I’m trying to nail down why this query:
sprints = WasteWalk.Sprints.Sprint |> Ash.Query.filter(expr(exists(members, user_id == ^socket.assigns.current_user.id))) |> Ash.Query.filter(team_id == team.id) |> Ash.read!(actor: socket.assigns.current_user) Works fine as-is, but fails miserably when I try to turn it into a resource query using the Ash DSL:
sprints = Sprints.get_by_team_id!(team.id, actor: socket.assigns.current_user) Somehow, I’ve messed up the policies in such a way that the SAT solver gets confused:
[debug] ** (Ash.Error.Forbidden) Bread Crumbs: > Error returned from: WasteWalk.Sprints.Sprint.get_by_team_id Forbidden Error * forbidden: WasteWalk.Sprints.Sprint.get_by_team_id No policy conditions applied to this request. I don’t understand why the Ash.Query works fine, but the DSL equivalent is failing; they are using the same policies, etc., so…???
The get_by_team_id is defined on the domain as:
# WasteWalk.Sprints resources do resource WasteWalk.Sprints.Sprint define :get_by_team_id, action: :get_by_team_id, args: [:team_id] ... And on the Sprint itself:
# Sprint read :get_by_team_id do argument :team_id, :uuid do allow_nil? false end filter expr(team_id == ^arg(:team_id)) prepare build(sort: [start_date: :desc]) pagination offset?: true, keyset?: true, required?: false end The error, “No policy conditions applied to this request,” isn’t making any sense to me. There’s a policy that seems like it should apply (it applies in the Ash.Query… which correctly returns only sprints the user belongs to):
# Sprint policy action(:read) do # tried both, just in case; no change in behavior: # authorize_if relates_to_actor_via(:sprint_members) authorize_if expr(exists(members, user_id == ^actor(:id))) end I’m not seeing where my DSL implementation is off, compared to the Ash.Query that works fine.
