AbsinthePermission.Rule (AbsinthePermission v1.0.0)

Copy Markdown View Source

A single authorization or filtering rule attached to a schema field.

Rules are produced by the DSL macros (authorize/2, filter/2, etc.) at compile time and stored on the schema for the middleware to evaluate at request time.

Fields

  • :phase:pre (before resolve) or :post (after resolve)
  • :permission — required permission(s); see permission/0
  • :condition — when this rule applies (AbsinthePermission.Condition.t/0)

  • :on_deny — what to do when the rule denies: :error | :null | :filter

  • :error_message — optional custom error message
  • :location%{file: binary, line: pos_integer} — for error reporting

A rule "fires" when its condition evaluates to true. When it fires, the caller must hold the required permission(s) or the rule denies.

Summary

Types

permission()
t()

Functions

normalize_permission(p)

Normalises a permission specifier into a canonical form.

Types

permission()

@type permission() ::
  nil | binary() | [binary()] | {:all, [binary()]} | {:any, [binary()]}

t()

@type t() :: %AbsinthePermission.Rule{
  condition: AbsinthePermission.Condition.t(),
  error_message: binary() | nil,
  location: %{file: binary(), line: pos_integer()},
  on_deny: :error | :null | :filter,
  permission: permission(),
  phase: :pre | :post
}

Functions

normalize_permission(p)

@spec normalize_permission(permission() | [{:all | :any, [binary()]}]) ::
  nil | {:all | :any, [binary()]}

Normalises a permission specifier into a canonical form.

iex> AbsinthePermission.Rule.normalize_permission("admin")
{:any, ["admin"]}

iex> AbsinthePermission.Rule.normalize_permission(["admin", "support"])
{:any, ["admin", "support"]}

iex> AbsinthePermission.Rule.normalize_permission({:all, ["admin", "verified"]})
{:all, ["admin", "verified"]}

iex> AbsinthePermission.Rule.normalize_permission(nil)
nil