IPolicy
Defined in: src/types/IAccessControlOptions.ts:109
Authorization model — how the engine should interpret your grants for
your domain: how ownership is determined, and how strict the vocabulary is.
Constructor-only. Compare with IEngine (library mechanics) and
context (condition data).
Properties
Section titled “Properties”ownerField?
Section titled “ownerField?”
optionalownerField?:string
Defined in: src/types/IAccessControlOptions.ts:115
Field on the resource record that holds the owner id. Ownership is
context.user.id === context.<resource>[ownerField]. Ignored if
IPolicy.owner is set.
owner?
Section titled “owner?”
optionalowner?:OwnerResolver
Defined in: src/types/IAccessControlOptions.ts:119
Custom ownership resolver. Wins over IPolicy.ownerField.
strict?
Section titled “strict?”
optionalstrict?:boolean|IStrictOptions
Defined in: src/types/IAccessControlOptions.ts:128
Strict-mode switches. true = all on, false = all lenient, or an
object for per-key control. Defaults: checks and roles on (secure),
actions and resources off (an ungranted action/resource denies, it
doesn’t throw). Enable actions/resources for loud typo-protection —
ideally with setup() declaring your vocabulary — and pair with
AccessControl#tryCan on the request path.
actions?
Section titled “actions?”
optionalactions?:string[]
Defined in: src/types/IAccessControlOptions.ts:134
Optional explicit allow-list of custom action names, added to the
strict-mode known set (CRUD is always known). Equivalent to declaring them
with setup({ actions }).
resources?
Section titled “resources?”
optionalresources?:string[]
Defined in: src/types/IAccessControlOptions.ts:136
Optional explicit allow-list of resource names for strict mode.