Ash.Resource.Calculation with field_policy

in a calculation Ash.Resource.Calculation I have the following load:

def load(_query, _opt, _context),
    do: [
      member_connections: [
        :type,
        :mirror_type,
        :status,
        connected: [:type, user: [:email, :photo_url, :full_phone]],
         ...
      ]
    ]

def load(_query, _opt, _context),
    do: [
      member_connections: [
        :type,
        :mirror_type,
        :status,
        connected: [:type, user: [:email, :photo_url, :full_phone]],
         ...
      ]
    ]

but user has a field_policy defined to prevent to have :email and :phone_number for specific actors. Does the load take into account the actor from context? Else how to do to make sure that field_policy applies with the given actor ? In my case, I am loading :email and :full_phone_number, not because I need them in the calculation itself.. but later to display them in my page if they are defined. Regards, Angy

3 Replies

AngyL75OP•3mo ago

Please note that I have defined my field_policy like

# Only the name photo and genre data are public:
  #  -> [:first_name, :last_name, :nickname, :gender, :date_of_birth, :preferred_language, ... ]
  # All other data have restricted access (such as :email, :phone_number...)
  field_policies do
    field_policy_bypass [
      :first_name,
      :last_name,
      :nickname,
      :full_name,
      :photo_url,
      :gender,
      :date_of_birth
    ] do
      description "has full access"
      authorize_if always()
    end

    field_policy_bypass :* do
      description "has full access to all fields when not yet authentified"
      authorize_if AshAuthentication.Checks.AshAuthenticationInteraction
    end

    field_policy [:*] do
      description "needs authorisation, else it is forbidden"
      forbid_if always()
      authorize_if expr(id == ^actor(:id))
      authorize_if actor_attribute_equals(:super_admin, true)
      authorize_if App.Organizations.Role.CanReadUserPrivateData
    end
  end

# Only the name photo and genre data are public:
  #  -> [:first_name, :last_name, :nickname, :gender, :date_of_birth, :preferred_language, ... ]
  # All other data have restricted access (such as :email, :phone_number...)
  field_policies do
    field_policy_bypass [
      :first_name,
      :last_name,
      :nickname,
      :full_name,
      :photo_url,
      :gender,
      :date_of_birth
    ] do
      description "has full access"
      authorize_if always()
    end

    field_policy_bypass :* do
      description "has full access to all fields when not yet authentified"
      authorize_if AshAuthentication.Checks.AshAuthenticationInteraction
    end

    field_policy [:*] do
      description "needs authorisation, else it is forbidden"
      forbid_if always()
      authorize_if expr(id == ^actor(:id))
      authorize_if actor_attribute_equals(:super_admin, true)
      authorize_if App.Organizations.Role.CanReadUserPrivateData
    end
  end

I have tried

def load(_query, _opt, %{actor: actor} = _context),
    do: [
      member_connections: [
        :type,
        :mirror_type,
        :status,
        connected: [
          :type,
          user:
            CauseBeacon.Accounts.User
            |> Ash.Query.load([:email, :photo_url, :full_phone_number])
            |> Ash.Query.put_context(:actor, actor)
        ]
      ]
    ]

def load(_query, _opt, %{actor: actor} = _context),
    do: [
      member_connections: [
        :type,
        :mirror_type,
        :status,
        connected: [
          :type,
          user:
            CauseBeacon.Accounts.User
            |> Ash.Query.load([:email, :photo_url, :full_phone_number])
            |> Ash.Query.put_context(:actor, actor)
        ]
      ]
    ]

for the load... but it did not worked...

ZachDaniel•3mo ago

That is by design Policies are not applied to calculation dependencies It's a complex thing and some day we may provide the option to apply them But for now you'd need to load the data inside the calculation using Ash.load!

AngyL75OP•3mo ago

thanks for the information

Gaming

Programming

Ash.Resource.Calculation with field_policy

Did you find this page helpful?