mirror of
https://github.com/ash-project/ash.git
synced 2024-09-20 21:43:02 +12:00
5967ed3a48
* improvement!: use `%Ash.NotSelected{}` for unselected values
* improvement!: default `require_atomic?` to `true`
* improvement!: raise errors on unknown generic action arguments
* improvement!: default bulk strategy to `:atomic`
* improvement!: warnings on `require_atomic?` `true` actions
improvement!: revise `Ash.NotSelected` to `Ash.NotLoaded`
improvement!: errors on unknown action inputs across the board
* doc: clarify wording in notifiers.md
closes #889
* improvement!: default `api.authorization.authorize` to `:by_default`
* improvement!: require the api when constructing changesets
this commit also fixes some work from prior commits around
the default value for the `authorize` option
* improvement!: code_interface.define_for -> code_interface.api
`code_interface.define_for` is now `code_interface.api`. Additionally, it is set automatically if the `api` option is specified on `use Ash.Resource`.
* improvement!: remove registries
* improvement!: pubsub notifier default to `previous_values?: false`
improvement!: requires_original_data? callback defaults to false
* improvement!: rename Ash.Calculation -> Ash.Resource.Calculation
improvement!: improve `Ash.Query.Calculation.new` signature
improvement!: anonymous function calculations now take lists and return lists
improvement!: make callback contexts into structs
improvement!: pass context to builtin lifecycle hook changes
improvement!: calculation arguments are now in the `arguments` key of the context
* chore: fix build
* improvement!: remove `aggregates` and `calculations` from `Filter.parse` and `Filter.parse_input`
* improvement: update spark to 2.0
* improvement!: make picosat_elixir optional with `simple_sat`
* improvement!: rename api to domain
* docs: add more info to upgrading guide
* docs: tweak docs formatting
* improvement!: remove `Ash.Changeset.new!`
* docs: update docs for `Ash.Changeset.new/1`
* improvement!: deprecate `private?: false` in favor of `public?: true`
* doc: add upgrade guide for private -> public
* improvement: update reactor to 3.0
* improvement!: default `default_accept` is now `[]`
* improvement!: `Ash.CiString.new/1` returns `nil` on `nil` input
* improvement!(Ash.Reactor): Improve integration with Ash 3.0 changes.
* improvement!: clean up and reorganize `Ash` functions
this is in preparation of deprecating the functions that are defined
on the api
improvement!: remove context-based functionality
* chore: update docs references from `Ash.Domain` to `Ash`
* chore: fix bad merge
* chore: fix context access in atomic changes
* improvement!: Deprecate calling functions on (domain) api in favor of `Ash`
* improvement!: add `attribute_public?` and update `attribute_writable?` behavior
* improvement!: update atomic behaviors, default to invalid
* chore: update downcase docs
* improvement!: changeset.filters -> changeset.filter
* improvement!: remove deprecated functions
* improvement!: remove and simplify `Ash.Filter.TemplateHelpers`
* improvement: import Ash.Expr in modules where it is used
improvement: require Ash.QUery in modules where it makes sense
* fix!: keyword lists are no longer special cased in ash expressions
* improvement: add structs for more context implementations
* chore: small tweaks, finish `:all` -> `:*` conversion
* chore: update DSL docs for multitenancy.global?
* improvement: ensure selects are applied on destroys
chore: remove TODOs
* chore: some docs changes
* improvement!: introduce strict mode to calculations
* chore: update tests
* improvement: support custom expressions
* docs: document custom expressions
* chore: fix and test custom expressions and function fragments
docs: update relevant docs w/ the changes
* improvement!: reverse order of before action & before transaction hooks
* improvement!: default read actions are now paginatable
* improvement!: require explicit accept lists in default actions
* chore: update docs
* improvement!: remove Ash.Flow and Ash.Engine
* chore: unlock unused deps
* chore: don't use unused variable
* chore: include ash flow change in upgrade guide
* improvement!: standardize various exception keys and names
* improvement!: use `Splode` for errors
* improvement: update upgrade guide to include Splode
* feat: code interface on the domain
* improvement: only require primary key if resource has actions or fields
improvement: only build schema if resource has actions or fields
improvement: verify primary key in its own verifier
* improvement: add `resource/1` builtin check
* improvement!: move simple_notifiers to an option instead of a DSL builder
improvement!: update spark for better autocomplete, configure autocomplete for key functions
docs: replace `an domain` with `a domain`
* improvement: better code interface documentation
* fix: set tenant on query so that root calles to Api.aggreagte work as expected (#929)
* chore: fixes from previous improvements
* chore: update splode
* chore: update splode
