Referencing action argument in policy

Hey all. I have a create action where the argument is an instance of my Maps.Map struct, like so

create :add_to_map do
  accept [:name]

  argument :map, :struct,
    allow_nil?: false,
    constraints: [instance_of: Maps.Map]

  ...
end

create :add_to_map do
  accept [:name]

  argument :map, :struct,
    allow_nil?: false,
    constraints: [instance_of: Maps.Map]

  ...
end

Maps.Map has a belongs_to relationship with a User. I'm trying to set up a policy so that only the owner of the map can use the create action above. I can get this to work by using matches, but it feels like there's a more built-in way I should be able to do this.

   policy action_type(:create) do
      access_type :strict

      authorize_if matches("lorem ipsum", fn actor, context ->
                     context.changeset.arguments.map.user_id == actor.id
                   end)

    end

   policy action_type(:create) do
      access_type :strict

      authorize_if matches("lorem ipsum", fn actor, context ->
                     context.changeset.arguments.map.user_id == actor.id
                   end)

    end

I've tried context_equals like so but this doesn't work

      authorize_if context_equals([:arguments, :map, :user_id], expr(^actor(:id)))

      authorize_if context_equals([:arguments, :map, :user_id], expr(^actor(:id)))

I know I can also write a SimpleCheck module that defines the same logic above, but this feels like something there would be a built in way to handle. Thanks

3 Replies

ZachDaniel•4w ago

I believe ^arg(:name) should work in that context

matt_savvyOP•4w ago

In this case I need to access the user_id attribute of the arg.

ZachDaniel•4w ago

'arg(:arg, [:user_id])`

Gaming

Programming

Referencing action argument in policy

Did you find this page helpful?