2 replies

Check a policy manually

Is there a way in Ash to check a policy manually?

I want to check if a particular actor has the ability to update a specific resource. I wasn't able to find how to do that.

My use case is I'm creating a resource by passing in a Google Cloud storage signed url and I need to check if the path in the signed url is valid. Right now I have this:

    create :create_with_signed_upload_url do
      argument :signed_upload_url, :string, allow_nil?: false
      change relate_actor(:user)
      change before_action(fn changeset ->
               url = Ash.Changeset.get_argument(changeset, :signed_upload_url)
               {visit_id, filename} = Scribble.Recording.parse_and_validate_gcs_url(url)
               # This should actually be checking if the actor can update the visit
               Scribble.Practice.Visit.get!(visit_id)

               Ash.Changeset.force_change_attributes(
                 changeset,
                 %{url: url, filename: filename, visit_id: visit_id}
               )
             end)

    create :create_with_signed_upload_url do
      argument :signed_upload_url, :string, allow_nil?: false
      change relate_actor(:user)
      change before_action(fn changeset ->
               url = Ash.Changeset.get_argument(changeset, :signed_upload_url)
               {visit_id, filename} = Scribble.Recording.parse_and_validate_gcs_url(url)
               # This should actually be checking if the actor can update the visit
               Scribble.Practice.Visit.get!(visit_id)

               Ash.Changeset.force_change_attributes(
                 changeset,
                 %{url: url, filename: filename, visit_id: visit_id}
               )
             end)

    create :create_with_signed_upload_url do
      argument :signed_upload_url, :string, allow_nil?: false
      change relate_actor(:user)
      change before_action(fn changeset ->
               url = Ash.Changeset.get_argument(changeset, :signed_upload_url)
               {visit_id, filename} = Scribble.Recording.parse_and_validate_gcs_url(url)
               # This should actually be checking if the actor can update the visit
               Scribble.Practice.Visit.get!(visit_id)

               Ash.Changeset.force_change_attributes(
                 changeset,
                 %{url: url, filename: filename, visit_id: visit_id}
               )
             end)

    create :create_with_signed_upload_url do
      argument :signed_upload_url, :string, allow_nil?: false
      change relate_actor(:user)
      change before_action(fn changeset ->
               url = Ash.Changeset.get_argument(changeset, :signed_upload_url)
               {visit_id, filename} = Scribble.Recording.parse_and_validate_gcs_url(url)
               # This should actually be checking if the actor can update the visit
               Scribble.Practice.Visit.get!(visit_id)

               Ash.Changeset.force_change_attributes(
                 changeset,
                 %{url: url, filename: filename, visit_id: visit_id}
               )
             end)

But as the comment notes, I don't want to check if I can read a visit, I want to check if I can update it (ideally without doing an update)

Check a policy manually

Similar Threads

Similar Threads

Similar Threads