View Source Rolex.DSL (Rolex v0.4.0)

Implements a small domain-specific language ("DSL") for scoping permissions.

The DSL is defined by a handful of keyword options:

  • :role - a plain atom naming the role
  • :to - specifies the subject scope; i.e. "who holds the role?"
  • :on - specifics the object scope; i.e. "on which resources does the role apply?

When revoking permissions, from is used in place of to, because it reads more naturally.

Subject and object scopes are specified using any of these values:

  • :all - a special atom for granting or denying ALL of something
  • any Ecto schema module; e.g. MyApp.Users.User
  • any Ecto schema entity; e.g. %MyApp.Users.User{id: 123}

Summary

Functions

changeset(action, opts)

Returns a changeset for DSL options used to perform action.

changeset_for_filter(opts)

Returns a changeset for options used when filtering permissions.

changeset_for_grant_or_deny(opts)

Returns a changeset for DSL options used when granting or denying permissions.

changeset_for_revoke(opts)

Returns a changeset for options used when revoking permissions.

new(input \\ [])

Returns a new Rolex.DSL initialized from input on success, or {:error, reason} otherwise.

to_permission_params(input)

Converts input from external DSL options to internal Rolex.Permission schema params.

Functions

Link to this function

changeset(action, opts)

View Source

Returns a changeset for DSL options used to perform action.

Action may be any of :grant, :deny, :revoke, :filter.

Link to this function

changeset_for_filter(opts)

View Source

Returns a changeset for options used when filtering permissions.

Options:

  • :role - a plain atom naming a role, or:
    • :any - will match any permission role
  • :to - :all, schema, entity, or:
    • :any - will match any permission subject
    • {:any, <schema>} - will match any permission subject of the named type
  • :on - :all, schema, entity, or:
    • :any - will match any permission object
    • {:any, <schema>} - will match any permission object of the named type
Link to this function

changeset_for_grant_or_deny(opts)

View Source

Returns a changeset for DSL options used when granting or denying permissions.

Options:

  • :role - a plain atom naming a role
  • :to - :all, schema, or entity
  • :on - :all, schema, or entity
Link to this function

changeset_for_revoke(opts)

View Source

Returns a changeset for options used when revoking permissions.

Options:

  • :role - a plain atom naming a role, or:
    • :any - will match any permission role
  • :from - :all, schema, entity, or:
    • :any - will match any permission subject
    • {:any, <schema>} - will match any permission subject of the named schema
  • :on - :all, schema, entity, or:
    • :any - will match any permission object
    • {:any, <schema>} - will match any permission object of the named schema
Link to this function

new(input \\ [])

View Source

Returns a new Rolex.DSL initialized from input on success, or {:error, reason} otherwise.

Link to this function

to_permission_params(input)

View Source

Converts input from external DSL options to internal Rolex.Permission schema params.

Returns an atom-keyed map on success, or an {:error, reason} tuple otherwise.