3 replies

How to use arguments in policies

I have a

rooms has_many members

rooms has_many members

situation in which I want to authorize joining a room if the user has its invite code, but I can't seem to make it work, even after repeatedly reading through the docs, example apps and source code.

The room resource looks like this:

  policies do
    bypass action_type(:create) do
      authorize_if always()
    end

    bypass action(:join) do
      authorize_if expr(invite_code == ^arg(:invite_code))
    end

    policy always() do
      authorize_if expr(exists(members, id == ^actor(:id)))
    end
  end
...
  actions do
    defaults [:update, :destroy]

    read :read do
      primary? true
    end

    create :create do
      accept [:name]
    end

    update :join do
      argument :name, :string do
        allow_nil? false
      end

      argument :invite_code, :uuid do
        allow_nil? false
      end

      change manage_relationship :name, :members,
        value_is_key: :name,
        type: :create
    end
  end

  policies do
    bypass action_type(:create) do
      authorize_if always()
    end

    bypass action(:join) do
      authorize_if expr(invite_code == ^arg(:invite_code))
    end

    policy always() do
      authorize_if expr(exists(members, id == ^actor(:id)))
    end
  end
...
  actions do
    defaults [:update, :destroy]

    read :read do
      primary? true
    end

    create :create do
      accept [:name]
    end

    update :join do
      argument :name, :string do
        allow_nil? false
      end

      argument :invite_code, :uuid do
        allow_nil? false
      end

      change manage_relationship :name, :members,
        value_is_key: :name,
        type: :create
    end
  end

The member resource authorizes everything:

  policies do
    policy always() do
      authorize_if always()
    end
  end

  actions do
    defaults [:read, :create, :update, :destroy]
  end

  attributes do
    uuid_primary_key :id

    attribute :room_id, :uuid do
      allow_nil? false
    end

    attribute :name, :string do
      allow_nil? false
    end

    timestamps()
  end

  policies do
    policy always() do
      authorize_if always()
    end
  end

  actions do
    defaults [:read, :create, :update, :destroy]
  end

  attributes do
    uuid_primary_key :id

    attribute :room_id, :uuid do
      allow_nil? false
    end

    attribute :name, :string do
      allow_nil? false
    end

    timestamps()
  end

This is what I get when trying to join a room: (message is too long, see attachment)

I'm not sure why it first says Successful authorization and then forbidden. I'm not sure if I'm missing something to make the argument available to the policy, or if I should be using validations instead, or something completely different.

Thanks in advance

message.txt4.22KB

Ash Framework•4y ago•

3 replies

Vanui

How to use arguments in policies

I have a

rooms has_many members

rooms has_many members

  policies do
    bypass action_type(:create) do
      authorize_if always()
    end

    bypass action(:join) do
      authorize_if expr(invite_code == ^arg(:invite_code))
    end

    policy always() do
      authorize_if expr(exists(members, id == ^actor(:id)))
    end
  end
...
  actions do
    defaults [:update, :destroy]

    read :read do
      primary? true
    end

    create :create do
      accept [:name]
    end

    update :join do
      argument :name, :string do
        allow_nil? false
      end

      argument :invite_code, :uuid do
        allow_nil? false
      end

      change manage_relationship :name, :members,
        value_is_key: :name,
        type: :create
    end
  end

  policies do
    bypass action_type(:create) do
      authorize_if always()
    end

    bypass action(:join) do
      authorize_if expr(invite_code == ^arg(:invite_code))
    end

    policy always() do
      authorize_if expr(exists(members, id == ^actor(:id)))
    end
  end
...
  actions do
    defaults [:update, :destroy]

    read :read do
      primary? true
    end

    create :create do
      accept [:name]
    end

    update :join do
      argument :name, :string do
        allow_nil? false
      end

      argument :invite_code, :uuid do
        allow_nil? false
      end

      change manage_relationship :name, :members,
        value_is_key: :name,
        type: :create
    end
  end

The member resource authorizes everything:

  policies do
    policy always() do
      authorize_if always()
    end
  end

  actions do
    defaults [:read, :create, :update, :destroy]
  end

  attributes do
    uuid_primary_key :id

    attribute :room_id, :uuid do
      allow_nil? false
    end

    attribute :name, :string do
      allow_nil? false
    end

    timestamps()
  end

  policies do
    policy always() do
      authorize_if always()
    end
  end

  actions do
    defaults [:read, :create, :update, :destroy]
  end

  attributes do
    uuid_primary_key :id

    attribute :room_id, :uuid do
      allow_nil? false
    end

    attribute :name, :string do
      allow_nil? false
    end

    timestamps()
  end

message.txt4.22KB

How to use arguments in policies

How to use arguments in policies

Similar Threads

Similar Threads

Similar Threads