[Feature]: Ash integration

[vincentvanbush]

Problem description

Building upon the idea of Permit/Ash integration described in my article from 2025 there are a few ideas we can explore:

1. Converting Permit authorization rules to Ash policies (https://hexdocs.pm/ash/policies.html).
2. Converting Ash policies to Permit authorization rules. This is probably harder than [1] because Ash policies are evaluated in order lists of both positive (authorize_if) and negative (forbid_if) checks. Permit rules can be quite simply converted to Ash filter checks.
3. Create a custom Ash authorizer. Ash documentation is generally rather dismissive towards the idea of creating authorizers different than Ash.Policy.Authorizer, but it would probably be the fastest way to enable plugging in Permit into Ash.

Also, there'a a feature gap to tackle with Ash's calculations, aggregates and relationships. We'd have to provide a way to map these Ash concepts to Permit join conditions, and potentially think of what needs to be added to the core Permit feature set to provide vanilla Ecto counterparts.

Proposed solution

I'd probably opt for [3] but essentially the heavy lifting inside the custom Authorizer implementation would be something akin to option [1].

Alternatives considered

No response

Use case

Authorization in Ash Framework using a shared authorization source of truth configured using Permit's permission syntax.

Desired API/code example

Priority (1-5)

2 - Medium - Would be helpful

Additional Context

No response

Checklist

• I have searched for existing issues before creating this one
• I have checked the roadmap in the README
• This is a feature request, not a bug report or question. For general questions, please use Elixir Slack's Permit channel.