calcinator

v5.0.0

calcinator v5.0.0 Calcinator.Authorization behaviour View Source

Behaviour for Calcinator.Resources.t authorization_module

Link to this section Summary

Types

action()

The actions that must be handled by can?/3, filter_associations_can/3, and filter_can/3

association_ascent()

A list of Ecto.Schema.t with the head being the near association and each successive element being the next Ecto.Schema.t following the associations back to the root Ecto.Schema.t for the action

subject()

The subject that is trying to do the action and needs to be authorized by authorization_module

target()

The target of the subject’s action

Callbacks

can?(subject, action, target)
filter_associations_can(target, subject, action)

Reduces associations on target to only those where can?(subject, action, associated_ascent) is true

filter_can(targets, subject, action)

Reduces targets to only those elements where can?(subject, action, targets_element) is true

Link to this section Types

Link to this type action() View Source 
action() :: :create | :delete | :index | :update | :show

The actions that must be handled by can?/3, filter_associations_can/3, and filter_can/3.

Link to this type association_ascent() View Source 
association_ascent() :: [struct, ...]

A list of Ecto.Schema.t with the head being the near association and each successive element being the next Ecto.Schema.t following the associations back to the root Ecto.Schema.t for the action.

Ascents are used, so that associations don’t have to preload their parent to do can? checks.

Link to this type subject() View Source 
subject() :: term

The subject that is trying to do the action and needs to be authorized by authorization_module

Link to this type target() View Source 
target() :: term

The target of the subject’s action

Link to this section Callbacks

Link to this callback can?(subject, action, target) View Source 
can?(subject, action, target :: struct | association_ascent) :: boolean
can?(subject, :delete | :show, struct) :: boolean
can?(subject, :create | :update, Ecto.Changeset.t) :: boolean
can?(subject, :create | :index, module) :: boolean
Link to this callback filter_associations_can(target, subject, action) View Source 
filter_associations_can(target :: struct | [struct], subject, action) :: target

Reduces associations on target to only those where can?(subject, action, associated_ascent) is true.

:show

  • filter_associations_can(struct, subject, :show) :: struct - called by Calcinator.create/2, Calcinator.show/2, and Calcinator.update/2 filter the associations on the allowed target.
  • filter_associations_can([struct], subject, :show) :: [struct] - called by Calciantor.index/2 after filter_can([struct], subject, :show) to filter the assocations of the allowed targets.
Link to this callback filter_can(targets, subject, action) View Source 
filter_can(targets :: [struct], subject, action) :: [target]

Reduces targets to only those elements where can?(subject, action, targets_element) is true.

:show

  • filter_can([struct], subject, :show) :: [struct] - called by Calcinator.index/2 to filter the list of structs to only those where can?(subject, :show, struct) is true.