Severity: P1 (security — authorization bypass) · Tier-2 (posture decision; Pascal review required before any fix)
Co-maintained repo (Pascal = architect).
Location: lib/ash_ui/resources/screen.ex:157-159, lib/ash_ui/resources/element.ex:75-77, lib/ash_ui/resources/binding.ex:84-86
All three storage resources open policies do … end with bypass actor_absent() do authorize_if always() end. In Ash this grants full read + create + update + destroy to any caller with no actor. The LiveView mount path is incidentally safe (rejects nil current_user first), but JSON:API / MCP / CLI / direct Ash calls with authorize?: true and no actor get unauthenticated full access. Contradicts the authorization contract (REQ-AUTH-001/003), whose baseline is authorize_if IsAuthenticated. May be a deliberate-but-mis-scoped "system actor = trusted" convention — hence Pascal review, not auto-fix.
Fix: remove the blanket actor_absent → always() (fail closed for anonymous), or narrow to a read-only/system bypass and encode it in the spec.
2026-05-28 cross-repo review — see ariston-ui docs/audits/cross-repo-review-2026-05-28.md (finding B1).
Severity: P1 (security — authorization bypass) · Tier-2 (posture decision; Pascal review required before any fix)
Co-maintained repo (Pascal = architect).
Location:
lib/ash_ui/resources/screen.ex:157-159,lib/ash_ui/resources/element.ex:75-77,lib/ash_ui/resources/binding.ex:84-86All three storage resources open
policies do … endwithbypass actor_absent() do authorize_if always() end. In Ash this grants full read + create + update + destroy to any caller with no actor. The LiveView mount path is incidentally safe (rejects nil current_user first), but JSON:API / MCP / CLI / directAshcalls withauthorize?: trueand no actor get unauthenticated full access. Contradicts the authorization contract (REQ-AUTH-001/003), whose baseline isauthorize_if IsAuthenticated. May be a deliberate-but-mis-scoped "system actor = trusted" convention — hence Pascal review, not auto-fix.Fix: remove the blanket
actor_absent → always()(fail closed for anonymous), or narrow to a read-only/system bypass and encode it in the spec.2026-05-28 cross-repo review — see ariston-ui
docs/audits/cross-repo-review-2026-05-28.md(finding B1).