* improvement!: swap position of sort order and arguments in calculation sorting
* improvement!: add `include_nil?` aggregate option, and default it to `false`
* improvement: support notifiers within actions
* improvement: support specifying multiple filters
* improvement: add `sortable?` flags to all fields
improvement: support multiple filters on relationships
* improvement: support sensitive? on calculations and arguments
* improvement: validate resources in inputs to code interface
* chore: don't require explicit accept lists when using `default_accept :*`
* chore: update spark
* chore: update public attribute handling per 3.0
* improvement: update reactor and tests
* chore: better error message
* chore: fix rebase issue
* chore: handle merge issues
improvement: don't require domain on relationships if destination has domain
* improvement!: errors on unknown inputs for calculations
* improvement: always choose to cast atomic
* improvement: support casting some embeds atomically
* improvement: various 3.0 updates, documented in upgrade.md
* chore: Add failing tests for loads with with explicit domains. (#948)
Co-authored-by: James Harton <james@harton.nz>
* improvement: ensure non-static dynamic domains works
* improvement: add Ash.ToTenant protocol
* chore: add docs for no ToTenant option
* fix: properly construct new query in `build/3`
* chore: update simple_sat dependency
* chore: don't reselect when missing primary keys
* chore: remove IO.inspect
* chore: update spark
* chore: update spark
* improvement: use `Keyword.put_new` in `Ash.Context.to_opts` (#953)
* improvement: support bulk and atomic operations in code interfaces
---------
Co-authored-by: James Harton <james@harton.nz>
Co-authored-by: WIGGLES <55168935+WIGGLES-dev@users.noreply.github.com>
Co-authored-by: Dmitry Maganov <vonagam@gmail.com>
74 lines
2.9 KiB
Markdown
74 lines
2.9 KiB
Markdown
# Security
|
|
|
|
## Authorization Configuration
|
|
|
|
### `d:Ash.Domain.Dsl.authorization|require_actor?`
|
|
|
|
Requires that an actor is set for all requests.
|
|
|
|
Important: `nil` is still a valid actor, so this won't prevent providing `actor: nil`.
|
|
|
|
|
|
### `d:Ash.Domain.Dsl.authorization|authorize`
|
|
|
|
When to run authorization for a given request.
|
|
|
|
- `:by_default` sets `authorize?: true` if the `authorize?` option was not set (so it can be set to `false`). This is the default.
|
|
- `:always` forces `authorize?: true` on all requests to the domain.
|
|
- `:when_requested` sets `authorize?: true` whenever an actor is set or `authorize?: true` is explicitly passed. This is the default behavior.
|
|
|
|
|
|
## Sensitive Attributes
|
|
|
|
Using `sensitive? true` will cause the argument to be `** Redacted **` from the resource when logging or inspecting. In filter statements, any value used in the same expression as a sensitive attribute will also be redacted. For example, you might see: `email == "** Redacted **"` in a filter statement if `email` is marked as sensitive.
|
|
|
|
## Authorization
|
|
|
|
Authorization in Ash is done via authorizers. Generally, you won't need to create your own authorizer, as the builtin policy authorizer `Ash.Policy.Authorizer` should work well for any use case. Authorization is performed with a given actor and a query or changeset.
|
|
|
|
### Actors
|
|
|
|
An actor is the "entity performing the action". This is generally a user, but could potentially be an organization, a group, whatever makes sense for your use case. By default, when using Ash in code, authorization does not happen.
|
|
|
|
```elixir
|
|
# Does not perform authorization
|
|
Ash.read!(User)
|
|
```
|
|
|
|
However, if you either 1. provide an actor or 2. use the `authorize?: true` option, then authorization will happen.
|
|
|
|
```elixir
|
|
# Authorize with a `nil` actor (which is valid, i.e if no one is logged in and they are trying to list users)
|
|
Ash.read!(User, actor: nil)
|
|
|
|
# Authorize with a `nil` actor
|
|
Ash.read!(User, authorize?: true)
|
|
|
|
# Authorize with an actor
|
|
Ash.read!(User, actor: current_user)
|
|
|
|
# Authorize with an actor, but being explicit
|
|
Ash.read!(User, actor: current_user, authorize?: true)
|
|
|
|
# Skip authorization, but set an actor. The actor can be used in other things than authorization
|
|
# so this may make sense depending on what you are doing.
|
|
Ash.read!(User, actor: current_user, authorize?: false)
|
|
```
|
|
|
|
#### Where to set the actor
|
|
|
|
When setting an actor, if you are building a query or changeset, you should do so at the time that you call the various `for_*` functions. This makes the actor available in the context of any change that is run. For example:
|
|
|
|
```elixir
|
|
# DO THIS
|
|
Resource
|
|
|> Ash.Query.for_read(:read, input, actor: current_user)
|
|
|> Ash.read()
|
|
|
|
# DON'T DO THIS
|
|
Resource
|
|
|> Ash.Query.for_read(:read, input)
|
|
|> Ash.read(actor: current_user)
|
|
```
|
|
|
|
The second option "works" in most cases, but not all, because some `change`s might need to know the actor and will instead get `nil`.
|