Ash FrameworkAF
Ash Framework3y ago
6 replies
michaelst

Policy authorizer not applying to read action

I have this policy
policies do
  policy always() do
    authorize_if action(:create)
    authorize_if expr(user_id == ^actor(:id))
  end
end

When I use Api.read on my read action (list) it is not filtering out records from other users. Is there something else I am supposed to configure for it to filter?
Was this page helpful?