ash icon indicating copy to clipboard operation
ash copied to clipboard
verified publisher icon ash-project

Policies should have an `applicable_action_types` callback

Open sevenseacat opened this issue 2 months ago • 1 comments

Code of Conduct

  • [x] I agree to follow this project's Code of Conduct

AI Policy

  • [x] I agree to follow this project's AI Policy, or I agree that AI was not used while creating this issue.

Is your feature request related to a problem? Please describe.

A lot of policies don't make sense to run on create actions, because they test against the original record. eg. relates_to_actor_via. At the moment this will either raise a runtime error, or silently fail.

Describe the solution you'd like

If each built-in policy could define which action types it worked on, we could emit a compile-time warning if people write policies that don't make a lot of sense or will never pass on a create action.

Describe alternatives you've considered

No response

Additional context

No response

sevenseacat avatar Oct 22 '25 01:10 sevenseacat

The warning would likely not be able to be compile time, but it could at least be a more intelligent warning. With that said, I'm not confident that we would want to have applicable_action_types? but some kind of more generic validate callback, i.e

def validate(authorizer, opts, context) do
  if authorization.action.type == :create do
    :ok
  else
    {:error, "can only work on create actions"}
  end
end

zachdaniel avatar Oct 22 '25 02:10 zachdaniel