golang/ent
1
0
Fork 0
mirror of https://github.com/ent/ent.git synced 2026-05-22 09:31:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

example/tenantprivacy: add update/delete-one mutation policy

Browse Source
This commit is contained in:
Ariel Mashraki
2021-01-22 22:45:30 +02:00
committed by Ariel Mashraki
parent f315801779
commit 6ca96fff8b
3 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
examples/privacytenant/ent/schema/group.go
View File

@@ -46,6 +46,10 @@ func (Group) Policy() ent.Policy {
return privacy.Policy{
Mutation: privacy.MutationPolicy{
rule.DenyMismatchedTenants(),
privacy.OnMutationOperation(
rule.FilterTenantRule(),
ent.OpUpdateOne|ent.OpDeleteOne,
),
},
}
}

17
examples/privacytenant/example_test.go
View File

@@ -38,6 +38,7 @@ func Example_PrivacyTenant() {
// User(id=1, name=a8m, foods=[])
// User(id=2, name=nati, foods=[Sushi Burritos])
// Group(id=1, name=entgo.io)
// Group(id=1, name=entgo)
}
func Do(ctx context.Context, client *ent.Client) error {
@@ -88,11 +89,11 @@ func Do(ctx context.Context, client *ent.Client) error {
// the group and the users are connected to the same tenant.
_, err = client.Group.Create().SetName("entgo.io").SetTenant(hub).AddUsers(nati).Save(admin)
if !errors.Is(err, privacy.Deny) {
return fmt.Errorf("expect operatio to fail, since user (nati) is not connected to the same tenant")
return fmt.Errorf("expect operation to fail, since user (nati) is not connected to the same tenant")
}
_, err = client.Group.Create().SetName("entgo.io").SetTenant(hub).AddUsers(nati, a8m).Save(admin)
if !errors.Is(err, privacy.Deny) {
return fmt.Errorf("expect operatio to fail, since some users (nati) are not connected to the same tenant")
return fmt.Errorf("expect operation to fail, since some users (nati) are not connected to the same tenant")
}
entgo, err := client.Group.Create().SetName("entgo.io").SetTenant(hub).AddUsers(a8m).Save(admin)
if err != nil {
@@ -100,5 +101,17 @@ func Do(ctx context.Context, client *ent.Client) error {
}
fmt.Println(entgo)
// Expect operation to fail, because the FilterTenantRule rule makes sure
// that tenants can update and delete their groups.
err = entgo.Update().SetName("fail.go").Exec(labView)
if !ent.IsNotFound(err) {
return fmt.Errorf("expect operation to fail, since the group (entgo) is managed by a different tenant (hub)")
}
entgo, err = entgo.Update().SetName("entgo").Save(hubView)
if err != nil {
return fmt.Errorf("expect operation to pass, but got %v", err)
}
fmt.Println(entgo)
return nil
}

2
examples/privacytenant/rule/rule.go
View File

@@ -40,7 +40,7 @@ func AllowIfAdmin() privacy.QueryMutationRule {
}
// FilterTenantRule is a query rule that filters out entities that are not in the tenant.
func FilterTenantRule() privacy.QueryRule {
func FilterTenantRule() privacy.QueryMutationRule {
type TeamsFilter interface {
WhereHasTenantWith(...predicate.Tenant)
}