8 replies

Policies requiring actors, vs changes requiring actors?

Ash✅Solved🔒Policies

Say I have code like:

  actions do
    create :create do
      change relate_actor(:user, allow_nil?: false)
    end
  end

  policies do
    policy action(:create) do
      forbid_if actor_absent()
      authorize_if always()
    end
  end

  actions do
    create :create do
      change relate_actor(:user, allow_nil?: false)
    end
  end

  policies do
    policy action(:create) do
      forbid_if actor_absent()
      authorize_if always()
    end
  end

The policy seems a bit redundant with

allow_nil?: false

allow_nil?: false

on the change.
But I wonder if it's worth defining anyway? I haven't explored the JSON API generation much, maybe it changes the error return?
(I do see that the policy itself is insufficient, since it would authorize non-user actors)

Solution

I'd add both in that case.

Jump to solution

Ash Framework•3mo ago•

8 replies

Policies requiring actors, vs changes requiring actors?

Ash✅Solved🔒Policies

Say I have code like:

  actions do
    create :create do
      change relate_actor(:user, allow_nil?: false)
    end
  end

  policies do
    policy action(:create) do
      forbid_if actor_absent()
      authorize_if always()
    end
  end

  actions do
    create :create do
      change relate_actor(:user, allow_nil?: false)
    end
  end

  policies do
    policy action(:create) do
      forbid_if actor_absent()
      authorize_if always()
    end
  end

The policy seems a bit redundant with

allow_nil?: false

allow_nil?: false

Solution

I'd add both in that case.

Jump to solution

Policies requiring actors, vs changes requiring actors?

Similar Threads

Policies requiring actors, vs changes requiring actors?

Similar Threads

Similar Threads

Similar Threads