9 replies

Ash Policy DSL Syntax Issues - Need Help with authorize_if and policy_group

I'm implementing role-based authorization in an Ash 3.5.42 application but running into compilation errors with the policy DSL. Despite following the documentation examples, I'm getting

undefined function authorize_if/1

undefined function authorize_if/1

errors.

Current Setup:

  defmodule Fmma.Authentication.DeviceRegistration do
    use Ash.Resource,
      domain: Fmma.Authentication,
      data_layer: AshPostgres.DataLayer,
      authorizers: [Ash.Policy.Authorizer],
      extensions: [AshArchival.Resource, AshPaperTrail.Resource]

    # This fails to compile
    policies do
      bypass actor_attribute_equals(:role, "admin") do
        authorize_if always()  # ← undefined function authorize_if/1
      end

      policy_group actor_attribute_equals(:role, "director") do
        authorize_if always()  # ← undefined function authorize_if/1
      end
    end
  end

  defmodule Fmma.Authentication.DeviceRegistration do
    use Ash.Resource,
      domain: Fmma.Authentication,
      data_layer: AshPostgres.DataLayer,
      authorizers: [Ash.Policy.Authorizer],
      extensions: [AshArchival.Resource, AshPaperTrail.Resource]

    # This fails to compile
    policies do
      bypass actor_attribute_equals(:role, "admin") do
        authorize_if always()  # ← undefined function authorize_if/1
      end

      policy_group actor_attribute_equals(:role, "director") do
        authorize_if always()  # ← undefined function authorize_if/1
      end
    end
  end

Error Message:

error: undefined function authorize_if/1

error: undefined function authorize_if/1

(there is no such import)

 error: undefined function actor_attribute_equals/2

 error: undefined function actor_attribute_equals/2

(there is no such import)

What I've Tried:

- Added

authorizers: [Ash.Policy.Authorizer]

authorizers: [Ash.Policy.Authorizer]

to resource
- Tried importing

Ash.Policy.Check.Builtins

Ash.Policy.Check.Builtins

- Tried

use Ash.Policy.Authorizer

use Ash.Policy.Authorizer

Domain Configuration:

  defmodule Fmma.Authentication do
    use Ash.Domain, extensions: [AshTypescript.Rpc]

    authorization do
      require_actor? true
      authorize :by_default
    end
  end

  defmodule Fmma.Authentication do
    use Ash.Domain, extensions: [AshTypescript.Rpc]

    authorization do
      require_actor? true
      authorize :by_default
    end
  end

All in all, the authorization framework compiles fine, but the policy DSL functions aren't available.

Ash Framework•6mo ago•

9 replies

Zeeshan

Ash Policy DSL Syntax Issues - Need Help with authorize_if and policy_group

I'm implementing role-based authorization in an Ash 3.5.42 application but running into compilation errors with the policy DSL. Despite following the documentation examples, I'm getting

undefined function authorize_if/1

undefined function authorize_if/1

errors.

Current Setup:

  defmodule Fmma.Authentication.DeviceRegistration do
    use Ash.Resource,
      domain: Fmma.Authentication,
      data_layer: AshPostgres.DataLayer,
      authorizers: [Ash.Policy.Authorizer],
      extensions: [AshArchival.Resource, AshPaperTrail.Resource]

    # This fails to compile
    policies do
      bypass actor_attribute_equals(:role, "admin") do
        authorize_if always()  # ← undefined function authorize_if/1
      end

      policy_group actor_attribute_equals(:role, "director") do
        authorize_if always()  # ← undefined function authorize_if/1
      end
    end
  end

  defmodule Fmma.Authentication.DeviceRegistration do
    use Ash.Resource,
      domain: Fmma.Authentication,
      data_layer: AshPostgres.DataLayer,
      authorizers: [Ash.Policy.Authorizer],
      extensions: [AshArchival.Resource, AshPaperTrail.Resource]

    # This fails to compile
    policies do
      bypass actor_attribute_equals(:role, "admin") do
        authorize_if always()  # ← undefined function authorize_if/1
      end

      policy_group actor_attribute_equals(:role, "director") do
        authorize_if always()  # ← undefined function authorize_if/1
      end
    end
  end

Error Message:

error: undefined function authorize_if/1

error: undefined function authorize_if/1

(there is no such import)

 error: undefined function actor_attribute_equals/2

 error: undefined function actor_attribute_equals/2

(there is no such import)

What I've Tried:

- Added

authorizers: [Ash.Policy.Authorizer]

authorizers: [Ash.Policy.Authorizer]

to resource
- Tried importing

Ash.Policy.Check.Builtins

Ash.Policy.Check.Builtins

- Tried

use Ash.Policy.Authorizer

use Ash.Policy.Authorizer

Domain Configuration:

  defmodule Fmma.Authentication do
    use Ash.Domain, extensions: [AshTypescript.Rpc]

    authorization do
      require_actor? true
      authorize :by_default
    end
  end

  defmodule Fmma.Authentication do
    use Ash.Domain, extensions: [AshTypescript.Rpc]

    authorization do
      require_actor? true
      authorize :by_default
    end
  end

All in all, the authorization framework compiles fine, but the policy DSL functions aren't available.

Ash Policy DSL Syntax Issues - Need Help with authorize_if and policy_group

Current Setup:

Error Message:

What I've Tried:

Domain Configuration:

Ash Policy DSL Syntax Issues - Need Help with authorize_if and policy_group

Current Setup:

Error Message:

What I've Tried:

Domain Configuration:

Similar Threads

Similar Threads

Similar Threads