You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The get_by_subject action currently requires that you filter by primary key when running the action. Technically the action just "reads whatever". This is not a security issue, but the issue becomes apparent when exposing the action in ash_admin, because it accepts no inputs and therefore fails because too many entries would be returned. The action should either take specific arguments and/or we should just require that a primary read action exists and use that instead of our own get_by_subject action.
The text was updated successfully, but these errors were encountered:
Can you tell that it was the first time I had ever used a read action? lol. I don't think it would be a breaking change to make it actually take the argument and work correctly as it's always called via AshAuthentication.subject_to_user/2..3 anyway.
The
get_by_subject
action currently requires that you filter by primary key when running the action. Technically the action just "reads whatever". This is not a security issue, but the issue becomes apparent when exposing the action inash_admin
, because it accepts no inputs and therefore fails because too many entries would be returned. The action should either take specific arguments and/or we should just require that a primary read action exists and use that instead of our ownget_by_subject
action.The text was updated successfully, but these errors were encountered: