26 replies

Can't get policies to work with AshGraphql

I have an action,

update_customer_registration

update_customer_registration

, which requires a

Customer

Customer

actor.

My

Customer

Customer

policy looks like this:

policies do
  policy action(:update_customer_registration) do
    authorize_if actor_attribute_equals(:__struct__, __MODULE__)
  end
end

policies do
  policy action(:update_customer_registration) do
    authorize_if actor_attribute_equals(:__struct__, __MODULE__)
  end
end

This works as expected when using the application's Ash API directly:

  customer
  |> Ash.Changeset.new()
  |> Ash.Changeset.for_update(:update_customer_registration, %{contact_name: "Test Name"},
    actor: customer
  )
  |> Corp.Ash.Api.update!()

  customer
  |> Ash.Changeset.new()
  |> Ash.Changeset.for_update(:update_customer_registration, %{contact_name: "Test Name"},
    actor: customer
  )
  |> Corp.Ash.Api.update!()

Setting

actor

actor

nil

nil

, raises an policy error as expected.

However, it doesn't seem to work when going through AshGraphql, when the actor is present:

%{
  "data" => %{"updateCustomerRegistration" => nil},
  "errors" => [%{"code" => "Forbidden", "fields" => [], "locations" => [%{"column" => 5, "line" => 2}], "message" => "forbidden", "path" => ["updateCustomerRegistration"], "short_message" => "forbidden", "vars" => %{}}]
}

%{
  "data" => %{"updateCustomerRegistration" => nil},
  "errors" => [%{"code" => "Forbidden", "fields" => [], "locations" => [%{"column" => 5, "line" => 2}], "message" => "forbidden", "path" => ["updateCustomerRegistration"], "short_message" => "forbidden", "vars" => %{}}]
}

I know the actor is being set correctly with

Ash.PlugHelpers.set_actor()

Ash.PlugHelpers.set_actor()

However, when I change the policy to match on any action (

policy always() do

policy always() do

), it works. There seems to be something specific with specifying the action in the policy that doesn't work with AshGraphql.

Ash Framework•3y ago•

26 replies

moxley

Can't get policies to work with AshGraphql

I have an action,

update_customer_registration

update_customer_registration

, which requires a

Customer

Customer

actor.

My

Customer

Customer

policy looks like this:

policies do
  policy action(:update_customer_registration) do
    authorize_if actor_attribute_equals(:__struct__, __MODULE__)
  end
end

policies do
  policy action(:update_customer_registration) do
    authorize_if actor_attribute_equals(:__struct__, __MODULE__)
  end
end

This works as expected when using the application's Ash API directly:

  customer
  |> Ash.Changeset.new()
  |> Ash.Changeset.for_update(:update_customer_registration, %{contact_name: "Test Name"},
    actor: customer
  )
  |> Corp.Ash.Api.update!()

  customer
  |> Ash.Changeset.new()
  |> Ash.Changeset.for_update(:update_customer_registration, %{contact_name: "Test Name"},
    actor: customer
  )
  |> Corp.Ash.Api.update!()

Setting

actor

actor

nil

nil

, raises an policy error as expected.

However, it doesn't seem to work when going through AshGraphql, when the actor is present:

%{
  "data" => %{"updateCustomerRegistration" => nil},
  "errors" => [%{"code" => "Forbidden", "fields" => [], "locations" => [%{"column" => 5, "line" => 2}], "message" => "forbidden", "path" => ["updateCustomerRegistration"], "short_message" => "forbidden", "vars" => %{}}]
}

%{
  "data" => %{"updateCustomerRegistration" => nil},
  "errors" => [%{"code" => "Forbidden", "fields" => [], "locations" => [%{"column" => 5, "line" => 2}], "message" => "forbidden", "path" => ["updateCustomerRegistration"], "short_message" => "forbidden", "vars" => %{}}]
}

I know the actor is being set correctly with

Ash.PlugHelpers.set_actor()

Ash.PlugHelpers.set_actor()

However, when I change the policy to match on any action (

policy always() do

policy always() do

), it works. There seems to be something specific with specifying the action in the policy that doesn't work with AshGraphql.

Can't get policies to work with AshGraphql

Similar Threads

Can't get policies to work with AshGraphql

Similar Threads

Similar Threads

Similar Threads