Basics
This check is disabled by default.
Learn how to enable it via .credo.exs.
This check has a base priority of high and works with any version of Elixir.
Explanation
Resources that declare Ash.Policy.Authorizer but define no policies
will deny all actions by default. An empty policies block has the same
effect. This is almost always unintentional.
Either add policies:
policies do
policy action_type(:read) do
authorize_if actor_attribute_equals(:active, true)
end
endOr remove the authorizer if authorization is not needed yet.
This check uses Ash's runtime introspection (Ash.Resource.Info.authorizers/1
and Ash.Policy.Info.policies/1) to see the fully-resolved authorizer
and policy lists. That means it correctly handles authorizers added by
extensions and policies declared in Spark.Dsl.Fragment modules - cases
the AST scanner would silently miss.
Requirements
Your project must be compiled before running mix credo. If Ash is
not available in the VM running Credo, the check is a no-op and emits
a single diagnostic.
Check-Specific Parameters
There are no specific parameters for this check.
General Parameters
Like with all checks, general params can be applied.
Parameters can be configured via the .credo.exs config file.