Moritz
c5f1fdce0a
All checks were successful
continuous-integration/drone/push Build is passing
- Use OidcRoleSyncContext for set_role_from_oidc_sync; document JWT peek risk. - seed_admin without password sets Admin role on existing user (OIDC-only); update docs and test. - Fix DE translation for 'access this page'; add get? true comment in User.
18 lines
655 B
Elixir
18 lines
655 B
Elixir
defmodule Mv.Authorization.Checks.OidcRoleSyncContext do
|
|
@moduledoc """
|
|
Policy check: true when the action is run from OIDC role sync (context.private.oidc_role_sync).
|
|
|
|
Used to allow the internal set_role_from_oidc_sync action only when called by Mv.OidcRoleSync,
|
|
which sets context.private.oidc_role_sync when performing the update.
|
|
"""
|
|
use Ash.Policy.SimpleCheck
|
|
|
|
@impl true
|
|
def describe(_opts), do: "called from OIDC role sync (context.private.oidc_role_sync)"
|
|
|
|
@impl true
|
|
def match?(_actor, authorizer, _opts) do
|
|
context = Map.get(authorizer, :context) || %{}
|
|
get_in(context, [:private, :oidc_role_sync]) == true
|
|
end
|
|
end
|