5 replies

How to allow only one action and forbid all others by default in policy?

From the doc when multiple policies apply to the same request, all applicable policies must pass for the action to be authorized.

I have a policy for the :profile read action, that is available only for the current actor:

policy action(:profile) do
  authorize_if expr(id == ^actor(:id))
end

policy action(:profile) do
  authorize_if expr(id == ^actor(:id))
end

policy action(:profile) do
  authorize_if expr(id == ^actor(:id))
end

policy action(:profile) do
  authorize_if expr(id == ^actor(:id))
end

I want all the other actions to be forbidden by default. How can I achieve that? I tried this, but in that case I won't be able to reach the :profile action.

policy always() do
  forbid_if always()
end

policy always() do
  forbid_if always()
end

policy always() do
  forbid_if always()
end

policy always() do
  forbid_if always()
end

I suspect that instead of having a policy, I should have a

bypass

bypass

bypass

bypass on the

profile

profile

profile

profileaction right?

Solution

forbid is the default, if no policy block applies to the action, so you can just remove this one

policy always() do
  forbid_if always()
end

policy always() do
  forbid_if always()
end

policy always() do
  forbid_if always()
end

policy always() do
  forbid_if always()
end

Jump to solution

How to allow only one action and forbid all others by default in policy?

Similar Threads

Similar Threads

Similar Threads