View Source Lightning.Policies.ProjectUsers (Lightning v2.10.4)

The Bodyguard Policy module for projects members roles.

Summary

Types

actions()

Functions

authorize(action, user, project)

authorize/3 takes an action, a user, and a project. It checks the user's role for this project and returns true if the user can perform the action in that project and false if they cannot.

Types

Link to this type

actions()

View Source 
@type actions() ::
  :run_workflow
  | :edit_workflow
  | :access_project
  | :edit_project
  | :delete_project
  | :add_project_user
  | :remove_project_user
  | :delete_workflow
  | :create_workflow
  | :edit_digest_alerts
  | :edit_failure_alerts
  | :provision_project
  | :create_project_credential
  | :edit_data_retention
  | :write_webhook_auth_method
  | :write_github_connection
  | :initiate_github_sync

Functions

Link to this function

authorize(action, user, project)

View Source 
@spec authorize(
  actions(),
  Lightning.Accounts.User.t(),
  Lightning.Projects.Project.t() | %{project_id: Ecto.UUID.t()} | nil
) :: boolean()

authorize/3 takes an action, a user, and a project. It checks the user's role for this project and returns true if the user can perform the action in that project and false if they cannot.

Note that permissions are grouped by action, rather than by user role.

We deny by default, so if a user's role is not added to the allow roles list for a particular action they are denied.