View Source Permission control
Granting and denying roles
Granting roles to a user
Grant a role, without restriction
Rolex.grant_to!(user, role: :admin, on: :all)
Grant a role on all records of a schema
Rolex.grant_to!(user, role: :approver, on: Task)
Grant a role on a single record
Rolex.grant_to!(user, role: :owner, on: task)
Denying roles to a user
Grants a role on all schema records except this one
user
|> Rolex.grant_to!(role: :approver, on: Task)
|> Rolex.deny_to!(role: :approver, on: task)
Denying a role always overrules granting that role.
Revoking roles
Undoing grants and denials
Delete all grants and denials on a record
Rolex.revoke_from!(user, role: :approver, on: task)
Delete all grants and denials on any record of a schema
Rolex.revoke_from!(user, role: :approver, on: {:any, Task})
Delete all of a user's grants and denials
Rolex.revoke_from!(user, role: :any, on: :any)