AE
Ash Elixir2y ago
rohan

Check a policy manually

Is there a way in Ash to check a policy manually? I want to check if a particular actor has the ability to update a specific resource. I wasn't able to find how to do that. My use case is I'm creating a resource by passing in a Google Cloud storage signed url and I need to check if the path in the signed url is valid. Right now I have this: 
    create :create_with_signed_upload_url do
      argument :signed_upload_url, :string, allow_nil?: false
      change relate_actor(:user)
      change before_action(fn changeset ->
               url = Ash.Changeset.get_argument(changeset, :signed_upload_url)
               {visit_id, filename} = Scribble.Recording.parse_and_validate_gcs_url(url)
               # This should actually be checking if the actor can update the visit
               Scribble.Practice.Visit.get!(visit_id)

               Ash.Changeset.force_change_attributes(
                 changeset,
                 %{url: url, filename: filename, visit_id: visit_id}
               )
             end)
    create :create_with_signed_upload_url do
      argument :signed_upload_url, :string, allow_nil?: false
      change relate_actor(:user)
      change before_action(fn changeset ->
               url = Ash.Changeset.get_argument(changeset, :signed_upload_url)
               {visit_id, filename} = Scribble.Recording.parse_and_validate_gcs_url(url)
               # This should actually be checking if the actor can update the visit
               Scribble.Practice.Visit.get!(visit_id)

               Ash.Changeset.force_change_attributes(
                 changeset,
                 %{url: url, filename: filename, visit_id: visit_id}
               )
             end)
But as the comment notes, I don't want to check if I can read a visit, I want to check if I can update it (ideally without doing an update)
2 Replies
barnabasj
barnabasj2y ago
You could probably create a Ash.Policy.SimpleCheck https://ash-hq.org/docs/module/ash/latest/ash-policy-simplecheck or maybe if it is only about the URL a Ash.Resource.Validation https://ash-hq.org/docs/module/ash/latest/ash-resource-validation would also work
Ash HQ
Module: Ash.Policy.SimpleCheck
View the documentation for Ash.Policy.SimpleCheck on Ash HQ.
Ash HQ
Module: Ash.Resource.Validation
View the documentation for Ash.Resource.Validation on Ash HQ.
ZachDaniel
ZachDaniel2y ago
There is also Api.can and Api.can?

Did you find this page helpful?