local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Shorten User policy comments to state what only

Browse source 
Move why explanations to documentation files.
Keep policy comments concise and focused.
This commit is contained in:
Moritz 2026-01-22 21:36:12 +01:00
parent f1e6a1e9db
commit 797452a76e
1 changed files with 5 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

25
lib/accounts/user.ex
View file

@ -269,46 +269,31 @@ defmodule Mv.Accounts.User do
# Authorization Policies # Authorization Policies
# Order matters: Most specific policies first, then general permission check # Order matters: Most specific policies first, then general permission check
policies do policies do
# ASHAUTHENTICATION BYPASS: Allow authentication actions (registration, login) # AshAuthentication bypass (registration/login without actor)
# These actions are called internally by AshAuthentication and need to bypass
# normal authorization policies. This must come FIRST because User is an
# authentication resource and authentication flows should have priority.
bypass AshAuthentication.Checks.AshAuthenticationInteraction do bypass AshAuthentication.Checks.AshAuthenticationInteraction do
description "Allow AshAuthentication internal operations (registration, login)" description "Allow AshAuthentication internal operations (registration, login)"
authorize_if always() authorize_if always()
end end
# SYSTEM OPERATIONS: Allow CRUD operations without actor (TEST ENVIRONMENT ONLY) # NoActor bypass (test fixtures only, see no_actor.ex)
# In test: All operations allowed (for test fixtures)
# In production/dev: ALL operations denied without actor (fail-closed for security)
# NoActor.check uses compile-time environment detection to prevent security issues
bypass action_type([:create, :read, :update, :destroy]) do bypass action_type([:create, :read, :update, :destroy]) do
description "Allow system operations without actor (test environment only)" description "Allow system operations without actor (test environment only)"
authorize_if Mv.Authorization.Checks.NoActor authorize_if Mv.Authorization.Checks.NoActor
end end
# SPECIAL CASE: Users can always READ their own account # READ bypass for list queries (scope :own via expr)
# This allows users with ANY permission set to read their own user record
# Uses bypass with expr filter to enable auto_filter behavior for reads/lists
# (consistent with Member "always read linked member" pattern)
bypass action_type(:read) do bypass action_type(:read) do
description "Users can always read their own account" description "Users can always read their own account"
authorize_if expr(id == ^actor(:id)) authorize_if expr(id == ^actor(:id))
end end
# GENERAL: Check permissions from user's role # UPDATE/DESTROY via HasPermission (evaluates PermissionSets scope)
# HasPermission handles permissions correctly:
# - :own_data → can update own user (scope :own)
# - :read_only → can update own user (scope :own)
# - :normal_user → can update own user (scope :own)
# - :admin → can read/create/update/destroy all users (scope :all)
policy action_type([:read, :create, :update, :destroy]) do policy action_type([:read, :create, :update, :destroy]) do
description "Check permissions from user's role and permission set" description "Check permissions from user's role and permission set"
authorize_if Mv.Authorization.Checks.HasPermission authorize_if Mv.Authorization.Checks.HasPermission
end end
# DEFAULT: Ash implicitly forbids if no policy authorizes # Default: Ash implicitly forbids if no policy authorizes (fail-closed)
# No explicit forbid needed, as Ash's default behavior is fail-closed
end end
# Global validations - applied to all relevant actions # Global validations - applied to all relevant actions