zac
Different policy on `Ash.Query` vs. DSL not making sense (why does Query work, DSL fail?)
I’m trying to nail down why this query:
sprints = WasteWalk.Sprints.Sprint
|> Ash.Query.filter(expr(exists(members, user_id == ^socket.assigns.current_user.id)))
|> Ash.Query.filter(team_id == team.id)
|> Ash.read!(actor: socket.assigns.current_user)
Works fine as-is, but fails miserably when I try to turn it into a resource query using the Ash DSL:
sprints = Sprints.get_by_team_id!(team.id, actor: socket.assigns.current_user)
Somehow, I’ve messed up the policies in such a way that the SAT solver gets confused:
[debug] ** (Ash.Error.Forbidden)
Bread Crumbs:
> Error returned from: WasteWalk.Sprints.Sprint.get_by_team_id
Forbidden Error
* forbidden:
WasteWalk.Sprints.Sprint.get_by_team_id
No policy conditions applied to this request.
I don’t understand why the Ash.Query works fine, but the DSL equivalent is failing; they are using the same policies, etc., so…???
The get_by_team_id is defined on the domain as:
# WasteWalk.Sprints
resources do
resource WasteWalk.Sprints.Sprint
define :get_by_team_id, action: :get_by_team_id, args: [:team_id]
...
And on the Sprint itself:
# Sprint
read :get_by_team_id do
argument :team_id, :uuid do
allow_nil? false
end
filter expr(team_id == ^arg(:team_id))
prepare build(sort: [start_date: :desc])
pagination offset?: true, keyset?: true, required?: false
end
The error, “No policy conditions applied to this request,” isn’t making any sense to me. There’s a policy that seems like it should apply (it applies in the Ash.Query… which correctly returns only sprints the user belongs to):
# Sprint
policy action(:read) do
# tried both, just in case; no change in behavior:
# authorize_if relates_to_actor_via(:sprint_members)
authorize_if expr(exists(members, user_id == ^actor(:id)))
end
I’m not seeing where my DSL implementation is off, compared to the Ash.Query that works fine.
Marked As Solved
zachdaniel
I think you’re looking for action_type(:read)?
Also Liked
zachdaniel
This is the hint to look at the conditions of the policy not the contents.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









