Lightning.Policies.Permissions (Lightning v2.14.5-pre1)
View SourceThis module defines a unique interface managing authorizations in Lightning.
Users in Lightning have instance-wide and project-wide roles which determine their level of access to resources in the application. For more details see the documentation.
Policy Modules
Authorization policies are implemented under lib/lightning/policies/
:
users.ex
- Instance-wide access levelsproject_users.ex
- Project-wide access levelscredentials.ex
- Credential management permissionsworkflows.ex
- Workflow-related permissionscollections.ex
- Collection access permissionsdataclips.ex
- Dataclip permissionsexports.ex
- Export functionality permissionsprovisioning.ex
- Resource provisioning permissions
Interface
This module provides the can/4
and can?/4
interface, which wraps
Bodyguard.permit/4
to harmonize policy usage across the application.
Policy Resolution: You can reference policy modules in two ways:
- Full module names:
Lightning.Policies.Users
- Atom shortcuts for sub-modules:
:users
,:project_users
,:credentials
Functions
can(policy, action, actor, resource)
- Returns:ok
or{:error, :unauthorized}
can?(policy, action, actor, resource)
- Returnstrue
orfalse
Examples
Using full module names:
can_edit = Lightning.Policies.ProjectUsers
|> Lightning.Policies.Permissions.can?(:edit_workflow, user, project)
Using atom shortcuts:
can_create = Permissions.can?(:credentials, :create_keychain_credential, project_user)
can_delete = Permissions.can?(:project_users, :delete_project, user, project)
All policies are comprehensively tested in test/lightning/policies/
.
Summary
Functions
checks if user has the permissions to apply action using some policy module
same as can/4 but returns true
if user can apply action and false
otherwise
Functions
checks if user has the permissions to apply action using some policy module
Returns :ok
if user can apply action and {:error, :unauthorized}
otherwise
Examples
iex> can(Lightning.Policies.Users, :create_workflow, user, project)
:ok
iex> can(Lightning.Policies.Users, :create_project, user, %{})
{:error, :unauthorized}
same as can/4 but returns true
if user can apply action and false
otherwise
Examples
iex> can(Lightning.Policies.Users, :create_workflow, user, project)
true
iex> can(Lightning.Policies.Users, :create_project, user, %{})
false