Permit.Ecto.Permissions (permit_ecto v0.2.4)

View Source

Defines the application's permission set. Replaces Permit.Permissions when Permit.Ecto is used, but its syntax is identical.

Example

defmodule MyApp.Permissions do
  use Permit.Permissions, actions_module: Permit.Actions.CrudActions

  @impl true
  def can(%MyApp.User{role: :admin}) do
    permit()
    |> all(Article)
  end

  def can(%MyApp.User{id: user_id}) do
    permit()
    |> read(Article)
    |> all(Article, author_id: user_id)
  end

  def can(_), do: permit()
end

Associations

Conditions can be also defined for values of columns of associated records in belongs_to, has_one and has_many associations. Generated queries will automatically include appropriate joins for associated tables recursively.

Example

def can(user) do
  permit()
  |> read(Article, reviews: [approved: true]) # has_many association - any review is approved
  |> read(Article, settings: [visible: true]) # has_one association - if settings.visible is true
  |> read(Article, author: [region: [code: user.region_code]]) # belongs_to association, recursive
end

Condition conversion

Conditions defined using standard operators such as equality, inequality, greater-than, less-than, LIKE and ILIKE are converted automatically (see Permit.Operators).

Other conditions, such as those given as functions,

Refer to Permit.Permissions documentation for more examples of usage.

Summary

Functions

construct_query(permissions, action, resource, subject, actions_module, opts \\ %{})

Functions

construct_query(permissions, action, resource, subject, actions_module, opts \\ %{})

@spec construct_query(
  Permit.Permissions.t(),
  Permit.Types.action_group(),
  Permit.Types.object_or_resource_module(),
  Permit.Types.subject(),
  module(),
  map()
) :: {:ok, Ecto.Query.t()} | {:error, term()}