Ash FrameworkAF
Ash Framework4mo ago
9 replies
Zeeshan

Ash Policy DSL Syntax Issues - Need Help with authorize_if and policy_group

I'm implementing role-based authorization in an Ash 3.5.42 application but running into compilation errors with the policy DSL. Despite following the documentation examples, I'm getting undefined function authorize_if/1 errors.

Current Setup:


  defmodule Fmma.Authentication.DeviceRegistration do
    use Ash.Resource,
      domain: Fmma.Authentication,
      data_layer: AshPostgres.DataLayer,
      authorizers: [Ash.Policy.Authorizer],
      extensions: [AshArchival.Resource, AshPaperTrail.Resource]

    # This fails to compile
    policies do
      bypass actor_attribute_equals(:role, "admin") do
        authorize_if always()  # ← undefined function authorize_if/1
      end

      policy_group actor_attribute_equals(:role, "director") do
        authorize_if always()  # ← undefined function authorize_if/1
      end
    end
  end


Error Message:


error: undefined function authorize_if/1 (there is no such import)
error: undefined function actor_attribute_equals/2 (there is no such import)

What I've Tried:


- Added authorizers: [Ash.Policy.Authorizer] to resource
- Tried importing Ash.Policy.Check.Builtins
- Tried use Ash.Policy.Authorizer

Domain Configuration:


  defmodule Fmma.Authentication do
    use Ash.Domain, extensions: [AshTypescript.Rpc]

    authorization do
      require_actor? true
      authorize :by_default
    end
  end


All in all, the authorization framework compiles fine, but the policy DSL functions aren't available.
Was this page helpful?