AshGrant.FieldFilterCheck (AshGrant v0.16.0)

Copy Markdown View Source

Per-record field-group visibility check (issue #117 phase ②).

An Ash.Policy.FilterCheck used inside Ash field_policies. For a required field group, filter/3 returns a per-row predicate — false (the group's fields are %Ash.ForbiddenField{} on every row), true (visible on every row), or an Ash expression (visible only on rows matching the contributing grants' scope / instance ids). Ash compiles the predicate into a per-row calculation, so a field can be visible on some records and forbidden on others in the same result set.

This is the per-record counterpart to the action-wide AshGrant.FieldCheck (a SimpleCheck). It reuses AshGrant.Evaluator.field_group_grants/5 to find the allow grants that reach the required group (including instance permissions and inheritance), then builds the predicate exactly like AshGrant.FilterCheck builds row filters.

Summary

Functions

auto_filter(actor, authorizer, opts)

Callback implementation for Ash.Policy.Check.auto_filter/3.

auto_filter_not(actor, authorizer, opts)

check(actor, data, authorizer, opts)

Callback implementation for Ash.Policy.Check.check/4.

eager_evaluate?()

Callback implementation for Ash.Policy.Check.eager_evaluate?/0.

expand_description(actor, authorizer, opts)

Callback implementation for Ash.Policy.Check.expand_description/3.

field_filter_check(field_group)

Builds the check tuple for a required field group, for use in a field_policy.

field_visibility_filter(permissions, resource, action_name, required_group, action_type \\ nil)

Builds the per-row visibility predicate for required_group from permissions.

Returns false (forbidden on every row), true (visible on every row), or an Ash expression (visible only on rows matching the contributing grants' scope / instance ids). Exposed for testing.

init(opts)

Callback implementation for Ash.Policy.Check.init/1.

prefer_expanded_description?()

Callback implementation for Ash.Policy.Check.prefer_expanded_description?/0.

reject(actor, authorizer, opts)

Callback implementation for Ash.Policy.FilterCheck.reject/3.

requires_original_data?(_, _)

Callback implementation for Ash.Policy.Check.requires_original_data?/2.

strict_check(actor, authorizer, opts)

Callback implementation for Ash.Policy.Check.strict_check/3.

strict_check_context(opts)

type()

Callback implementation for Ash.Policy.Check.type/0.