Update documentation: Remove NoActor bypass references
This commit is contained in:
parent
0f48a9b15a
commit
d9eb131d96
GPG key ID:
1020A035E5DD0824
5 changed files with 73 additions and 137 deletions
|
|
@ -22,18 +22,13 @@ policies do
|
|||
authorize_if always()
|
||||
end
|
||||
|
||||
# 2. NoActor Bypass (test environment only)
|
||||
bypass action_type([:create, :read, :update, :destroy]) do
|
||||
authorize_if Mv.Authorization.Checks.NoActor
|
||||
end
|
||||
|
||||
# 3. Bypass for READ (list queries via auto_filter)
|
||||
# 2. Bypass for READ (list queries via auto_filter)
|
||||
bypass action_type(:read) do
|
||||
description "Users can always read their own account"
|
||||
authorize_if expr(id == ^actor(:id))
|
||||
end
|
||||
|
||||
# 4. HasPermission for all operations (uses scope from PermissionSets)
|
||||
# 3. HasPermission for all operations (uses scope from PermissionSets)
|
||||
policy action_type([:read, :create, :update, :destroy]) do
|
||||
description "Check permissions from user's role and permission set"
|
||||
authorize_if Mv.Authorization.Checks.HasPermission
|
||||
|
|
@ -51,7 +46,7 @@ end
|
|||
- ✅ CREATE operations (admin only)
|
||||
- ✅ DESTROY operations (admin only)
|
||||
- ✅ AshAuthentication bypass (registration/login)
|
||||
- ✅ NoActor bypass (test environment)
|
||||
- ✅ Tests use system_actor for authorization
|
||||
|
||||
---
|
||||
|
||||
|
|
@ -190,7 +185,7 @@ mix test test/mv/accounts/user_policies_test.exs \
|
|||
|
||||
**Test Environment:**
|
||||
- ✅ Operations without actor work in test environment
|
||||
- ✅ NoActor bypass correctly detects compile-time environment
|
||||
- ✅ All tests explicitly use system_actor for authorization
|
||||
|
||||
---
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue