View Source Rolex.DSL (Rolex v0.5.3)

Implements a small domain-specific language ("DSL") for scoping permissions.

The DSL is defined by a handful of keyword options:

  • :role - a plain atom naming the role
  • :to - specifies the subject scope; i.e. "who holds the role?"
  • :on - specifics the object scope; i.e. "on which resources does the role apply?

When revoking permissions, from is used in place of to, because it reads more naturally.

Subject and object scopes are specified using any of these values:

  • :all - a special atom for granting or denying ALL of something
  • any Ecto schema module; e.g. MyApp.Users.User
  • any Ecto schema record; e.g. %MyApp.Users.User{id: 123}

Summary

Types

action()
any_from_opt()
any_on_opt()
any_role()
any_role_opt()
any_scope()
any_to_opt()
changeset()
filter_option()
from_opt()
on_opt()
record()
revoke_option()
role()
role_opt()
schema()
scope()
t()
to_opt()

Functions

changeset(action, opts)

Returns a changeset for DSL options used to perform action.

changeset_for_filter(opts)

Returns a changeset for options used when filtering permissions.

changeset_for_grant_or_deny(opts)

Returns a changeset for DSL options used when granting or denying permissions.

changeset_for_revoke(opts)

Returns a changeset for options used when revoking permissions.

new(input \\ [])

Returns a new Rolex.DSL initialized from input on success, or {:error, reason} otherwise.

to_permission_params(input)

Converts input from external DSL options to internal Rolex.Permission schema params.

Types

Link to this type

action()

View Source 
@type action() :: :grant | :deny | :revoke | :filter
Link to this type

any_from_opt()

View Source 
@type any_from_opt() :: {:from, any_scope()}
Link to this type

any_on_opt()

View Source 
@type any_on_opt() :: {:on, any_scope()}
Link to this type

any_role()

View Source 
@type any_role() :: :any | role()
Link to this type

any_role_opt()

View Source 
@type any_role_opt() :: {:role, any_role()}
Link to this type

any_scope()

View Source 
@type any_scope() :: :any | {:any, schema()} | scope()
Link to this type

any_to_opt()

View Source 
@type any_to_opt() :: {:to, any_scope()}
Link to this type

changeset()

View Source 
@type changeset() :: Ecto.Changeset.t(t())
Link to this type

filter_option()

View Source 
@type filter_option() ::
  {:role, :any | role()} | {:to, :any | scope()} | {:on, :any | scope()}
Link to this type

from_opt()

View Source 
@type from_opt() :: {:from, scope()}
Link to this type

on_opt()

View Source 
@type on_opt() :: {:on, scope()}
Link to this type

record()

View Source 
@type record() :: Ecto.Schema.t()
Link to this type

revoke_option()

View Source 
@type revoke_option() ::
  {:role, :any | role()} | {:from, :any | scope()} | {:on, :any | scope()}
Link to this type

role()

View Source 
@type role() :: atom()
Link to this type

role_opt()

View Source 
@type role_opt() :: {:role, role()}
Link to this type

schema()

View Source 
@type schema() :: module()
Link to this type

scope()

View Source 
@type scope() :: :all | schema() | record()
Link to this type

t()

View Source 
@type t() :: %Rolex.DSL{from: scope(), on: scope(), role: role(), to: scope()}
Link to this type

to_opt()

View Source 
@type to_opt() :: {:to, scope()}

Functions

Link to this function

changeset(action, opts)

View Source 
@spec changeset(
  action(),
  keyword()
) :: changeset()

Returns a changeset for DSL options used to perform action.

Action may be any of :grant, :deny, :revoke, :filter.

Link to this function

changeset_for_filter(opts)

View Source 
@spec changeset_for_filter([any_role_opt() | any_to_opt() | any_on_opt()]) ::
  changeset()

Returns a changeset for options used when filtering permissions.

Options:

  • :role - a plain atom naming a role, or:
    • :any - will match any permission role
    • a list of plain atoms naming all roles of interest
  • :to - :all, schema, record, or:
    • :any - will match any permission subject
    • {:any, <schema>} - will match any permission subject of the named schema
  • :on - :all, schema, record, or:
    • :any - will match any permission object
    • {:any, <schema>} - will match any permission object of the named schema
Link to this function

changeset_for_grant_or_deny(opts)

View Source 
@spec changeset_for_grant_or_deny([role_opt() | to_opt() | on_opt()]) :: changeset()

Returns a changeset for DSL options used when granting or denying permissions.

Options:

  • :role - a plain atom naming a role
  • :to - :all, schema, or record
  • :on - :all, schema, or record
Link to this function

changeset_for_revoke(opts)

View Source 
@spec changeset_for_revoke([any_role_opt() | any_from_opt() | any_on_opt()]) ::
  changeset()

Returns a changeset for options used when revoking permissions.

Options:

  • :role - a plain atom naming a role, or:
    • :any - will match any permission role
  • :from - :all, schema, record, or:
    • :any - will match any permission subject
    • {:any, <schema>} - will match any permission subject of the named schema
  • :on - :all, schema, record, or:
    • :any - will match any permission object
    • {:any, <schema>} - will match any permission object of the named schema
Link to this function

new(input \\ [])

View Source

Returns a new Rolex.DSL initialized from input on success, or {:error, reason} otherwise.

Link to this function

to_permission_params(input)

View Source 
@spec to_permission_params(t() | Enumerable.t()) :: map() | {:error, term()}

Converts input from external DSL options to internal Rolex.Permission schema params.

Returns an atom-keyed map on success, or an {:error, reason} tuple otherwise.