View Source Permit.Ecto.Permissions (permit_ecto v0.2.2)
Defines the application's permission set. Replaces Permit.Permissions
when
Permit.Ecto
is used, but its syntax is identical.
example
Example
defmodule MyApp.Permissions do
use Permit.Permissions, actions_module: Permit.Actions.CrudActions
@impl true
def can(%MyApp.User{role: :admin}) do
permit()
|> all(Article)
end
def can(%MyApp.User{id: user_id}) do
permit()
|> read(Article)
|> all(Article, author_id: user_id)
end
def can(_), do: permit()
end
associations
Associations
Conditions can be also defined for values of columns of associated records in belongs_to
,
has_one
and has_many
associations. Generated queries will automatically include appropriate
joins for associated tables recursively.
example-1
Example
def can(user) do
permit()
|> read(Article, reviews: [approved: true]) # has_many association - any review is approved
|> read(Article, settings: [visible: true]) # has_one association - if settings.visible is true
|> read(Article, author: [region: [code: user.region_code]]) # belongs_to association, recursive
end
condition-conversion
Condition conversion
Conditions defined using standard operators such as equality, inequality, greater-than, less-than,
LIKE and ILIKE are converted automatically (see Permit.Operators
).
Other conditions, such as those given as functions,
Refer to Permit.Permissions
documentation for more examples of usage.
Link to this section Summary
Link to this section Functions
Link to this function
construct_query(permissions, action, resource, subject, actions_module, opts \\ %{})
View Source@spec construct_query( Permit.Permissions.t(), Permit.Types.action_group(), Permit.Types.object_or_resource_module(), Permit.Types.subject(), module(), map() ) :: {:ok, Ecto.Query.t()} | {:error, term()}