I’m trying to nail down why this query:
sprints = WasteWalk.Sprints.Sprint
|> Ash.Query.filter(expr(exists(members, user_id == ^socket.assigns.current_user.id)))
|> Ash.Query.filter(team_id == team.id)
|> Ash.read!(actor: socket.assigns.current_user)
Works fine as-is, but fails miserably when I try to turn it into a resource query using the Ash DSL:
sprints = Sprints.get_by_team_id!(team.id, actor: socket.assigns.current_user)
Somehow, I’ve messed up the policies in such a way that the SAT solver gets confused:
[debug] ** (Ash.Error.Forbidden)
Bread Crumbs:
> Error returned from: WasteWalk.Sprints.Sprint.get_by_team_id
Forbidden Error
* forbidden:
WasteWalk.Sprints.Sprint.get_by_team_id
No policy conditions applied to this request.
I don’t understand why the Ash.Query works fine, but the DSL equivalent is failing; they are using the same policies, etc., so…???
The get_by_team_id is defined on the domain as:
# WasteWalk.Sprints
resources do
resource WasteWalk.Sprints.Sprint
define :get_by_team_id, action: :get_by_team_id, args: [:team_id]
...
And on the Sprint itself:
# Sprint
read :get_by_team_id do
argument :team_id, :uuid do
allow_nil? false
end
filter expr(team_id == ^arg(:team_id))
prepare build(sort: [start_date: :desc])
pagination offset?: true, keyset?: true, required?: false
end
The error, “No policy conditions applied to this request,” isn’t making any sense to me. There’s a policy that seems like it should apply (it applies in the Ash.Query… which correctly returns only sprints the user belongs to):
# Sprint
policy action(:read) do
# tried both, just in case; no change in behavior:
# authorize_if relates_to_actor_via(:sprint_members)
authorize_if expr(exists(members, user_id == ^actor(:id)))
end
I’m not seeing where my DSL implementation is off, compared to the Ash.Query that works fine.
