Ash user management - how to create an administrator that can perform basic CRUD operations on users?

So it seems like I’m spamming the forums of late. Sorry about that, there are a few things I’m trying to figure out.

I’m using ash_authentication_phoenix and I’ve got that working pretty much the way I want it now. I have a user resource with username (not email), password and a few other fields such as role. I’m not using tokens at all. Users cannot register themselves. Instead they need to be created by a user who has the admin role.

Now I need a administrator to be able to perform basic CRUD operations on users. This shouldn’t be complicated, but I’m a bit stumped on some of the operations and was hoping I could get a little help along the way to figure it out.

I’ve tried looking for something like an ash_user_management module that would tie in with the authentication one, but I haven’t found one at least. If anybody has developed one or is working on one, please do let me know. I thought this would be a common enough situtation that somebody would have developed something, but maybe the world has moved away from writing business applications?

I’ve got list and details views worked out already, that didn’t present any problem. I suppose I can use register to create a user, even though there will be an active user session, right? That seems to make a lot of sense. I can’t imagine delete would present any problem. But I’m not sure how to deal with update user, since it will be given a password that should be converted to a hashed one. Is that what :register_with_password does? I’m looking through the sources but seem to be a bit lost. Can I use :register_with_password along with the update action or do I have to write a custom action for it?

Now I may just be really tired and my mind is running around in circles, but I began to think about an alternative, but I don’t suppose two resources could share the same database table, right? Because authentication and user management are clearly two very different activities, just that they happen to use the same underlying data. The idea that came to me was if I’m meant to have on user recource for auth and another one for user management? Somehow that also doesn’t quite sound right though.

What does the create action on your user resource look like? Ours looks like this:

    create :register do
      argument :password, :string, allow_nil?: false
      argument :password_confirmation, :string, allow_nil?: false
      change set_context(%{strategy_name: :password})
      change AshAuthentication.Strategy.Password.HashPasswordChange
    end

The AshAuthentication.Strategy.Password.HashPasswordChange converts passwords into their hashed version.

So you can then either use MyApp.User.create!(%{name: "Frieda", password: "123", password_confirmation: "123"}} and build a basic UI to do that, or be lazy like us and just use the AshAdmin plugin that creates a screen for you that looks something like:

image999×635 17 KB

You can also reset passwords in this auto-generated UI.

Thank you! What I was looking for was AshAuthentication.Strategy.Password.HashPasswordChange, but I just couldn’t find it and I had reached a point where I didn’t even really know what I was doing. I was low on sleep and getting more and more frustrated. You have made my morning! Don’t know how to thank you properly.

Glad to be able to help!

Gonna piggyback on this question.

With the password strategy, is there a way to invite a user without having to set a random password for them?

I would like them to get an email (maybe magic link?) that when they click, takes them to a form to let them complete the signup process, and they can put in their own password.

Is that a possibility with ash auth? or am i stuck setting a random password and having them use the forgot password approach to set their own pw and login?

I think you should be able to pull that off. We’ve got set ups where some users have passwords and some users sign in with socials and that kind of thing. So you should be able to add a separate create action, like :create_without_password. Then you can create a magic link, and send them a link to a page