctx = changeset.context || %{}
+
+    get_in(ctx, [:private, :actor]) ||
+      Map.get(ctx, :actor) ||
      (context && Map.get(context, :actor))
  end