# `Permit.Ecto.Permissions`
[🔗](https://github.com/curiosum-dev/permit_ecto/blob/v0.3.0/lib/permit_ecto/permissions.ex#L1)

Defines the application's permission set. Replaces `Permit.Permissions` when
`Permit.Ecto` is used, but its syntax is identical.

## Example

```
defmodule MyApp.Permissions do
  use Permit.Permissions, actions_module: Permit.Actions.CrudActions

  @impl true
  def can(%MyApp.User{role: :admin}) do
    permit()
    |> all(Article)
  end

  def can(%MyApp.User{id: user_id}) do
    permit()
    |> read(Article)
    |> all(Article, author_id: user_id)
  end

  def can(_), do: permit()
end
```

## Associations

Conditions can be also defined for values of columns of associated records in `belongs_to`,
`has_one` and `has_many` associations. Generated queries will automatically include appropriate
joins for associated tables recursively.

### Example

```
def can(user) do
  permit()
  |> read(Article, reviews: [approved: true]) # has_many association - any review is approved
  |> read(Article, settings: [visible: true]) # has_one association - if settings.visible is true
  |> read(Article, author: [region: [code: user.region_code]]) # belongs_to association, recursive
end
```

## Condition conversion

Conditions defined using standard operators such as equality, inequality, greater-than, less-than,
LIKE and ILIKE are converted automatically (see `Permit.Operators`).

Other conditions, such as those given as functions,

Refer to `Permit.Permissions` documentation for more examples of usage.

# `construct_query`

```elixir
@spec construct_query(
  Permit.Permissions.t(),
  Permit.Types.action_group(),
  Permit.Types.object_or_resource_module(),
  Permit.Types.subject(),
  module(),
  map()
) :: {:ok, Ecto.Query.t()} | {:error, term()}
```

---

*Consult [api-reference.md](api-reference.md) for complete listing*