Update README and add conduct and contributing docs

vincentvanbush · vincentvanbush · commit d3bb80e7b3bc · 2025-08-11T15:59:23.000+02:00
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -0,0 +1,14 @@
+# Code of Conduct
+
+Contact: [contact@curiosum.com][0]
+
+## Contributing to the Permit ecosystem
+
+In discussions and development regarding the project, the [Code of Conduct][0] applies for all of the [Permit][1], [Permit.Ecto][2], [Permit.Phoenix][3], [Permit.Absinthe][4] repositories as well as their communication channels, including GitHub issues and discussions as well as the [Elixir Slack channel][5].
+
+[0]: mailto:contact@curiosum.com?subject=Permit:%20Code%20of%20Conduct%20Report
+[1]: https://github.com/curiosum_dev/permit/
+[2]: https://github.com/curiosum_dev/permit_ecto/
+[3]: https://github.com/curiosum_dev/permit_phoenix/
+[4]: https://github.com/curiosum_dev/permit_absinthe/
+[5]: https://elixir-lang.slack.com/archives/C091Q5S0GDU
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,183 @@
+# Contributing to Permit.Ecto
+
+Thank you for your interest in contributing to Permit.Ecto! This document provides guidelines and information for contributors.
+
+## Code of Conduct
+
+This project adheres to a [Code of Conduct](CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code.
+
+## Getting started
+
+### Development environment
+
+#### Prerequisites
+
+* Elixir 1.12+ and OTP 24+
+  - _If implementing a proposed feature requires bumping Elixir or OTP, we're open to considering that._
+* Git
+* **PostgreSQL** - Required for running tests and development of Ecto-dependent features
+
+Developing and testing the `permit_ecto` package requires a running Postgres instance as this package provides database integration for Permit's authorization system.
+
+#### Setup
+
+1. Clone the repository and install dependencies:
+   ```bash
+   git clone https://github.com/curiosum-dev/permit_ecto.git
+   cd permit_ecto
+   mix deps.get
+   ```
+
+2. Set up your test database (configure in `config/test.exs`):
+   ```bash
+   MIX_ENV=test mix do ecto.create, ecto.migrate
+   ```
+
+3. Run tests to ensure everything is working:
+   ```bash
+   mix test
+   ```
+
+When running Credo and Dialyzer, please use `MIX_ENV=test` to ensure tests and support files are validated, too.
+
+## How to contribute
+
+### Before proceeding: where to discuss things?
+
+The best place to discuss fresh ideas for the library's future and ask any sorts of questions (not strictly constituting an issue as defined below) is the [Permit channel in Elixir's Slack workspace][0]. You can also use the appropriate [GitHub Discussions][1] channel. We're usually easiest approachable via Slack, though 😉
+
+For example, if you've got a general question about Permit.Ecto's development direction, or about its intended behaviour in a specific scenario, it's more convenient to open up a discussion on Slack (or use GitHub discussions) than to file an issue right away.
+
+However, if there's clearly a bug you'd like to report, or you have a specific feature idea that you'd like to explain, it's perfect material for a GitHub issue inside the project!
