AshDiagram.Data.PolicySimulation (AshDiagram v0.2.1)

View Source

Creates flowchart diagrams that show how Ash policies decide whether to authorize or deny access.

The diagrams visualize policy logic as a step-by-step flow, showing all the checks that need to pass for authorization. Users can see the decision path from start to authorized result, with each policy condition displayed as a decision node.

Summary

Types

expansion_callback()

A function that transforms policy checks before they are included in the simulation diagram.

option()
options()

Functions

for_action(resource, action, options \\ [])

Creates a policy simulation flow chart diagram for a specific action.

for_field(resource, field, options \\ [])

Creates a policy simulation flow chart diagram for a specific field.

for_policies(resource, policies, options \\ [])

Creates a policy simulation flow chart diagram from explicit policies.

for_resource(resource, options \\ [])

Creates a policy simulation flow chart diagram for a single resource.

Types

expansion_callback()

@type expansion_callback() :: (Crux.Expression.t(Ash.Policy.Check.ref()) ->
                           Crux.Expression.t(Ash.Policy.Check.ref()))

A function that transforms policy checks before they are included in the simulation diagram.

This callback allows you to "prime" decisions by replacing specific checks with predetermined values (true/false) or simplified expressions. When a check is primed, the simulation will automatically discard any branches that become unreachable, creating a cleaner diagram focused on the remaining decision paths.

Examples

# Prime actor_present checks to always be true
expansion_callback = fn
  {ActorPresent, _opts} -> true
  other -> other
end

# Prime specific action types
expansion_callback = fn
  {ActionType, opts} -> :read in List.wrap(opts[:type])
  other -> other
end

option()

@type option() :: {:title, String.t()} | {:expansion_callback, expansion_callback()}

options()

@type options() :: [option()]

Functions

for_action(resource, action, options \\ [])

@spec for_action(
  resource :: Ash.Resource.t(),
  action :: Ash.Resource.Actions.action(),
  options :: options()
) :: AshDiagram.Flowchart.t()

Creates a policy simulation flow chart diagram for a specific action.

for_field(resource, field, options \\ [])

@spec for_field(
  resource :: Ash.Resource.t(),
  field ::
    atom()
    | Ash.Resource.Attribute.t()
    | Ash.Resource.Relationships.relationship()
    | Ash.Resource.Calculation.t()
    | Ash.Resource.Aggregate.t(),
  options :: options()
) :: AshDiagram.Flowchart.t()

Creates a policy simulation flow chart diagram for a specific field.

for_policies(resource, policies, options \\ [])

@spec for_policies(
  resource :: Ash.Resource.t(),
  policies :: [Ash.Policy.Policy.t()],
  options :: options()
) :: AshDiagram.Flowchart.t()

Creates a policy simulation flow chart diagram from explicit policies.

for_resource(resource, options \\ [])

@spec for_resource(resource :: Ash.Resource.t(), options :: options()) ::
  AshDiagram.Flowchart.t()

Creates a policy simulation flow chart diagram for a single resource.