From 34d6f229c53e09932263cdcaa5b6d1fa3e2b4697 Mon Sep 17 00:00:00 2001
From: Zach Daniel <zach@zachdaniel.dev>
Date: Mon, 22 Jul 2024 07:10:09 -0400
Subject: [PATCH] improvement: allow policy conditions to be applied inside
 their block

```elixir
policy do
  condition [...]
  authorize_if ...
end
```
---
 lib/ash/policy/authorizer/authorizer.ex | 4 ++--
 lib/ash/policy/field_policy.ex          | 9 ++++++++-
 lib/ash/policy/policy.ex                | 6 +++++-
 test/actions/aggregate_test.exs         | 3 ++-
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/lib/ash/policy/authorizer/authorizer.ex b/lib/ash/policy/authorizer/authorizer.ex
index b63c8389..2ee2731a 100644
--- a/lib/ash/policy/authorizer/authorizer.ex
+++ b/lib/ash/policy/authorizer/authorizer.ex
@@ -178,7 +178,7 @@ defmodule Ash.Policy.Authorizer do
         """
       ]
     ],
-    args: [:condition],
+    args: [{:optional, :condition}],
     target: Ash.Policy.Policy,
     no_depend_modules: [:condition],
     transform: {Ash.Policy.Policy, :transform, []},
@@ -274,7 +274,7 @@ defmodule Ash.Policy.Authorizer do
           "A check or list of checks that must be true in order for this field policy to apply. If not specified, it always applies."
       ]
     ],
-    args: [:fields, {:optional, :condition, {Ash.Policy.Check.Static, result: true}}],
+    args: [:fields, {:optional, :condition}],
     target: Ash.Policy.FieldPolicy,
     transform: {Ash.Policy.FieldPolicy, :transform, []},
     entities: [
diff --git a/lib/ash/policy/field_policy.ex b/lib/ash/policy/field_policy.ex
index fafefb6f..8a20c5de 100644
--- a/lib/ash/policy/field_policy.ex
+++ b/lib/ash/policy/field_policy.ex
@@ -16,11 +16,18 @@ defmodule Ash.Policy.FieldPolicy do
     if Enum.empty?(field_policy.policies) do
       {:error, "Field policies must have at least one check."}
     else
+      field_policy =
+        if field_policy.condition in [nil, []] do
+          %{field_policy | condition: [{Ash.Policy.Check.Static, result: true}]}
+        else
+          field_policy
+        end
+
       {:ok,
        %{
          field_policy
          | policies: Enum.map(field_policy.policies, &set_field_policy_opt/1),
-           condition: Enum.map(List.wrap(field_policy.condition || []), &set_field_policy_opt/1)
+           condition: Enum.map(List.wrap(field_policy.condition), &set_field_policy_opt/1)
        }}
     end
   end
diff --git a/lib/ash/policy/policy.ex b/lib/ash/policy/policy.ex
index 95fc3e10..376833f2 100644
--- a/lib/ash/policy/policy.ex
+++ b/lib/ash/policy/policy.ex
@@ -55,7 +55,11 @@ defmodule Ash.Policy.Policy do
     if Enum.empty?(policy.policies) do
       {:error, "Policies must have at least one check."}
     else
-      {:ok, policy}
+      if policy.condition in [nil, []] do
+        {:ok, %{policy | condition: [{Ash.Policy.Check.Static, result: true}]}}
+      else
+        {:ok, policy}
+      end
     end
   end
 
diff --git a/test/actions/aggregate_test.exs b/test/actions/aggregate_test.exs
index 6188a58b..21459dd7 100644
--- a/test/actions/aggregate_test.exs
+++ b/test/actions/aggregate_test.exs
@@ -45,7 +45,8 @@ defmodule Ash.Test.Actions.AggregateTest do
     end
 
     policies do
-      policy always() do
+      policy do
+        condition(always())
         authorize_if expr(public == true)
       end
     end