local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

CustomFieldValue Resource Policies closes #369 #377

Merged
moritz merged 12 commits from feature/369_customfieldvalue_policies into main 2026-01-27 16:07:48 +01:00
Conversation 0 Commits 12 Files changed 9 +2
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit bfe9fba2e0 - Show all commits

2
docs/roles-and-permissions-architecture.md
View file

@ -1059,6 +1059,8 @@ end
**Pattern:** Bypass for READ (list queries), CustomFieldValueCreateScope for create (no filter), HasPermission for read/update/destroy. Create uses a dedicated check because Ash cannot apply filters to create actions. **Pattern:** Bypass for READ (list queries), CustomFieldValueCreateScope for create (no filter), HasPermission for read/update/destroy. Create uses a dedicated check because Ash cannot apply filters to create actions.
The bypass `action_type(:read)` is a production-side rule: reading own CFVs (where `member_id == actor.member_id`) is always allowed and overrides Permission-Sets; no further policies are needed for that. It applies to all read actions (get, list, load).
```elixir ```elixir
defmodule Mv.Membership.CustomFieldValue do defmodule Mv.Membership.CustomFieldValue do
use Ash.Resource, ... use Ash.Resource, ...