calcinator v2.3.0 Calcinator.Authorization behaviour

Behaviour for Calcinator.Resources.t authorization_module

Summary

Types

The actions that must be handled by can?/3, filter_associations_can/3, and filter_can/3

A list of Ecto.Schema.t with the head being the near association and each successive element being the next Ecto.Schema.t following the associations back to the root Ecto.Schema.t for the action

The subject that is trying to do the action and needs to be authorized by authorization_module

The target of the subject’s action

Callbacks

Reduces associations on target to only those where can?(subject, action, associated_ascent) is true

Reduces targets to only those elements where can?(subject, action, targets_element) is true

Types

action()
action() :: :create | :delete | :index | :update | :show

The actions that must be handled by can?/3, filter_associations_can/3, and filter_can/3.

association_ascent()
association_ascent() :: [struct, ...]

A list of Ecto.Schema.t with the head being the near association and each successive element being the next Ecto.Schema.t following the associations back to the root Ecto.Schema.t for the action.

Ascents are used, so that associations don’t have to preload their parent to do can? checks.

subject()
subject() :: term

The subject that is trying to do the action and needs to be authorized by authorization_module

target()
target() :: term

The target of the subject’s action

Callbacks

can?(subject, action, target)
can?(subject, action, target :: struct | association_ascent) :: boolean
can?(subject, :delete | :show, struct) :: boolean
can?(subject, :create | :update, Ecto.Changeset.t) :: boolean
can?(subject, :create | :index, module) :: boolean
filter_associations_can(target, subject, action)
filter_associations_can(target :: struct | [struct], subject, action) :: target

Reduces associations on target to only those where can?(subject, action, associated_ascent) is true.

:show

  • filter_associations_can(struct, subject, :show) :: struct - called by Calcinator.create/2, Calcinator.show/2, and Calcinator.update/2 filter the associations on the allowed target.
  • filter_associations_can([struct], subject, :show) :: [struct] - called by Calciantor.index/2 after filter_can([struct], subject, :show) to filter the assocations of the allowed targets.
filter_can(targets, subject, action)
filter_can(targets :: [struct], subject, action) :: [target]

Reduces targets to only those elements where can?(subject, action, targets_element) is true.

:show

  • filter_can([struct], subject, :show) :: [struct] - called by Calcinator.index/2 to filter the list of structs to only those where can?(subject, :show, struct) is true.