Giters

curiosum-dev / permit

An uniform authorization library for Elixir. Supports Plug and Phoenix LiveView, aims for much more.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Defining rules for arbitrarily named actions

vincentvanbush opened this issue · comments

commented

As of now, Permit.Rules provides syntax for defining rules like:

defmodule Permit.FakeApp.Permissions do
  import Permit.Rules

  def can(%{role: :owner} = role) do
    grant(role)
    |> all(Item, fn subject, item -> item.owner_id == subject.id end)
    |> all(Item, visible: true)
  end
end

# Checking
can?(user.role) |> read?(record)

We would like to extend this to allow this kind of definition, so we can have distinct permissions for different actions - all of which might be "update" actions in nature but semantically different:

# Defining
def can(%{role: :admin) = role) do
  grant(role)
  |> permission_to(:reset_password, User, fn subject, other_user -> other_user.owner_id == subject.id end)
end

# Checking
can?(user.role) |> do?(:reset_password, record)