Spark DSL transformer that auto-generates policies when default_policies is enabled.
This transformer runs at compile time and automatically generates the standard AshGrant policy configuration, reducing boilerplate for common use cases.
Configuration
Enable in your resource's ash_grant block:
ash_grant do
resolver MyApp.PermissionResolver
default_policies true # or :all, :read, :write
endOptions
| Value | Description |
|---|---|
false | No policies generated (default) |
true or :all | Generate read, write, and generic action policies |
:read | Only generate filter_check() policy for read actions |
:write | Only generate check() policy for write and generic actions |
Generated Policies
When default_policies: true or :all:
policies do
policy action_type(:read) do
authorize_if AshGrant.filter_check()
end
policy action_type([:create, :update, :destroy]) do
authorize_if AshGrant.check()
end
policy action_type(:action) do
authorize_if AshGrant.check()
end
endImplementation Details
This transformer:
- Runs before
Ash.Policy.Authorizerto inject policies - Uses
Spark.Dsl.Transformer.add_entity/3to add policy entities - Sets appropriate
access_type(:filterfor read,:strictfor write)
See Also
AshGrant.Check- SimpleCheck for write actionsAshGrant.FilterCheck- FilterCheck for read actionsAshGrant.Info.default_policies/1- Query the setting at runtime
Summary
Functions
Callback implementation for Spark.Dsl.Transformer.after_compile?/0.
Functions
Callback implementation for Spark.Dsl.Transformer.after_compile?/0.