Spear.Acl (Spear v0.10.0-rc.1) View Source

A struct representing an access control list (ACL)

See the Security guide for more information on ACLs

Link to this section Summary

Types

t()

An access control list (ACL) type

Functions

Produces an ACL that only allows access to all resources to the $admins group

Produces an ACL that allows all users access to all resources

Converts an ACL struct to a map with the keys expected by the EventStoreDB

Link to this section Types

Specs

t() :: %Spear.Acl{
  delete: String.t() | [String.t()],
  metadata_read: String.t() | [String.t()],
  metadata_write: String.t() | [String.t()],
  read: String.t() | [String.t()],
  write: String.t() | [String.t()]
}

An access control list (ACL) type

See the Security guide for more information on ACLs

ACLs may provide permissions for a single user/group or a list of user/groups.

Examples

iex> Spear.Acl.allow_all()
%Spear.Acl{
  delete: "$all",
  metadata_read: "$all",
  metadata_write: "$all",
  read: "$all",
  write: "$all"
}

Link to this section Functions

Produces an ACL that only allows access to all resources to the $admins group

Examples

iex> Spear.Acl.admins_only()
%Spear.Acl{
  delete: "$admins",
  metadata_read: "$admins",
  metadata_write: "$admins",
  read: "$admins",
  write: "$admins"
}

Produces an ACL that allows all users access to all resources

Note that clients that do not provide credentials at all fall under the $all group.

Examples

iex> Spear.Acl.allow_all()
%Spear.Acl{
  delete: "$all",
  metadata_read: "$all",
  metadata_write: "$all",
  read: "$all",
  write: "$all"
}
Link to this function

to_map(acl)

View Source (since 0.1.3)

Specs

to_map(t()) :: %{required(String.t()) => String.t() | [String.t()]}

Converts an ACL struct to a map with the keys expected by the EventStoreDB

This function is used internall by Spear.set_global_acl/4 to create a global ACL event body, but may be used to create an acl body on its own.

Examples

iex> Spear.Acl.allow_all() |> Spear.Acl.to_map()
%{
  "$w" => "$all",
  "$r" => "$all",
  "$d" => "$all",
  "$mw" => "$all",
  "$mr" => "$all"
}