Skip to content

Add AmbientContextProviderInterface for Strict strategy#5

Merged
oojacoboo merged 1 commit into
masterfrom
feature/strict-filter-strategy
Apr 16, 2026
Merged

Add AmbientContextProviderInterface for Strict strategy#5
oojacoboo merged 1 commit into
masterfrom
feature/strict-filter-strategy

Conversation

@oojacoboo

Copy link
Copy Markdown
Contributor

Summary

  • Adds AmbientContextProviderInterface — a marker interface for context providers that represent always-on environmental state (e.g., "any role active", "user logged in")
  • Strict strategy now skips ambient providers during coverage checks, preventing universal denial from meta-contexts
  • Fully backward-compatible — existing providers default to being checked

Context

FilterStrategy::Strict denies access when an active context isn't covered by any filter. But meta-contexts like role (always true when authenticated) and user (always true when a user is on the stack) are never listed in filter context: arrays — they'd cause every query to be denied, including managers.

Test plan

  • testStrictAmbientContextIsSkipped — ambient providers active but skipped, no denial
  • testStrictAmbientContextDoesNotMaskUncovered — ambient skipped but non-ambient uncovered context still triggers denial
  • All 48 tests pass

Ambient context providers (e.g., "any role active", "user logged in")
represent always-on environmental state, not discrete access levels.
Strict now skips them during coverage checks, preventing universal
denial from always-active meta-contexts.
@oojacoboo
oojacoboo merged commit d53b437 into master Apr 16, 2026
3 checks passed
@oojacoboo
oojacoboo deleted the feature/strict-filter-strategy branch April 16, 2026 02:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant