Ash FrameworkAF
Ash Frameworkβ€’3y agoβ€’
11 replies
roberts.gulans

About policies

It seems that policies are not triggered. I found this and tried but without success.

supportNo actor, policy enforcement.

# api code
  authorization do
    authorize :by_default
  end

# organization code
  policies do
    policy always() do
      authorize_if relates_to_actor_via(:users)
    end
  end

# code interface usage
Accounts.Organization.list!()
# [debug] QUERY OK source="acl_organizations" db=3.4ms idle=1311.1ms
#SELECT a0."id", a0."subject" FROM "acl_organizations" AS a0 []

Accounts.Organization.list!(authorize?: true)
# Policy | πŸ”Ž:
#   authorize if: record.users == actor | ✘ | πŸ”Ž

Accounts.Organization.list!(actor: current_user)
# Policy | πŸ”Ž:
#   authorize if: record.users == actor | βœ“ | πŸ”Ž

# NOTE: Query little bit more complex because it has many to many relationship with actor
# [debug] QUERY OK source="acl_organizations" db=6.1ms queue=0.1ms idle=1397.1ms
# SELECT a0."id", a0."subject" FROM "acl_organizations" AS a0 WHERE (exists((SELECT 1 FROM "public"."acl_users" AS sa0 INNER JOIN "public"."acl_organization_user" AS sa1 ON (sa1."user_id" = sa0."id") AND (a0."id" = sa1."organization_id") WHERE (sa0."id"::uuid = $1::uuid)))) ["feeee177-9287-42c7-9bd4-d8372814b75f"]


From examples we can see, that policies are invoked only if i explicitly pass authorize?: true or actor: current_user even tho in api i have defined authorize :by_default
Was this page helpful?