Lightning.Policies.ProjectUsers (Lightning v2.15.0-pre5)

View Source

The Bodyguard Policy module for projects members roles.

Summary

Types

actions()

Functions

allow_as_support_user?(user, project_id)
authorize(action, user, project)

authorize/3 takes an action, a user, and a project. It checks the user's role for this project and returns true if the user can perform the action in that project and false if they cannot.

Types

actions()

@type actions() ::
  :run_workflow
  | :edit_workflow
  | :access_project
  | :edit_project
  | :delete_project
  | :add_project_user
  | :remove_project_user
  | :delete_workflow
  | :create_workflow
  | :edit_digest_alerts
  | :edit_failure_alerts
  | :create_project_credential
  | :edit_data_retention
  | :write_webhook_auth_method
  | :write_github_connection
  | :initiate_github_sync
  | :create_collection
  | :publish_template

Functions

allow_as_support_user?(user, project_id)

authorize(action, user, project)

@spec authorize(
  actions(),
  Lightning.Accounts.User.t(),
  Lightning.Projects.Project.t() | %{project_id: Ecto.UUID.t()} | nil
) :: boolean()

authorize/3 takes an action, a user, and a project. It checks the user's role for this project and returns true if the user can perform the action in that project and false if they cannot.

Note that permissions are grouped by action, rather than by user role.

We deny by default, so if a user's role is not added to the allow roles list for a particular action they are denied.