Failing to act as a user from the admin dashboard

Coming from previous thread: Failing To Create New User

I can now create users, but when I try to sign in from the admin dashboard, I press the “run query” button and I get the following message in the console. After that, I am unable to act as this user from the admin dashboard.

warning: Query has already been validated for action :sign_in_with_password.

For safety, we prevent any changes after that point because they will bypass validations or other action logic.
However, you should prefer a pattern like the below, which makes any custom modifications *before* calling the action.

  Resource
  |> Ash.Query.new()
  |> Ash.Query.set_argument(...)
  |> Ash.Query.for_read(...)

  (ash 2.15.19) lib/ash/query/query.ex:1568: Ash.Query.set_argument/3
  (stdlib 5.0.2) maps.erl:416: :maps.fold_1/4
  (ash 2.15.19) lib/ash/query/query.ex:429: Ash.Query.for_read/4
  (ash_admin 0.9.5) lib/ash_admin/components/resource/data_table.ex:230: anonymous fn/2 in AshAdmin.Components.Resource.DataTable.update/2
  (ash_phoenix 1.2.20) lib/ash_phoenix/live_view.ex:173: AshPhoenix.LiveView.keep_live/4
  (ash_admin 0.9.5) lib/ash_admin/components/resource/data_table.ex:222: AshAdmin.Components.Resource.DataTable.update/2
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/utils.ex:498: Phoenix.LiveView.Utils.maybe_call_update!/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/diff.ex:659: anonymous fn/6 in Phoenix.LiveView.Diff.render_pending_components/6
  (elixir 1.15.4) lib/enum.ex:2510: Enum."-reduce/3-lists^foldl/2-0-"/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/diff.ex:635: anonymous fn/4 in Phoenix.LiveView.Diff.render_pending_components/6
  (stdlib 5.0.2) maps.erl:416: :maps.fold_1/4
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/diff.ex:629: Phoenix.LiveView.Diff.render_pending_components/6
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/diff.ex:143: Phoenix.LiveView.Diff.render/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:919: Phoenix.LiveView.Channel.render_diff/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:555: Phoenix.LiveView.Channel.mount_handle_params_result/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:1129: Phoenix.LiveView.Channel.verified_mount/8
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:84: Phoenix.LiveView.Channel.handle_info/2
  (stdlib 5.0.2) gen_server.erl:1077: :gen_server.try_handle_info/3

warning: Query has already been validated for action :sign_in_with_password.

For safety, we prevent any changes after that point because they will bypass validations or other action logic.
However, you should prefer a pattern like the below, which makes any custom modifications *before* calling the action.

  Resource
  |> Ash.Query.new()
  |> Ash.Query.set_argument(...)
  |> Ash.Query.for_read(...)

  (ash 2.15.19) lib/ash/query/query.ex:1568: Ash.Query.set_argument/3
  (stdlib 5.0.2) maps.erl:416: :maps.fold_1/4
  (ash 2.15.19) lib/ash/query/query.ex:429: Ash.Query.for_read/4
  (ash_admin 0.9.5) lib/ash_admin/components/resource/data_table.ex:230: anonymous fn/2 in AshAdmin.Components.Resource.DataTable.update/2
  (ash_phoenix 1.2.20) lib/ash_phoenix/live_view.ex:173: AshPhoenix.LiveView.keep_live/4
  (ash_admin 0.9.5) lib/ash_admin/components/resource/data_table.ex:222: AshAdmin.Components.Resource.DataTable.update/2
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/utils.ex:498: Phoenix.LiveView.Utils.maybe_call_update!/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/diff.ex:659: anonymous fn/6 in Phoenix.LiveView.Diff.render_pending_components/6
  (elixir 1.15.4) lib/enum.ex:2510: Enum."-reduce/3-lists^foldl/2-0-"/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/diff.ex:635: anonymous fn/4 in Phoenix.LiveView.Diff.render_pending_components/6
  (stdlib 5.0.2) maps.erl:416: :maps.fold_1/4
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/diff.ex:629: Phoenix.LiveView.Diff.render_pending_components/6
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/diff.ex:143: Phoenix.LiveView.Diff.render/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:919: Phoenix.LiveView.Channel.render_diff/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:555: Phoenix.LiveView.Channel.mount_handle_params_result/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:1129: Phoenix.LiveView.Channel.verified_mount/8
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:84: Phoenix.LiveView.Channel.handle_info/2
  (stdlib 5.0.2) gen_server.erl:1077: :gen_server.try_handle_info/3

