View Source Rolex.Options (Rolex v0.2.0)
A module for validating options for permission-related actions.
These options make up a small domain-specific language ("DSL").
The grammar has three terms for scoping permissions:
* `:all` - a special atom for granting or denying ALL of something
* schema - any Ecto schema module
* entity - any Ecto schema entity; e.g. `%User{id: 123}`And only three* keywords:
* `role: <atom>` - any atom except `:all` or `:any`
* `to: <subject>` - what scope is being granted the role?
* `on: <object>` - which resources are being granted?- When revoking permissions,
fromis used in place ofto
Summary
Functions
Validates options for performing action.
Returns a changeset for options used when filtering permissions.
Returns a changeset for options used when creating permissions.
Returns a changeset for options used when revoking permissions.
Converts options from external DSL to internal params.
Functions
Validates options for performing action.
Returns a changeset for options used when filtering permissions.
Options:
* `role` - a plain atom naming a role, or:
* `:any` - will match ANY permission role
* `to` - `:all`, schema, entity, or:
* `:any` - will match ANY permission subject
* `{:any, <schema>}` - will match ANY permission subject of the named type
* `on` - `:all`, schema, entity, or:
* `:any` - will match ANY permission object
* `{:any, <schema>}` - will match ANY permission object of the named type
Returns a changeset for options used when creating permissions.
Options:
* `role` - a plain atom naming a role
* `to` - `:all`, schema, or entity
* `on` - `:all`, schema, or entity
Returns a changeset for options used when revoking permissions.
Options:
* `role` - a plain atom naming a role, or:
* `:any` - will match ANY permission role
* `from` - `:all`, schema, entity, or:
* `:any` - will match ANY permission subject
* `{:any, <schema>}` - will match ANY permission subject of the named schema
* `on` - `:all`, schema, entity, or:
* `:any` - will match ANY permission object
* `{:any, <schema>}` - will match ANY permission object of the named schema
Converts options from external DSL to internal params.
Returns an atom-keyed map on success, or an {:error, reason} tuple otherwise.
This is the bit that provides the boundary between the Rolex DSL (to/from/on) and actual permission fields.