From 82ec4e565a209e6a66974898342d08f1a332715e Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 6 Jan 2026 18:14:16 +0100 Subject: [PATCH] refactor: use UUIDv7 and improve Role validations - Change id from uuid_primary_key to uuid_v7_primary_key - Replace custom validation with built-in one_of validation - Add explicit on_delete: :restrict for users foreign key - Update postgres references configuration --- lib/mv/authorization/role.ex | 34 ++++++++++++---------------------- 1 file changed, 12 insertions(+), 22 deletions(-) diff --git a/lib/mv/authorization/role.ex b/lib/mv/authorization/role.ex index e5b9795..3397172 100644 --- a/lib/mv/authorization/role.ex +++ b/lib/mv/authorization/role.ex @@ -42,6 +42,11 @@ defmodule Mv.Authorization.Role do postgres do table "roles" repo Mv.Repo + + references do + # Prevent deletion of roles that are assigned to users + reference :users, on_delete: :restrict + end end code_interface do @@ -75,27 +80,12 @@ defmodule Mv.Authorization.Role do end validations do - validate fn changeset, _context -> - permission_set_name = Ash.Changeset.get_attribute(changeset, :permission_set_name) - - if permission_set_name do - valid_sets = - Mv.Authorization.PermissionSets.all_permission_sets() - |> Enum.map(&Atom.to_string/1) - - if permission_set_name in valid_sets do - :ok - else - valid_sets_string = Enum.join(valid_sets, ", ") - - {:error, - field: :permission_set_name, - message: "Invalid permission set name. Must be one of: #{valid_sets_string}"} - end - else - :ok - end - end + validate one_of( + :permission_set_name, + Mv.Authorization.PermissionSets.all_permission_sets() + |> Enum.map(&Atom.to_string/1) + ), + message: "must be one of: own_data, read_only, normal_user, admin" validate fn changeset, _context -> if changeset.action_type == :destroy do @@ -114,7 +104,7 @@ defmodule Mv.Authorization.Role do end attributes do - uuid_primary_key :id + uuid_v7_primary_key :id attribute :name, :string do allow_nil? false