Update CODE_GUIDELINES for Application.compile_env pattern
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Replace Mix.env example with config-based approach. Remove outdated runtime guard documentation.
This commit is contained in:
parent
f6096e194f
commit
f32324d942
1 changed files with 10 additions and 9 deletions
|
|
@ -1677,16 +1677,16 @@ end
|
|||
**Security Guards:**
|
||||
|
||||
```elixir
|
||||
# Compile-time guard
|
||||
@allow_no_actor_bypass Mix.env() == :test
|
||||
# config/test.exs
|
||||
config :mv, :allow_no_actor_bypass, true
|
||||
|
||||
# Runtime guard (double-check)
|
||||
# lib/mv/authorization/checks/no_actor.ex
|
||||
# Compile-time check from config (release-safe, no Mix.env)
|
||||
@allow_no_actor_bypass Application.compile_env(:mv, :allow_no_actor_bypass, false)
|
||||
|
||||
# Uses compile-time flag only (no runtime Mix.env needed)
|
||||
def match?(nil, _context, _opts) do
|
||||
if @allow_no_actor_bypass and Mix.env() == :test do
|
||||
true # Only in test
|
||||
else
|
||||
false # Production/dev - fail-closed
|
||||
end
|
||||
@allow_no_actor_bypass # true in test, false in prod/dev
|
||||
end
|
||||
```
|
||||
|
||||
|
|
@ -1694,7 +1694,8 @@ end
|
|||
|
||||
- Test fixtures often need to create resources without an actor
|
||||
- Production operations MUST always have an actor for security
|
||||
- The double guard (compile-time + runtime) prevents config drift
|
||||
- Config-based guard (not Mix.env) ensures release-safety
|
||||
- Defaults to `false` (fail-closed) if config not set
|
||||
|
||||
**NEVER Use NoActor in Production:**
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue