Fix HasPermission check to handle nil member_id gracefully

2026-01-24 19:13:07 +01:00 · 2026-01-24 19:13:07 +01:00 · d320cdf14e
commit d320cdf14e
parent e30be4c228
1 changed files with 12 additions and 2 deletions
--- a/lib/mv/authorization/checks/has_permission.ex
+++ b/lib/mv/authorization/checks/has_permission.ex
@ -348,12 +348,22 @@ defmodule Mv.Authorization.Checks.HasPermission do
      "Member" ->
        # User.member_id → Member.id (inverse relationship)
        # Filter: member.id == actor.member_id
-        {:filter, expr(id == ^actor.member_id)}
+        # If actor has no member_id, return no results (use false or impossible condition)
+        if is_nil(actor.member_id) do
+          {:filter, expr(false)}
+        else
+          {:filter, expr(id == ^actor.member_id)}
+        end

      "CustomFieldValue" ->
        # CustomFieldValue.member_id → Member.id → User.member_id
        # Filter: custom_field_value.member_id == actor.member_id
-        {:filter, expr(member_id == ^actor.member_id)}
+        # If actor has no member_id, return no results
+        if is_nil(actor.member_id) do
+          {:filter, expr(false)}
+        else
+          {:filter, expr(member_id == ^actor.member_id)}
+        end

      _ ->
        # Fallback for other resources