Anvil.Auth.Role (Anvil v0.1.1)

View Source

Role definitions and hierarchy for Anvil access control.

Defines four core roles:

  • :labeler - Request assignments, submit labels, view own labels
  • :auditor - View all labels, export data, compute agreement metrics (read-only)
  • :adjudicator - Resolve label conflicts, override labels, approve/reject labels
  • :admin - Manage queue membership, update policies, create queues, manage labelers

Roles have a hierarchical relationship where higher roles inherit permissions from lower roles in the context of override operations.

Summary

Types

permission()
role()

Functions

all()

Returns all valid roles.

can_override?(role1, role2)

Checks if one role can override another role's decisions.

default()

Returns the default role for new labelers.

has_permission?(role, permission)

Checks if a role has a specific permission.

hierarchy()

Returns the role hierarchy mapping.

permissions(role)

Returns the list of permissions for a given role.

valid?(role)

Checks if a given value is a valid role.

Types

permission()

@type permission() ::
  :request_assignment
  | :submit_label
  | :view_own_labels
  | :view_all_labels
  | :export_data
  | :compute_agreement
  | :override_label
  | :resolve_conflicts
  | :manage_queue
  | :manage_labelers
  | :grant_access
  | :revoke_access

role()

@type role() :: :labeler | :auditor | :adjudicator | :admin

Functions

all()

@spec all() :: [role()]

Returns all valid roles.

Examples

iex> Anvil.Auth.Role.all()
[:labeler, :auditor, :adjudicator, :admin]

can_override?(role1, role2)

@spec can_override?(role(), role()) :: boolean()

Checks if one role can override another role's decisions.

Roles can override themselves or lower-level roles based on the hierarchy.

Examples

iex> Anvil.Auth.Role.can_override?(:admin, :labeler)
true

iex> Anvil.Auth.Role.can_override?(:labeler, :admin)
false

iex> Anvil.Auth.Role.can_override?(:adjudicator, :adjudicator)
true

default()

@spec default() :: role()

Returns the default role for new labelers.

Examples

iex> Anvil.Auth.Role.default()
:labeler

has_permission?(role, permission)

@spec has_permission?(role(), permission()) :: boolean()

Checks if a role has a specific permission.

Examples

iex> Anvil.Auth.Role.has_permission?(:admin, :manage_queue)
true

iex> Anvil.Auth.Role.has_permission?(:labeler, :manage_queue)
false

hierarchy()

@spec hierarchy() :: %{required(role()) => pos_integer()}

Returns the role hierarchy mapping.

Higher numbers indicate higher privilege levels.

Examples

iex> hierarchy = Anvil.Auth.Role.hierarchy()
iex> hierarchy[:admin] > hierarchy[:labeler]
true

permissions(role)

@spec permissions(role()) :: [permission()]

Returns the list of permissions for a given role.

Examples

iex> perms = Anvil.Auth.Role.permissions(:labeler)
iex> :request_assignment in perms
true

valid?(role)

@spec valid?(any()) :: boolean()

Checks if a given value is a valid role.

Examples

iex> Anvil.Auth.Role.valid?(:labeler)
true

iex> Anvil.Auth.Role.valid?(:invalid)
false