Docs: document bypass read rule for CustomFieldValue pattern
Some checks reported errors
continuous-integration/drone/push Build was killed
Some checks reported errors
continuous-integration/drone/push Build was killed
- Bypass action_type(:read) is production-side rule: reading own CFVs always allowed, overrides Permission-Sets. Applies to get/list/load.
This commit is contained in:
parent
0219073d33
commit
bfe9fba2e0
1 changed files with 2 additions and 0 deletions
|
|
@ -1059,6 +1059,8 @@ end
|
|||
|
||||
**Pattern:** Bypass for READ (list queries), CustomFieldValueCreateScope for create (no filter), HasPermission for read/update/destroy. Create uses a dedicated check because Ash cannot apply filters to create actions.
|
||||
|
||||
The bypass `action_type(:read)` is a production-side rule: reading own CFVs (where `member_id == actor.member_id`) is always allowed and overrides Permission-Sets; no further policies are needed for that. It applies to all read actions (get, list, load).
|
||||
|
||||
```elixir
|
||||
defmodule Mv.Membership.CustomFieldValue do
|
||||
use Ash.Resource, ...
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue