How to allow only one action and forbid all others by default in policy?
From the doc when multiple policies apply to the same request, all applicable policies must pass for the action to be authorized.
I have a policy for the :profile read action, that is available only for the current actor:
I want all the other actions to be forbidden by default. How can I achieve that? I tried this, but in that case I won't be able to reach the :profile action.
I suspect that instead of having a policy, I should have a
I have a policy for the :profile read action, that is available only for the current actor:
I want all the other actions to be forbidden by default. How can I achieve that? I tried this, but in that case I won't be able to reach the :profile action.
I suspect that instead of having a policy, I should have a
bypassprofileSolution
forbid is the default, if no policy block applies to the action, so you can just remove this one
The Elixir backend framework for unparalleled productivity. Declarative tools that let you stop wasting time. Use with Phoenix LiveView or build APIs in minutes for your front-end of choice.
2,193Members
Resources
Recent Announcements
Similar Threads
Was this page helpful?
