IGrant
Defined in: src/types/IGrants.ts:9
A single grant rule for an action on a resource (the v3 Grant).
Multiple rules may exist per action (e.g. different conditions / attributes), so a resource’s action maps to an array of these.
Properties
Section titled “Properties”attributes
Section titled “attributes”attributes:
string[]
Defined in: src/types/IGrants.ts:11
Allowed attributes in glob notation, e.g. ['*', '!password'].
possession?
Section titled “possession?”
optionalpossession?:"own"|"any"
Defined in: src/types/IGrants.ts:16
Ownership scope. Omitted ⇒ 'any' (no ownership gate). 'own' is
enforced via the configured ownership resolver at check time.
condition?
Section titled “condition?”
optionalcondition?:ConditionJSON
Defined in: src/types/IGrants.ts:21
Optional declarative condition (JSON tree or { fn, args }) evaluated
against the check-time context. Omitted ⇒ unconditional.
effect?
Section titled “effect?”
optionaleffect?:"grant"|"deny"
Defined in: src/types/IGrants.ts:25
'grant' (default) adds access; 'deny' subtracts it (deny-overrides).