2026-01-06 19:22:57 +01:00
1 changed files with 12 additions and 22 deletions
--- a/lib/mv/authorization/role.ex
+++ b/lib/mv/authorization/role.ex
@ -42,6 +42,11 @@ defmodule Mv.Authorization.Role do
  postgres do
    table "roles"
    repo Mv.Repo
+
+    references do
+      # Prevent deletion of roles that are assigned to users
+      reference :users, on_delete: :restrict
+    end
  end

  code_interface do
@ -75,27 +80,12 @@ defmodule Mv.Authorization.Role do
  end

  validations do
-    validate fn changeset, _context ->
-      permission_set_name = Ash.Changeset.get_attribute(changeset, :permission_set_name)
-
-      if permission_set_name do
-        valid_sets =
-          Mv.Authorization.PermissionSets.all_permission_sets()
-          |> Enum.map(&Atom.to_string/1)
-
-        if permission_set_name in valid_sets do
-          :ok
-        else
-          valid_sets_string = Enum.join(valid_sets, ", ")
-
-          {:error,
-           field: :permission_set_name,
-           message: "Invalid permission set name. Must be one of: #{valid_sets_string}"}
-        end
-      else
-        :ok
-      end
-    end
+    validate one_of(
+               :permission_set_name,
+               Mv.Authorization.PermissionSets.all_permission_sets()
+               |> Enum.map(&Atom.to_string/1)
+             ),
+             message: "must be one of: own_data, read_only, normal_user, admin"

    validate fn changeset, _context ->
               if changeset.action_type == :destroy do
@ -114,7 +104,7 @@ defmodule Mv.Authorization.Role do
  end

  attributes do
-    uuid_primary_key :id
+    uuid_v7_primary_key :id

    attribute :name, :string do
      allow_nil? false