Returning success on failure as a security consideration
There are a few cases where I would like to pretend that an action was successful—sometimes regardless of the outcome, sometimes in specific cases. Is there a way to simulate a successful result currently without committing the changeset? Generally to control the response independent of the action result?
Definitely related to https://discord.com/channels/711271361523351632/1089558275873325198
8 Replies
Something like this should do it
You can also do this:
Ah, that second one looks lovely.
In case anybody finds this later, the first one is
Changeset.apply_attributes
The first one definitely makes sense as part of a manual change with control flow involved. Will it work for create actions?Pretty much, yes
But you'd have to do your logic to actually attempt the create
and on failure return the
apply_attributes logicRight, but once I return a changeset with
apply_attributes it should bail out there returning whatever was before?🤔
not sure I undertand
when you do
manual you take over the entire action flow
so wether it not it actually inserts is totally upto you (to do something like call a diferent create action on the resource for example)
well, sorry, you don't take over the "entire action flow"
you are replacing the "commit" step
So returning Ash.Changeset.apply_changes/1 is basically saying "pretend like it happened"Ok, but does the result of a manual action need to have the same shape as the resource is normally expecting, or can it be whatever you want? I guess it should still be a
%App.Resource{} | [%App.Resource{}], depending on the action?Yeah you have to return
{:ok, %Resource{}} in that instanceStill covers a lot of cases that way for doing transformations etc.