I’m trying to upgrade from Ash 2 to 3, and I’m stumped on restoring the behavior of one of my ash_graphql mutations. It’s an update mutation that defines a read_only :current_actor, because the current actor is what is being updated. Basically, the customer needs to update their own customer record. @zachdaniel helped me come up with this solution originally, but for one case, it doesn’t work anymore. It’s the case where there is missing or invalid auth token in the GraphQL request. The GraphQL response should have an error that says the request is forbidden, but it returns the “Something went wrong” generic error instead.
The ash_graphql mutation looks like this:
update :update_customer_registration, :update_customer_registration do
identity false
read_action :current_actor
end
The :current_actor action looks like this:
read :current_actor do
get? true
manual CurrentActorRead
end
And CurrentActorRead looks like this:
defmodule CurrentActorRead do
use Ash.Resource.ManualRead
@impl true
def read(_, _, _, %{actor: actor}) when not is_nil(actor) do
{:ok, [actor]}
end
def read(_, _, _, _), do: {:ok, []}
end
When I run the test case where the auth token is invalid, this is in the output:
19:21:55.947 request_id=F-AbhQRDHA7dOdEAAZTB [warning] Corp.Customers.Customer.current_actor
Policy Breakdown
Policy | 🔎:
condition: action in [:update_customer_registration, :current_actor, :get_customer_self]
authorize if: actor.__struct__ == Corp.Customers.Customer | ✘ | 🔎
19:21:55.954 request_id=F-AbhQRDHA7dOdEAAZTB [error] ba677cf1-83eb-4d29-a77d-20784dc8faa5: Exception raised while resolving query.
** (Ash.Error.Forbidden) Forbidden Error
* forbidden:
Corp.Customers.Customer.current_actor
Policy Breakdown
Policy | 🔎:
condition: action in [:update_customer_registration, :current_actor, :get_customer_self]
authorize if: actor.__struct__ == Corp.Customers.Customer | ✘ | 🔎
(elixir 1.16.1) lib/process.ex:860: Process.info/2
The policy failure is raising an error, which is not getting handled. It seems to be the right kind of error, but the way its propagated to the response is wrong. And by the way, the happy path case works fine.
