@spec can(
  Ash.Resource.t(),
  atom() | Ash.Resource.Actions.action() | Ash.Query.t() | Ash.Changeset.t(),
  map() | nil,
  [can_option()]
) :: boolean() | :maybe

A utility to determine if an actor is or may be authorized for a given action/query/changeset.

This only runs the "strict check" portion of policies, meaning that it can return :maybe in some cases. If you have access_type :runtime in any of your policies, then you may get :maybe from this function. To customize what is returned in the case of :maybe you can provide the maybe_is option, i.e maybe_is: true. This makes sense when you want to a show a button, but only if the user may be able to perform the action.

For read actions, an important thing to factor in here is that typically policies just end up filtering the action. This means that even if you try to read something you can't read, your read action will succeed but nothing will be returned, and this function would return true.

@spec can?(
  Ash.Resource.t(),
  atom() | Ash.Resource.Actions.action() | Ash.Query.t() | Ash.Changeset.t(),
  map() | nil,
  [can_option?()]
) :: boolean()

A utility to determine if an actor is or may be authorized for a given action.

A shortcut for calling can/4 but with the maybe_is option defaulting to false, so this should always return a boolean.

See the documentation of can/4 for more.

Gets the field policies relevant to a given field

Whether or not Ash policy authorizer is configured to log policy breakdowns

Whether or not Ash policy authorizer is configured to log successful policy breakdowns

Whether or not Ash policy authorizer is configured to show policy breakdowns in error messages

A utility to determine if a given query/changeset would pass authorization.

This is still experimental.