View Source Ash.Policy.Info (ash v2.7.1)
An authorization extension for ash resources.
For more information, see Ash.Policy.Authorizer
Link to this section Summary
Functions
A utility to determine if an actor is or may be authorized for a given action/query/changeset.
A utility to determine if an actor is or may be authorized for a given action.
Whether or not Ash policy authorizer is configured to log policy breakdowns
Whether or not Ash policy authorizer is configured to log successful policy breakdowns
Whether or not Ash policy authorizer is configured to show policy breakdowns in error messages
A utility to determine if a given query/changeset would pass authorization.
Link to this section Types
Link to this section Functions
@spec can( Ash.Resource.t(), atom() | Ash.Resource.Actions.action() | Ash.Query.t() | Ash.Changeset.t(), map() | nil, [can_option()] ) :: boolean() | :maybe
A utility to determine if an actor is or may be authorized for a given action/query/changeset.
This only runs the "strict check" portion of policies, meaning that it can return :maybe
in some cases.
If you have access_type :runtime
in any of your policies, then you may get :maybe
from this function.
To customize what is returned in the case of :maybe
you can provide the maybe_is
option, i.e maybe_is: true
.
This makes sense when you want to a show a button, but only if the user may be able to perform the action.
For read actions, an important thing to factor in here is that typically policies just end up filtering the action.
This means that even if you try to read something you can't read, your read action will succeed but nothing will be
returned, and this function would return true
.
@spec can?( Ash.Resource.t(), atom() | Ash.Resource.Actions.action() | Ash.Query.t() | Ash.Changeset.t(), map() | nil, [can_option?()] ) :: boolean()
A utility to determine if an actor is or may be authorized for a given action.
A shortcut for calling can/4
but with the maybe_is
option defaulting to false
, so this should always return a boolean.
See the documentation of can/4
for more.
Whether or not Ash policy authorizer is configured to log policy breakdowns
Whether or not Ash policy authorizer is configured to log successful policy breakdowns
Whether or not Ash policy authorizer is configured to show policy breakdowns in error messages
A utility to determine if a given query/changeset would pass authorization.
This is still experimental.