Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

get_by_subject action is configured as get? true but does not have any arguments or filters #486

Open
zachdaniel opened this issue Oct 19, 2023 · 1 comment
Open

get_by_subject action is configured as get? true but does not have any arguments or filters #486

zachdaniel opened this issue Oct 19, 2023 · 1 comment

Comments

@zachdaniel
Copy link
Collaborator

The get_by_subject action currently requires that you filter by primary key when running the action. Technically the action just "reads whatever". This is not a security issue, but the issue becomes apparent when exposing the action in ash_admin, because it accepts no inputs and therefore fails because too many entries would be returned. The action should either take specific arguments and/or we should just require that a primary read action exists and use that instead of our own get_by_subject action.
@jimsynz
Copy link
Collaborator

jimsynz commented Oct 26, 2023

Can you tell that it was the first time I had ever used a read action? lol. I don't think it would be a breaking change to make it actually take the argument and work correctly as it's always called via AshAuthentication.subject_to_user/2..3 anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jimsynz @zachdaniel