Skip to content
SWEny

Access Control

import { allowAllGuard, roleBasedGuard, AccessLevel } from "@swenyai/providers/access";

Interface

Section titled “Interface”
interface AccessGuard {
  resolveAccessLevel(user: UserIdentity): AccessLevel;
  assertNotForbidden(user: UserIdentity): void;
  assertCanQuery(user: UserIdentity): void;
  assertCanMutate(user: UserIdentity): void;
}


enum AccessLevel {
  FORBIDDEN = "forbidden",
  READ_ONLY = "read_only",
  READ_WRITE = "read_write",
  ADMIN = "admin",
}

Allow All

Section titled “Allow All”

Grants READ_WRITE to every user:

const guard = allowAllGuard();

Role-Based

Section titled “Role-Based”

Maps user roles to access levels:

const guard = roleBasedGuard({
  admin: ["platform-admin", "superuser"],
  readWrite: ["engineer", "developer"],
  readOnly: ["viewer", "support"],
});

Users with no matching roles are FORBIDDEN. Throws AccessDeniedError on assertion failures.