4 replies

Accessing_from policy not authorizing read preparation

I got stuck not really understanding how to use accessing_from

I have a read action on my user with this prepare:

 prepare build(load: [organizations: [:projects, :projects_count]])

 prepare build(load: [organizations: [:projects, :projects_count]])

 prepare build(load: [organizations: [:projects, :projects_count]])

 prepare build(load: [organizations: [:projects, :projects_count]])

The organization list gets loaded no problem, but the inner projects is always empty (and the aggregate count is 0) because it does not pass the policy check. When I put authorize if always it does load then.

In the projects resource I have

policy action_type(:read) do
  authorize_if accessing_from(Organization, :organization)
end

policy action_type(:read) do
  authorize_if accessing_from(Organization, :organization)
end

policy action_type(:read) do
  authorize_if accessing_from(Organization, :organization)
end

policy action_type(:read) do
  authorize_if accessing_from(Organization, :organization)
end

And the relationship

belongs_to :organization, Organization, allow_nil?: false, public?: true

belongs_to :organization, Organization, allow_nil?: false, public?: true

belongs_to :organization, Organization, allow_nil?: false, public?: true

belongs_to :organization, Organization, allow_nil?: false, public?: true

In my understanding the accessing from should see that the project is being loaded from the organization (which in turn is being loaded in a prepare from User) and authorize it.

Accessing_from policy not authorizing read preparation

Similar Threads

Similar Threads

Similar Threads