Auto-generates Ash field_policies from field_group definitions.
When default_field_policies: true is set, generates field policy entries
for each field group's direct fields using AshGrant.FieldCheck.
Each field group's direct fields (not inherited) get a field_policy with
the corresponding AshGrant.FieldCheck. A catch-all policy ensures fields
not in any group remain accessible.
Generated Structure
For field groups:
field_group :public, [:name, :department]
field_group :sensitive, [:phone, :address], inherits: [:public]
field_group :confidential, [:salary, :email], inherits: [:sensitive]Generates:
field_policies do
field_policy [:name, :department] do
authorize_if AshGrant.field_check(:public)
end
field_policy [:phone, :address] do
authorize_if AshGrant.field_check(:sensitive)
end
field_policy [:salary, :email] do
authorize_if AshGrant.field_check(:confidential)
end
field_policy :* do
authorize_if always()
end
endSummary
Functions
Callback implementation for Spark.Dsl.Transformer.after_compile?/0.
Functions
Callback implementation for Spark.Dsl.Transformer.after_compile?/0.