bobek

bobek

Ash Framework: Final album policy (p155)

The final section on policies states that

We can’t combine built-in policy checks, so we’ll have to fall back to writing
an expression, like expr(published == true), to verify both conditions in the same policy check. We end up with a policy like the following:

policy action_type([:update, :destroy]) do
  authorize_if expr(^actor(:role) == :editor and created_by_id == ^actor(:id))
end

Can you please expand on this a bit? Why those cannot be combined? It was stated previously, that simple checks can be combined with filter checks. Also, after some experimenting, I’ve ended up with the following code, which seems to be working:

    policy action([:update, :destroy]) do
      forbid_unless actor_attribute_equals(:role, :editor)
      authorize_if relates_to_actor_via(:created_by)

      # Also added permission to work with Albums without creator, just to experiment.
      # Wonder is there is a better way:
      authorize_if expr(is_nil(created_by_id))
    end

Marked As Solved

sevenseacat

sevenseacat

Author of Ash Framework

You can combine simple checks and filter checks as separate checks the same policy, that’s correct.

By “can’t combine built-in checks” I meant in the same policy check, something like:

authorize_if actor_attribute_equals(:role, :editor) && relates_to_actor_via(:created_by)

Which doesn’t work!

I’m pretty sure your version with two checks is equivalent, but I find it a lot harder to wrap my head around it, with the separate checks with inverted rules (which is why I can’t say with 100% confidence that they’re equivalent!)

Where Next?

Popular Pragmatic Bookshelf topics Top

johnp
Running the examples in chapter 5 c under pytest 5.4.1 causes an AttributeError: ‘module’ object has no attribute ‘config’. In particula...
New
belgoros
Following the steps described in Chapter 6 of the book, I’m stuck with running the migration as described on page 84: bundle exec sequel...
New
johnp
Hi Brian, Looks like the api for tinydb has changed a little. Noticed while working on chapter 7 that the .purge() call to the db throws...
New
mikecargal
Title: Hands-On Rust (Chapter 11: prefab) Just played a couple of amulet-less games. With a bit of debugging, I believe that your can_p...
New
JohnS
I can’t setup the Rails source code. This happens in a working directory containing multiple (postgres) Rails apps. With: ruby-3.0.0 s...
New
Chrichton
Dear Sophie. I tried to do the “Authorization” exercise and have two questions: When trying to plug in an email-service, I found the ...
New
jgchristopher
“The ProductLive.Index template calls a helper function, live_component/3, that in turn calls on the modal component. ” Excerpt From: Br...
New
creminology
Skimming ahead, much of the following is explained in Chapter 3, but new readers (like me!) will hit a roadblock in Chapter 2 with their ...
New
mcpierce
@mfazio23 I’ve applied the changes from Chapter 5 of the book and everything builds correctly and runs. But, when I try to start a game,...
New
dachristenson
@mfazio23 Android Studio will not accept anything I do when trying to use the Transformations class, as described on pp. 140-141. Googl...
New

Other popular topics Top

wolf4earth
@AstonJ prompted me to open this topic after I mentioned in the lockdown thread how I started to do a lot more for my fitness. https://f...
New
PragmaticBookshelf
Design and develop sophisticated 2D games that are as much fun to make as they are to play. From particle effects and pathfinding to soci...
New
AstonJ
I have seen the keycaps I want - they are due for a group-buy this week but won’t be delivered until October next year!!! :rofl: The Ser...
New
AstonJ
This looks like a stunning keycap set :orange_heart: A LEGENDARY KEYBOARD LIVES ON When you bought an Apple Macintosh computer in the e...
New
AstonJ
Seems like a lot of people caught it - just wondered whether any of you did? As far as I know I didn’t, but it wouldn’t surprise me if I...
New
AstonJ
Continuing the discussion from Thinking about learning Crystal, let’s discuss - I was wondering which languages don’t GC - maybe we can c...
New
foxtrottwist
A few weeks ago I started using Warp a terminal written in rust. Though in it’s current state of development there are a few caveats (tab...
New
PragmaticBookshelf
Author Spotlight Jamis Buck @jamis This month, we have the pleasure of spotlighting author Jamis Buck, who has written Mazes for Prog...
New
PragmaticBookshelf
Get the comprehensive, insider information you need for Rails 8 with the new edition of this award-winning classic. Sam Ruby @rubys ...
New
AnfaengerAlex
Hello, I’m a beginner in Android development and I’m facing an issue with my project setup. In my build.gradle.kts file, I have the foll...
New

Sub Categories: