[Refactor] Remove NoActor bypass #367
2 changed files with 14 additions and 31 deletions
|
|
@ -393,25 +393,11 @@ defmodule Mv.Membership.Member do
|
||||||
user_id = user_arg[:id]
|
user_id = user_arg[:id]
|
||||||
current_member_id = changeset.data.id
|
current_member_id = changeset.data.id
|
||||||
|
|
||||||
# Get actor from changeset context for authorization
|
# This is an integrity check, not a user authorization check
|
||||||
# Use system_actor as fallback if no actor is present (for systemic operations)
|
# Use authorize?: false to bypass policies for this internal validation query
|
||||||
actor =
|
# This ensures the validation always works regardless of actor availability
|
||||||
case Map.get(changeset.context || %{}, :actor) do
|
# (consistent with MembershipFeeType destroy validations)
|
||||||
nil -> Mv.Helpers.SystemActor.get_system_actor()
|
case Ash.get(Mv.Accounts.User, user_id, authorize?: false) do
|
||||||
actor -> actor
|
|
||||||
end
|
|
||||||
|
|
||||||
# Check the current state of the user in the database
|
|
||||||
# Check if authorization is disabled in the parent operation's context
|
|
||||||
# Access private context where authorize? flag is stored
|
|
||||||
authorize? =
|
|
||||||
case get_in(changeset.context, [:private, :authorize?]) do
|
|
||||||
false -> false
|
|
||||||
_ -> true
|
|
||||||
end
|
|
||||||
|
|
||||||
# Pass actor and authorize? to ensure proper authorization (User might have policies in future)
|
|
||||||
case Ash.get(Mv.Accounts.User, user_id, actor: actor, authorize?: authorize?) do
|
|
||||||
# User is free to be linked
|
# User is free to be linked
|
||||||
{:ok, %{member_id: nil}} ->
|
{:ok, %{member_id: nil}} ->
|
||||||
:ok
|
:ok
|
||||||
|
|
@ -424,6 +410,9 @@ defmodule Mv.Membership.Member do
|
||||||
# User is linked to a different member - prevent "stealing"
|
# User is linked to a different member - prevent "stealing"
|
||||||
{:error, field: :user, message: "User is already linked to another member"}
|
{:error, field: :user, message: "User is already linked to another member"}
|
||||||
|
|
||||||
|
{:error, %Ash.Error.Query.NotFound{}} ->
|
||||||
|
{:error, field: :user, message: "User not found"}
|
||||||
|
|
||||||
{:error, _} ->
|
{:error, _} ->
|
||||||
{:error, field: :user, message: "User not found"}
|
{:error, field: :user, message: "User not found"}
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -85,13 +85,11 @@ defmodule Mv.MembershipFees.MembershipFeeType do
|
||||||
if changeset.action_type == :destroy do
|
if changeset.action_type == :destroy do
|
||||||
require Ash.Query
|
require Ash.Query
|
||||||
|
|
||||||
# Use system_actor for validation queries (systemic operation)
|
# Integrity check: count members without authorization (systemic operation)
|
||||||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
|
||||||
|
|
||||||
member_count =
|
member_count =
|
||||||
Mv.Membership.Member
|
Mv.Membership.Member
|
||||||
|> Ash.Query.filter(membership_fee_type_id == ^changeset.data.id)
|
|> Ash.Query.filter(membership_fee_type_id == ^changeset.data.id)
|
||||||
|> Ash.count!(actor: system_actor)
|
|> Ash.count!(authorize?: false)
|
||||||
|
|
||||||
if member_count > 0 do
|
if member_count > 0 do
|
||||||
{:error,
|
{:error,
|
||||||
|
|
@ -111,13 +109,11 @@ defmodule Mv.MembershipFees.MembershipFeeType do
|
||||||
if changeset.action_type == :destroy do
|
if changeset.action_type == :destroy do
|
||||||
require Ash.Query
|
require Ash.Query
|
||||||
|
|
||||||
# Use system_actor for validation queries (systemic operation)
|
# Integrity check: count cycles without authorization (systemic operation)
|
||||||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
|
||||||
|
|
||||||
cycle_count =
|
cycle_count =
|
||||||
Mv.MembershipFees.MembershipFeeCycle
|
Mv.MembershipFees.MembershipFeeCycle
|
||||||
|> Ash.Query.filter(membership_fee_type_id == ^changeset.data.id)
|
|> Ash.Query.filter(membership_fee_type_id == ^changeset.data.id)
|
||||||
|> Ash.count!(actor: system_actor)
|
|> Ash.count!(authorize?: false)
|
||||||
|
|
||||||
if cycle_count > 0 do
|
if cycle_count > 0 do
|
||||||
{:error,
|
{:error,
|
||||||
|
|
@ -137,13 +133,11 @@ defmodule Mv.MembershipFees.MembershipFeeType do
|
||||||
if changeset.action_type == :destroy do
|
if changeset.action_type == :destroy do
|
||||||
require Ash.Query
|
require Ash.Query
|
||||||
|
|
||||||
# Use system_actor for validation queries (systemic operation)
|
# Integrity check: count settings without authorization (systemic operation)
|
||||||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
|
||||||
|
|
||||||
setting_count =
|
setting_count =
|
||||||
Mv.Membership.Setting
|
Mv.Membership.Setting
|
||||||
|> Ash.Query.filter(default_membership_fee_type_id == ^changeset.data.id)
|
|> Ash.Query.filter(default_membership_fee_type_id == ^changeset.data.id)
|
||||||
|> Ash.count!(actor: system_actor)
|
|> Ash.count!(authorize?: false)
|
||||||
|
|
||||||
if setting_count > 0 do
|
if setting_count > 0 do
|
||||||
{:error,
|
{:error,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue