Bodyguard.Schema behaviour (Bodyguard v2.4.2) View Source

Specify user-accessible items.

The callbacks are designed to live within your schemas, hidden from the context boundaries of your application.

All you have to do is implement the scope/3 callback on your schema. What "access" means is up to you, and can be customized on a case-by-case basis via params.

Typically the callbacks are designed to be used by Bodyguard.scope/4 and are not called directly.

If you want to use separate module for scoping, you can use defdelegate:

defmodule MyApp.MyModel.MySchema do
  defdelegate scope(query, user, params), to: Some.Other.Scope
end

Link to this section Summary

Callbacks

Specify user-accessible items.

Link to this section Callbacks

Link to this callback

scope(query, user, params)

View Source

Specs

scope(query :: any(), user :: any(), params :: %{required(atom()) => any()}) ::
  any()

Specify user-accessible items.

This callback is expected to take a query of this schema and filter it down to results that are only accessible to user. Arbitrary params may also be specified.

defmodule MyApp.MyModel.MySchema do
  @behaviour Bodyguard.Schema
  import Ecto.Query, only: [from: 2]

  def scope(query, user, _params) do
    from ms in query, where: ms.user_id == ^user.id
  end
end