Ash FrameworkAF
Ash Frameworkโ€ข3y agoโ€ข
8 replies
Blibs

Create action commits changes even if return fails due to field policy

Hey @Zach Daniel and @barnabasj j, I noticed a behavior that I'm not sure if it is a rbac bug, an Ash bug or if it is not a bug at all and is by design.

I have a resource that I forgot to add the fields field policy inside my rbac rules. Because of that, when I run the create action from that resource, it will fail with this error when returning the value:

[error] FeedbackCupcake.SmartSentences.SmartSentence.read
Policy Breakdown for selecting or loading fields fields: [:category, :sentiment, :male_content, :female_content, :teacher_id] 
  Bypass: Policy | ๐Ÿ”Ž:
    authorize if: Checks if the actor has the role :admin for field :roles | ? | ๐Ÿ”Ž
  Policy | โ›”:
    forbid if: always true | โœ“ | โ›”


This is expected since I don't have a policy for the fields, and adding something like fields [:*] fixes it.

The problem is that even if my policy fails as shown above, the create function actually ran correctly, and it did create the row inside the DB. For me this seems odd since I would expect the create and read actions to be inside the same transaction, meaning that if there is a policy error when returning the value, the whole transaction should fail (rollback).
Was this page helpful?