SimpleCheck for field-level authorization within Ash's field_policies.
This check integrates with Ash's built-in field_policies system to authorize
access to specific fields based on AshGrant permission strings.
Usage (Mode A — Manual)
field_policies do
field_policy [:salary, :ssn] do
authorize_if AshGrant.field_check(:confidential)
end
field_policy [:phone, :address] do
authorize_if AshGrant.field_check(:sensitive)
end
field_policy :* do
authorize_if always()
end
endThe check passes if the actor's permission string has a field_group that equals or inherits from the required group. If the actor's permissions have no field_group (4-part format), all fields are visible.
Summary
Functions
Callback implementation for Ash.Policy.Check.eager_evaluate?/0.
Creates a field check tuple for use in field_policies.
Callback implementation for Ash.Policy.Check.init/1.
Callback implementation for Ash.Policy.Check.prefer_expanded_description?/0.
Callback implementation for Ash.Policy.Check.requires_original_data?/2.
Callback implementation for Ash.Policy.Check.strict_check/3.
Callback implementation for Ash.Policy.Check.type/0.
Functions
Callback implementation for Ash.Policy.Check.eager_evaluate?/0.
Creates a field check tuple for use in field_policies.
Callback implementation for Ash.Policy.Check.init/1.
Callback implementation for Ash.Policy.Check.prefer_expanded_description?/0.
Callback implementation for Ash.Policy.Check.requires_original_data?/2.
Callback implementation for Ash.Policy.Check.strict_check/3.
Callback implementation for Ash.Policy.Check.type/0.