improvement: support authorize_with option in Ash.get (#1732)

ash-project · Jan 24, 2025 · 0975ea5 · 0975ea5
1 parent 261864f
commit 0975ea5
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 5 deletions.
diff --git a/lib/ash.ex b/lib/ash.ex
@@ -252,6 +252,12 @@ defmodule Ash do
 
                          See `Ash.Query.load/2`.
                        """
+                     ],
+                     authorize_with: [
+                       type: {:one_of, [:filter, :error]},
+                       default: :filter,
+                       doc:
+                         "If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authroization filter will cause an error to be returned."
                      ]
                    ]
                    |> Spark.Options.merge(@global_opts, "Global Options")

diff --git a/test/policy/simple_test.exs b/test/policy/simple_test.exs
@@ -426,9 +426,10 @@ defmodule Ash.Test.Policy.SimpleTest do
       |> Ash.Changeset.for_create(:create, %{author: user.id, text: "aaa"})
       |> Ash.create!(authorize?: false)
 
-    Post
-    |> Ash.Changeset.for_create(:create, %{text: "invalid"})
-    |> Ash.create!(authorize?: false)
+    post2 =
+      Post
+      |> Ash.Changeset.for_create(:create, %{text: "invalid"})
+      |> Ash.create!(authorize?: false)
 
     ids =
       Post
@@ -439,8 +440,13 @@ defmodule Ash.Test.Policy.SimpleTest do
     assert ids == Enum.sort([post1.id])
 
     assert_raise Ash.Error.Forbidden, fn ->
-      Post
-      |> Ash.read!(actor: user, authorize_with: :error)
+      Ash.read!(Post, actor: user, authorize_with: :error)
+    end
+
+    Ash.get!(Post, post1.id, actor: user, authorize_with: :error)
+
+    assert_raise Ash.Error.Forbidden, fn ->
+      Ash.get!(Post, post2.id, actor: user, authorize_with: :error)
     end
   end