Ash FrameworkAF
Ash Frameworkβ€’5mo agoβ€’
6 replies
Ahrou

Best way to handle actors/roles

Hi everyone! πŸ‘‹

We’re working on a multi-app Phoenix project and could use some advice on unifying authorization actors.

Setup


We have three apps β€” api_web, console_web, and desk_web β€” all sharing the same business logic and Ash resources.

Auth Flow


1. A user authenticates with an Auth.Account (email-based).
2. After login, they choose a role, which becomes their Auth.User.
3. That selected role is the actor.

Current Situation


api_web and console_web β†’ using a custom Auth.Actor struct that mirrors fields from Auth.User.
* console_web specifically β†’ no DB users; here, Auth.Actor just has a 
type
 (admin, support, 
user
) and we allow actions based on it (before checking for any user specific field).
* desk_web β†’ using ash_authentication, with Auth.User as the actor.

Because of this, our shared Ash actions now need to handle both Auth.User and Auth.Actor, which feels messy and wrong.

Question


Is there a recommended way to unify this? Ideally, we’d like a single actor struct that represents both the authenticated Account and the selected 
User
 role, and use it consistently across all apps β€” including the one using ash_authentication.

This is how we have the Phoenix assigns atm:
api_web - just standard Ash.PlugHelpers.set_actor(conn, actor)
desk_web - @current_account (after sign in) and @current_user (after role selector)
console_web - also Ash.PlugHelpers.set_actor(conn, actor) but with another plug that assigns @current_user map with an actor struct inside it
Solution
Gotcha, so normalizing them into a single struct makes perfect sense
Jump to solution
Was this page helpful?