Dictator v1.1.0 Dictator.Policies.BelongsTo View Source
Policy definition commonly used in typical belongs_to associations.
This policy assumes the users can read (:show, :index, :new,
:create) any information but only write (:edit, :update, :delete)
their own.
As an example, in a typical Twitter-like application, a user has_many
posts and a post belongs_to a user. You can define a policy to let users
manage their own posts but read all others by doing the following:
defmodule MyAppWeb.Policies.Post do
alias MyApp.{Post, User}
use Dictator.Policies.EctoSchema, for: Post
def can?(_, action, _) when action in [:index, :show, :new, :create], do: true
def can?(%User{id: id}, action, %{resource: %Post{user_id: id}})
when action in [:edit, :update, :delete],
do: true
def can?(_, _, _), do: false
endThis scenario is so common, it is abstracted completely through this module
and you can simply use Dictator.Policies.BelongsTo, for: Post to make
use of it. The following example is equivalent to the previous one:
defmodule MyAppWeb.Policies.Post do
use Dictator.Policies.BelongsTo, for: MyApp.Post
endAllowed Options
All options available in Dictator.Policies.EctoSchema plus the following:
foreign_key: foreign key of the current user in the resource being accessed. If a Post belongs to a User, this option would typically be:user_id. Defaults to:user_id.owner_key: primary key of the current user. Defaults to:id
Examples
Assuming a typical User schema, with an :id primary key, and a typical
Post schema, with a belongs_to association to a User:
# lib/my_app_web/policies/post.ex
defmodule MyAppWeb.Policies.Post do
use Dictator.Policies.BelongsTo, for: MyApp.Post
endIf, however, the user has a uuid primary key and the post has an
admin_id key instead of the typical uer_id, you should do the
following:
# lib/my_app_web/policies/post.ex
defmodule MyAppWeb.Policies.Post do
use Dictator.Policies.BelongsTo, for: MyApp.Post, owner_key: :uuid,
foreign_key: :admin_id
end