sezaru

sezaru

Why this policy worked in Ash 2 but not in Ash 3?

In my user action I have these policies:

policies do
  bypass AshAuthentication.Checks.AshAuthenticationInteraction do
    authorize_if always()
  end

  policy always() do
    forbid_unless actor_attribute_equals(:active?, true)
    authorize_if always()
  end
  ...
end

In Ash 2, when I run sign_in_with_password it will login successfully.

Now, in Ash 3 it fails on that second policy. Basically it fail when, as far as I can tell, when ash authentication tries to fetch the user by its token using the token user belongs_to relationship which will call the read action in my user resource which will not contain the ash_authentication?: true so it will not enter the bypass and then it will fail in the second policy since the actor doesn’t exists yet.

I had to add this bypass to make it work:

    bypass accessing_from(Token, :user) do
      authorize_if always()
    end

which is fine, but I still would like to understand if there is some logic change between Ash 2 to Ash 3 in the policies that made this stop working after the upgrade.

Seems to me that in Ash 2, if you don’t send the actor, it will just ignore the policies and in Ash 3, it will be set as nil and run the policies anyway, is that correct?

Maybe this is related to the change that now Domain.authorization.authorize defaults to :by_default?

Marked As Solved

barnabasJ

barnabasJ

Ash Core Team

As you already mentioned, it is due to the changing of the default of Domain.authorization.authorize.

Before, it was set to :when_requested, which would only check policies if an actor was supplied.

The new setting now always checks policies unless you explicitly set authorize?: false

Where Next?

Popular in Questions Top

siddhant3030
Hi, I have to write a raw query for one of my project. But till now I have used ecto queries and don’t have much experience writing raw ...
New
Darmani72
If I have a post route which an argument: post /my_post_route/:my_param1, MyController.my_post_handler How would get the post params ...
New
chrisalley
ExUnit now has describe blocks which is a welcome addition coming from RSpec. In the docs, it states that nested hierarchies of describe ...
New
mgjohns61585
Could someone help me? I’m making my first elixir program, number guessing game. I can’t figure out how to convert the user’s guess from ...
New
jerry
Good day to you all. I have been struggling to get a query involving like and ilike to work. Can anyone assist me on this, please? pro...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
jason.o
In the code below, if the create action is not set to accept “extra_key” as an input, it errors out with a message shown above. Is there ...
New
chensan
I have a User schema with a :from_id field set to type :string: defmodule TweetBot.Repo.Migrations.CreateUsers do use Ecto.Migration ...
New
JorisKok
I have a server on AWS, and was running a load test using artillery. When looking at the Phoenix dashboard I see the Ports going to 100% ...
New

Other popular topics Top

sen
Hi All, I set a environment variables in dev.exs , like below code. when i start server, how can i set the ${enable} value? thanks. d...
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
skosch
To my knowledge, put_in, Map.update etc. all have the one limitation of not automatically creating intermediate keys when needed (for exa...
New
greenz1
I have a phoenix application from which a user can download multiple(5-6) files of size 1MB. I couldn’t find anything related to sending ...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
jason.o
In the code below, if the create action is not set to accept “extra_key” as an input, it errors out with a message shown above. Is there ...
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New
JakeBecker
TL;DR: I’ve just released an implementation of Microsoft’s IDE-independent Language Server Protocol for Elixir. It adds language support ...
1144 54120 245
New
lanycrost
Hi everyone! I need implement if…else if…else condition from my elixir code, and anymore of this control flow structures not work proper...
New

Latest on Elixir Forum

Elixir Forum

We're in Beta

About us Mission Statement