Lightning.Policies.Users (Lightning v2.13.3)

View Source

The Bodyguard Policy module for users roles.

Summary

Types

actions()

Functions

authorize(action, authenticated_user, account_user)

authorize/3 takes an action, a user, and a project. It checks the user's role for this project and returns true if the user can perform the action and false if they cannot.

Types

actions()

@type actions() ::
  :access_admin_space | :edit_credential | :delete_credential | :delete_account

Functions

authorize(action, authenticated_user, account_user)

@spec authorize(actions(), Lightning.Accounts.User.t(), any()) :: boolean()

authorize/3 takes an action, a user, and a project. It checks the user's role for this project and returns true if the user can perform the action and false if they cannot.

Note that permissions are grouped by action.

We deny by default, so if a user's role is not added to the allow roles list for a particular action they are denied.