Lightning.Policies.Credentials (Lightning v2.14.5-pre1)

View Source

The Bodyguard Policy module for authorizing credential actions.

Summary

Types

actions()

Functions

authorize(action, user, resource)

Authorize credential actions based on the user's project role.

Types

actions()

@type actions() ::
  :create_keychain_credential
  | :edit_keychain_credential
  | :delete_keychain_credential
  | :view_keychain_credential

Functions

authorize(action, user, resource)

@spec authorize(
  action :: actions(),
  project_user :: Lightning.Projects.ProjectUser.t(),
  resource :: any()
) :: boolean()
@spec authorize(
  action :: actions(),
  user_or_project_user ::
    Lightning.Accounts.User.t() | Lightning.Projects.ProjectUser.t(),
  resource :: Lightning.Credentials.KeychainCredential.t()
) :: boolean()

Authorize credential actions based on the user's project role.

For KeychainCredential resources, users must have owner or admin role in the associated project.