AshGrant.Explainer (AshGrant v0.14.1)

Copy Markdown View Source

Provides detailed explanations of authorization decisions.

This module is the implementation behind AshGrant.explain/4. It evaluates permissions and builds an AshGrant.Explanation struct with full details about why access was allowed or denied.

Summary

Functions

explain(resource, action, actor, context \\ %{})

Explains an authorization decision for a resource and action.

Functions

explain(resource, action, actor, context \\ %{})

@spec explain(module(), atom(), term(), map()) :: AshGrant.Explanation.t()

Explains an authorization decision for a resource and action.

Returns an AshGrant.Explanation struct with:

  • The final decision (:allow or :deny)
  • All matching permissions with their metadata
  • All evaluated permissions with match status
  • Scope information from both permissions and DSL
  • Reason for denial if applicable

Examples

iex> AshGrant.Explainer.explain(MyApp.Post, :read, actor)
%AshGrant.Explanation{decision: :allow, ...}

iex> AshGrant.Explainer.explain(MyApp.Post, :read, nil)
%AshGrant.Explanation{decision: :deny, reason: :no_matching_permissions}