Accessing_from policy not authorizing read preparation

I got stuck not really understanding how to use accessing_from I have a read action on my user with this prepare:

 prepare build(load: [organizations: [:projects, :projects_count]])

 prepare build(load: [organizations: [:projects, :projects_count]])

The organization list gets loaded no problem, but the inner projects is always empty (and the aggregate count is 0) because it does not pass the policy check. When I put authorize if always it does load then. In the projects resource I have

policy action_type(:read) do
  authorize_if accessing_from(Organization, :organization)
end

policy action_type(:read) do
  authorize_if accessing_from(Organization, :organization)
end

And the relationship

belongs_to :organization, Organization, allow_nil?: false, public?: true

belongs_to :organization, Organization, allow_nil?: false, public?: true

In my understanding the accessing from should see that the project is being loaded from the organization (which in turn is being loaded in a prepare from User) and authorize it.

2 Replies

sevenseacat•3mo ago

that policy doesn't look right to me - it should be accessing_from(Organization, :projects) right? https://hexdocs.pm/ash/Ash.Policy.Check.Builtins.html#accessing_from/2 the second arg is the relationship in the resource

giusdpOP•3mo ago

You are my saviour ❤️ I kept using the wrong relationship in my accessing_from without realizing it must be the one from the other resource

Gaming

Programming

Accessing_from policy not authorizing read preparation

Did you find this page helpful?