Defining rules for arbitrarily named actions
vincentvanbush opened this issue · comments
Michał Buszkiewicz commented
As of now, Permit.Rules
provides syntax for defining rules like:
defmodule Permit.FakeApp.Permissions do
import Permit.Rules
def can(%{role: :owner} = role) do
grant(role)
|> all(Item, fn subject, item -> item.owner_id == subject.id end)
|> all(Item, visible: true)
end
end
# Checking
can?(user.role) |> read?(record)
We would like to extend this to allow this kind of definition, so we can have distinct permissions for different actions - all of which might be "update" actions in nature but semantically different:
# Defining
def can(%{role: :admin) = role) do
grant(role)
|> permission_to(:reset_password, User, fn subject, other_user -> other_user.owner_id == subject.id end)
end
# Checking
can?(user.role) |> do?(:reset_password, record)