[debug] QUERY OK source="users" db=1.0ms queue=0.8ms idle=1868.1ms
SELECT u0."id", u0."email", u0."hashed_password" FROM "users" AS u0 WHERE (u0."email"::citext = $1::citext) LIMIT $2 ["test@test.test", 1000]

I hope you can point me in the right direction to troubleshoot! Appreciate it in advance.

So, acting as a user in the admin dashboard is not done via signing in like this. We should fix this issue, but the way that this works is that you specify that a resource is an “Actor” type in the resource itself and then you can log in without knowing the username and password.

use Ash.Resource, extensions: [AshAdmin.Resource]

admin do
  actor? true
end

Then you can go to the user resource and find a user and click on the key icon next to the user.

I’ve pushed a fix up to the main branch of ash_admin. Would you mind trying it out to see if it resolves your issue?

Thank you @zachdaniel

I have set my user as an actor with the code:

admin do
  actor? true
end

Now I see the “set user” on the top right. When I click there, nothing happens.

If I go to the option “Get By Subject”, I get this on the screen, without any errors on the console: * expected at most one result but got at least 2 in query: #Ash.Query<resource: Memento.Accounts.User, limit: 1000, select: [:id, :email, :hashed_password]>

I have also deleted the ash_admin folder in the deps folder, as well as the _build folder, and recompiled again. Will this download your fix from the main branch of ash_admin?

Thanks again for all your support!

Is “Get By Subject” an action on user? Or on tokens? Do you have actor? true set on user? Or on token?

Get by subject on user. And actor? true on user

Got this reproduced, will take a look now

So, making the get_by_subject action work in the admin is probably not the most important thing at the moment. Do you have a primary read action on user?

EDIT: because if so, you should switch to that action and use it to select the user. If not, you should add one and use it

Hmmm, what I see is this:

image1629×418 21 KB

My user resource comes directly from the getting started guide

defmodule Memento.Accounts.User do
  use Ash.Resource,
    data_layer: AshPostgres.DataLayer,
    extensions: [AshAuthentication, AshAdmin.Resource]


    admin do
      actor? true
    end

  attributes do
    uuid_primary_key :id
    attribute :email, :ci_string, allow_nil?: false
    attribute :hashed_password, :string, allow_nil?: false, sensitive?: true
  end

  authentication do
    api Memento.Accounts

    strategies do
      password :password do
        identity_field :email
        sign_in_tokens_enabled? true
      end
    end



    tokens do
      enabled? true
      token_resource Memento.Accounts.Token

      signing_secret fn _, _ ->
        Application.fetch_env(:memento, :token_signing_secret) |> IO.inspect(label: "Token Signing Secret")
      end
    end
  end

  postgres do
    table "users"
    repo Memento.Repo
  end

  identities do
    identity :unique_email, [:email]
  end

  # relationships do
  #   has_many :memento, Memento.Content.Memento do
  #     api Memento.Content
  #   end

 # end
  # If using policies, add the folowing bypass:
  # policies do
  #   bypass AshAuthentication.Checks.AshAuthenticationInteraction do
  #     authorize_if always()
  #   end
  # end
end

Add this:

actions do
  defaults [:read]
end

I’ve added an issue to track this. It’s an issue of the generated actions used by ash_authentication. `get_by_subject` action is configured as `get? true` but does not have any arguments or filters · Issue #486 · team-alembic/ash_authentication · GitHub

Epic. It works! Thanks a million