Basics
This check is disabled by default.
Learn how to enable it via .credo.exs.
This check has a base priority of high and works with any version of Elixir.
Explanation
An unscoped policy using authorize_if always() allows anyone -
including unauthenticated requests - to perform all actions.
A policy is unscoped when its condition is always() or expr(true),
when every element of a list condition is one of those, when it has no
condition at all (Ash defaults the condition to true), or when its only
body-level condition is always()/expr(true).
Scope permissive policies to specific actions or action types:
policy action_type(:read) do
authorize_if always()
end
policy action([:register, :sign_in]) do
authorize_if always()
endCheck-Specific Parameters
There are no specific parameters for this check.
General Parameters
Like with all checks, general params can be applied.
Parameters can be configured via the .credo.exs config file.