View Source Rolex.Options (Rolex v0.2.0)

A module for validating options for permission-related actions.

These options make up a small domain-specific language ("DSL").

The grammar has three terms for scoping permissions:

* `:all` - a special atom for granting or denying ALL of something
* schema - any Ecto schema module
* entity - any Ecto schema entity; e.g. `%User{id: 123}`

And only three* keywords:

* `role: <atom>` - any atom except `:all` or `:any`
* `to: <subject>` - what scope is being granted the role?
* `on: <object>` - which resources are being granted?
  • When revoking permissions, from is used in place of to

Summary

Functions

changeset(action, opts \\ [])

Validates options for performing action.

changeset_for_filter(opts)

Returns a changeset for options used when filtering permissions.

changeset_for_grant_or_deny(opts)

Returns a changeset for options used when creating permissions.

changeset_for_revoke(opts)

Returns a changeset for options used when revoking permissions.

new(input \\ [])
to_permission_params(options)

Converts options from external DSL to internal params.

Functions

Link to this function

changeset(action, opts \\ [])

View Source

Validates options for performing action.

Link to this function

changeset_for_filter(opts)

View Source

Returns a changeset for options used when filtering permissions.

Options:

* `role` - a plain atom naming a role, or:
  * `:any` - will match ANY permission role
* `to` - `:all`, schema, entity, or:
  * `:any` - will match ANY permission subject
  * `{:any, <schema>}` - will match ANY permission subject of the named type
* `on` - `:all`, schema, entity, or:
  * `:any` - will match ANY permission object
  * `{:any, <schema>}` - will match ANY permission object of the named type
Link to this function

changeset_for_grant_or_deny(opts)

View Source

Returns a changeset for options used when creating permissions.

Options:

* `role` - a plain atom naming a role
* `to` - `:all`, schema, or entity
* `on` - `:all`, schema, or entity
Link to this function

changeset_for_revoke(opts)

View Source

Returns a changeset for options used when revoking permissions.

Options:

* `role` - a plain atom naming a role, or:
  * `:any` - will match ANY permission role
* `from` - `:all`, schema, entity, or:
  * `:any` - will match ANY permission subject
  * `{:any, <schema>}` - will match ANY permission subject of the named schema
* `on` - `:all`, schema, entity, or:
  * `:any` - will match ANY permission object
  * `{:any, <schema>}` - will match ANY permission object of the named schema
Link to this function

new(input \\ [])

View Source
Link to this function

to_permission_params(options)

View Source

Converts options from external DSL to internal params.

Returns an atom-keyed map on success, or an {:error, reason} tuple otherwise.

This is the bit that provides the boundary between the Rolex DSL (to/from/on) and actual permission fields.