brad Comments - Answer Overflow

brad

Posts Comments

AEAsh Elixir

•Created by brad on 5/18/2023 in #support

Multitenancy `global?` authorization question

Enjoy the conference!

7 replies

AEAsh Elixir

•Created by brad on 5/18/2023 in #support

Multitenancy `global?` authorization question

No worries! Thanks for confirming I'm pointed in the right direction 😄

7 replies

AEAsh Elixir

•Created by brad on 5/18/2023 in #support

Multitenancy `global?` authorization question

defmodule ActorBelongsToTenant do
  use Ash.Policy.SimpleCheck

  def describe(_) do
    "actor belongs to tenant (used with multitenancy's `global?`)"
  end

  def match?(user, %{query: %{tenant: org}}, _opts) do
    pass?(user, org)
  end
  def match?(user, %{changeset: %{tenant: org}}, _opts) do
    pass?(user, org)
  end

  defp pass?(_user, nil), do: false
  defp pass?(nil, _org), do: false
  defp pass?(user, org), do: user.org_id == org.id
end

policies do
  policy action([:accept]) do
    authorize_if expr(code == ^arg(:code))
  end

  policy action([:create, :read, :update, :destroy]) do
    forbid_unless ActorBelongsToTenant
    authorize_if UserIsAdmin
  end
end

defmodule ActorBelongsToTenant do
  use Ash.Policy.SimpleCheck

  def describe(_) do
    "actor belongs to tenant (used with multitenancy's `global?`)"
  end

  def match?(user, %{query: %{tenant: org}}, _opts) do
    pass?(user, org)
  end
  def match?(user, %{changeset: %{tenant: org}}, _opts) do
    pass?(user, org)
  end

  defp pass?(_user, nil), do: false
  defp pass?(nil, _org), do: false
  defp pass?(user, org), do: user.org_id == org.id
end

policies do
  policy action([:accept]) do
    authorize_if expr(code == ^arg(:code))
  end

  policy action([:create, :read, :update, :destroy]) do
    forbid_unless ActorBelongsToTenant
    authorize_if UserIsAdmin
  end
end

Is this on the right track?

7 replies

Gaming

Programming