Ash Framework

Ash Libraries

Ash

The core framework, providing all the features and goodies that power and enable the rest of the ecosystem.

AshPostgres

A PostgreSQL data layer for Ash resources, allowing for rich query capabilities and seamless persistence.

AshPhoenix

Utilities for using Ash resources with Phoenix Framework, from building forms to running queries in sockets & LiveViews.

AshGraphql

A GraphQL extension that allows you to build a rich and customizable GraphQL API with minimal configuration required.

AshJsonApi

A JSON:API extension that allows you to effortlessly create a JSON:API spec compliant API.

AshAuthentication

Provides drop-in support for user authentication with various strategies and tons of customizability.

AshAuthenticationPhoenix

Phoenix helpers and UI components in support of AshAuthentication.

AshCSV

A CSV data layer allowing resources to be queried from and persisted in a CSV file.

AshArchival

A light-weight resource extension that modifies resources to simulate deletion by setting an `archived_at` attribute.

Spark

The core DSL and extension tooling, allowing for powerful, extensible DSLs with minimal effort.

Documentation Blog Forum Media

ash Policy Authorizer

Including Packages:

ash | 2.5.11

Including Packages:

ash | 2.5.11

An authorization extension for ash resources.

To add this extension to a resource, add it to the list of authorizers like so:

use Ash.Resource,
  ...,
  authorizers: [
    Ash.Policy.Authorizer
  ]

A resource can be given a set of policies, which are enforced on each call to a resource action.

For reads, policies can be configured to filter out data that the actor shouldn’t see, as opposed to resulting in a forbidden error.

See the policies guide for practical examples.

Policies are solved/managed via a boolean satisfiability solver. To read more about boolean satisfiability, see this page: https://en.wikipedia.org/wiki/Boolean_satisfiability_problem . At the end of the day, however, it is not necessary to understand exactly how Ash takes your authorization requirements and determines if a request is allowed. The important thing to understand is that Ash may or may not run any/all of your authorization rules as they may be deemed unnecessary. As such, authorization checks should have no side effects. Ideally, the checks built-in to ash should cover the bulk of your needs.

DSL

policies