8 replies

Policies requiring actors, vs changes requiring actors?

Ash✅Solved🔒Policies

Say I have code like:

  actions do
    create :create do
      change relate_actor(:user, allow_nil?: false)
    end
  end

  policies do
    policy action(:create) do
      forbid_if actor_absent()
      authorize_if always()
    end
  end

  actions do
    create :create do
      change relate_actor(:user, allow_nil?: false)
    end
  end

  policies do
    policy action(:create) do
      forbid_if actor_absent()
      authorize_if always()
    end
  end

  actions do
    create :create do
      change relate_actor(:user, allow_nil?: false)
    end
  end

  policies do
    policy action(:create) do
      forbid_if actor_absent()
      authorize_if always()
    end
  end

  actions do
    create :create do
      change relate_actor(:user, allow_nil?: false)
    end
  end

  policies do
    policy action(:create) do
      forbid_if actor_absent()
      authorize_if always()
    end
  end

The policy seems a bit redundant with

allow_nil?: false

allow_nil?: false

allow_nil?: false

allow_nil?: false on the change.
But I wonder if it's worth defining anyway? I haven't explored the JSON API generation much, maybe it changes the error return?
(I do see that the policy itself is insufficient, since it would authorize non-user actors)

Solution

I'd add both in that case.

Jump to solution

Policies requiring actors, vs changes requiring actors?

Similar Threads

Similar Threads

Similar Threads