The final section on policies states that
We can’t combine built-in policy checks, so we’ll have to fall back to writing
an expression, likeexpr(published == true)
, to verify both conditions in the same policy check. We end up with a policy like the following:
policy action_type([:update, :destroy]) do
authorize_if expr(^actor(:role) == :editor and created_by_id == ^actor(:id))
end
Can you please expand on this a bit? Why those cannot be combined? It was stated previously, that simple checks can be combined with filter checks. Also, after some experimenting, I’ve ended up with the following code, which seems to be working:
policy action([:update, :destroy]) do
forbid_unless actor_attribute_equals(:role, :editor)
authorize_if relates_to_actor_via(:created_by)
# Also added permission to work with Albums without creator, just to experiment.
# Wonder is there is a better way:
authorize_if expr(is_nil(created_by_id))
end