ash_policy_authorizer v0.11.0 AshPolicyAuthorizer.Authorizer.Policy View Source
Link to this section Summary
Functions
A policy has a name, a condition, and a list of checks.
Link to this section Functions
A policy has a name, a condition, and a list of checks.
Checks apply logically in the order they are specified, from top to bottom.
If no check explicitly authorizes the request, then the request is forbidden.
This means that, if you want to "blacklist" instead of "whitelist", you likely
want to add an authorize_if always()
at the bottom of your policy, like so:
policy action_type(:read) do
forbid_if not_logged_in()
forbid_if user_is_denylisted()
forbid_if user_is_in_denylisted_group()
authorize_if always()
end
If the policy should always run, use the always()
check, like so:
policy always() do
...
end
Arguments
:condition
- A check or list of checks that must be true in order for this policy to apply.
If the policy does not apply, it is not run, and some other policy will need to authorize the request. If no policies apply, the request is forbidden. If multiple policies apply, they must each authorize the request.
Options
:description
- Required. A description for the policy, used when explaining authorization results:bypass?
- Iftrue
, and the policy passes, no further policies will be run The default value isfalse
.