bobek

bobek

Ash Framework: Final album policy (p155)

The final section on policies states that

We can’t combine built-in policy checks, so we’ll have to fall back to writing
an expression, like expr(published == true), to verify both conditions in the same policy check. We end up with a policy like the following:

policy action_type([:update, :destroy]) do
  authorize_if expr(^actor(:role) == :editor and created_by_id == ^actor(:id))
end

Can you please expand on this a bit? Why those cannot be combined? It was stated previously, that simple checks can be combined with filter checks. Also, after some experimenting, I’ve ended up with the following code, which seems to be working:

    policy action([:update, :destroy]) do
      forbid_unless actor_attribute_equals(:role, :editor)
      authorize_if relates_to_actor_via(:created_by)

      # Also added permission to work with Albums without creator, just to experiment.
      # Wonder is there is a better way:
      authorize_if expr(is_nil(created_by_id))
    end

Marked As Solved

sevenseacat

sevenseacat

Author of Ash Framework

You can combine simple checks and filter checks as separate checks the same policy, that’s correct.

By “can’t combine built-in checks” I meant in the same policy check, something like:

authorize_if actor_attribute_equals(:role, :editor) && relates_to_actor_via(:created_by)

Which doesn’t work!

I’m pretty sure your version with two checks is equivalent, but I find it a lot harder to wrap my head around it, with the separate checks with inverted rules (which is why I can’t say with 100% confidence that they’re equivalent!)

Where Next?

Popular Pragmatic Bookshelf topics Top

abtin
page 20: … protoc command… I had to additionally run the following go get commands in order to be able to compile protobuf code using go...
New
herminiotorres
Hi! I know not the intentions behind this narrative when called, on page XI: mount() |> handle_event() |> render() but the correc...
New
rmurray10127
Title: Intuitive Python: docker run… denied error (page 2) Attempted to run the docker command in both CLI and Powershell PS C:\Users\r...
New
gilesdotcodes
In case this helps anyone, I’ve had issues setting up the rails source code. Here were the solutions: In Gemfile, change gem 'rails' t...
New
jskubick
I think I might have found a problem involving SwitchCompat, thumbTint, and trackTint. As entered, the SwitchCompat changes color to hol...
New
brunogirin
When installing Cards as an editable package, I get the following error: ERROR: File “setup.py” not found. Directory cannot be installe...
New
dsmith42
Hey there, I’m enjoying this book and have learned a few things alredayd. However, in Chapter 4 I believe we are meant to see the “>...
New
akraut
The markup used to display the uploaded image results in a Phoenix.LiveView.HTMLTokenizer.ParseError error. lib/pento_web/live/product_l...
New
AufHe
I’m a newbie to Rails 7 and have hit an issue with the bin/Dev script mentioned on pages 112-113. Iteration A1 - Seeing the list of prod...
New
a.zampa
@mfazio23 I’m following the indications of the book and arriver ad chapter 10, but the app cannot be compiled due to an error in the Bas...
New

Other popular topics Top

PragmaticBookshelf
Andy and Dave wrote this influential, classic book to help their clients create better software and rediscover the joy of coding. Almost ...
New
siddhant3030
I’m thinking of buying a monitor that I can rotate to use as a vertical monitor? Also, I want to know if someone is using it for program...
New
PragmaticBookshelf
Tailwind CSS is an exciting new CSS framework that allows you to design your site by composing simple utility classes to create complex e...
New
PragmaticBookshelf
Create efficient, elegant software tests in pytest, Python's most powerful testing framework. Brian Okken @brianokken Edited by Kat...
New
foxtrottwist
A few weeks ago I started using Warp a terminal written in rust. Though in it’s current state of development there are a few caveats (tab...
New
AstonJ
If you want a quick and easy way to block any website on your Mac using Little Snitch simply… File > New Rule: And select Deny, O...
New
New
New
PragmaticBookshelf
A concise guide to MySQL 9 database administration, covering fundamental concepts, techniques, and best practices. Neil Smyth MySQL...
New
xiji2646-netizen
Woke up to this today: Claude Code’s complete source code exposed via npm source map. Not a snippet. All 512,000 lines. 1,900 TypeScript ...
New

Latest in Ash Framework

Sub Categories: