Ash FrameworkAF
Ash Frameworkโ€ข3mo agoโ€ข
10 replies
Carl

Mixing read action in `action_type` policy condition with other types; Error instead of filtering

Hi all,

After upgrading to Ash 3.7.0 my tests for asserting that actions under policies requiring an actor being present started throwing Ash.Errors.Forbidden for read actions instead of just filtering and warning on :debug.

policies do
  policy action_type([:create, :read, :update]) do
    authorize_if actor_present()
  end

  policy action_type(:destroy) do
    authorize_if IsAdmin
    authorize_if relates_to_actor_via(:created_by)
  end
end


However, if I break out the first policy into individual policies where action_type gets a single atom for action type instead of a list, no error is thrown and the filtering in my tests occur as previously expected:

policy action_type(:read) do
  authorize_if actor_present()
end
# and the same for :create, :update


I'd like to think that 3.7.0 wouldn't introduce a change in the policies logic but I'm very open to it providing improved implementations that catch any of my stupid mistakes ๐Ÿ™ƒ

A self-contained reproduction:

https://github.com/carlgleisner/policy_repro
GitHub
GitHub - carlgleisner/policy_repro
Contribute to carlgleisner/policy_repro development by creating an account on GitHub.
GitHub - carlgleisner/policy_repro
Solution
@Carl please try 
main
Jump to solution
Was this page helpful?