我正在使用PolicyWonk授权并创建了此策略:
def policy(
%{current_user: current_user, organisation: organisation} = _assigns,
:organisation_view
)
when not is_nil(current_user) and not is_nil(organisation) do
case current_user.organisation_id == organisation.organisation_id do
true -> :ok
_value -> {:error, :forbidden}
end
end
def policy(_assigns, :organisation_view), do: {:error, :forbidden}
我的控制器定义如下:
defmodule MyAppWeb.OrganisationController do
plug(MyAppWeb.Policies, :organisation_view when action in [:show])
def create(conn, %{"organisation" => organisation_params}) do
with {:ok, %Organisation{} = organisation} <- Accounts.create_organisation(organisation_params) do
conn
|> put_status(:created)
|> put_resp_header("location", Routes.organisation_path(conn, :show, organisation))
|> render("show.json", organisation: organisation)
end
end
def show(conn, %{"id" => id}) do
with {:ok, organisation} <- Accounts.find_organisation(%{"id" => id}) do
render(conn, "show.json", organisation: organisation)
end
end
end
我注意到尝试创建组织失败并抛出{:error, :forbidden}元组。该政策仅:show根据我的保护条款影响,但为什么它:create也会影响?