+
+### Reporting issues
+
+Before creating an issue, please:
+
+1. **Search existing issues** to avoid duplicates
+2. **Use the issue templates** when available
+3. **For bug reports, provide detailed information**:
+   - Elixir/OTP versions
+   - Permit.Ecto version
+   - Ecto and Postgres versions
+   - Minimal reproduction case
+   - Expected vs actual behavior
+4. **For feature requests, check against roadmap outlined in [main Permit README](https://github.com/curiosum-dev/permit/blob/master/README.md) and provide the following**:
+   - Purpose of the new feature
+   - Intended usage syntax (or pseudocode)
+   - Expected implementation complexity (if possible to gauge)
+   - Expected impact on other existing features and backward compatibility
+   - How it relates to Ecto query generation and authorization scoping
+
+### Pull requests
+
+#### Before you start
+
+- **Check existing PRs** to avoid duplicate work
+- **Open an issue** for discussion on significant changes (we follow the 1 issue <-> 1 PR principle)
+- **Follow our coding standards** (see below)
+
+#### PR process
+
+1. **Fork the repository** and create a feature branch
+2. **Make your changes** with clear, focused commits
+3. **Add tests** for new functionality
+4. **Update documentation** as needed, including README
+5. **Run the full test suite** as well as all static checks
+6. **Submit your PR** with a clear description
+
+#### PR Requirements
+
+- [ ] Code compiles without warnings (`mix compile --warnings-as-errors`)
+- [ ] Tests pass (`mix test`)
+  - _Includes added tests to new features and fixed bugs._
+  - _Tests pass for all combinations of tool versions covered by the CI matrix (see `.github/workflows/elixir.yml`)._
+- [ ] Code follows style guidelines (`MIX_ENV=test mix credo`)
+  - _Run Credo in test environment to ensure tests and support code adheres to style rules as well._
+- [ ] Types are correct (`MIX_ENV=test mix dialyzer`)
+  - _Run Credo in test environment to ensure tests and support code has correct typing as well._
+  - _Precise typing is encouraged for all newly added modules and functions._
+  - _Ignores are permitted with an inline comment with proper justification._
+- [ ] Documentation is updated: a bare minimum is updates to affected public API parts
+  - _Functions intended for usage by application code must have descriptions of arguments, purpose, and usage examples._
+  - _For crucial additions to features, README must also be updated._
+- [ ] Database tests include proper cleanup and isolation
+- [ ] Commit messages are clear and descriptive
+  - If already used throughout commit history, use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/).
+  - Otherwise, use single-line messages formatted as: `Commit purpose in imperative mode [#issue_number]`.
+    - Focus on what vs how, and keep it simple
+    - Example: `Fix incorrect query generation for has_many associations [#123]`
+
+## Development guidelines
+
+### Code style
+
+We use [Credo](https://github.com/rrrene/credo) for code analysis:
+
+```bash
+MIX_ENV=test mix credo
+```
+
+Key principles:
+- **Clarity over cleverness** - write readable code and avoid introducing new DSLs as much as possible. Permit.Ecto focuses on clean Ecto query generation from authorization rules. Prefer pure Elixir for easier debugging and code clarity. Use macros wisely and only when needed.
+* **Minimal dependencies** - Permit.Ecto should only rely on what's needed for its Ecto integration scope. Core Permit functionality belongs in the main `permit` package, while Phoenix-specific features belong in `permit_phoenix`.
+- **Follow Elixir conventions** - use standard patterns and don't fight the platform. Avoid [common Elixir anti-patterns](https://hexdocs.pm/elixir/what-anti-patterns.html). Write functional, idiomatic Elixir code.
+- **Follow Ecto conventions** - use Ecto query patterns appropriately, handle dynamic queries safely, and ensure proper query composition.
+- **Avoid RDBMS-specific features** - whenever possible, implement features in a way that's independent on whether Postgres, MySQL or any other DB is used.
+- **Document public APIs** - include `@doc` and `@moduledoc` written as if you were the one who is to read them. Avoid `@moduledoc false` unless a module is deeply private. As long as typing in Elixir relies on Dialyzer, do type with `@spec` extensively, use `Permit.Types` and `Permit.Ecto.Types` wherever applicable, and avoid typing with the likes of `map()`,  `any()`, or `term()` where possible.
+- **Handle errors gracefully** - always consider what's the correct scheme of error propagation. There is no globally assumed convention of whether to use error tuples or exceptions, you should use whatever feels appropriate and in line with adjacent elements of the system.
+
+### Testing
+
+- **Write tests for all new functionality and bug fixes**
+- **Maintain high test coverage**
+- **Use descriptive test names**
+- **Test both success and failure cases**
+- **Test query generation correctness** - ensure generated Ecto queries match expected authorization scoping
+- **Test association handling** - verify proper query generation for has_one, has_many, and belongs_to relationships
+- **Clean up test data** - use correct setup to ensure tests don't leave side effects in the database
+
+### Commit messages
+
+Follow [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) format if already used in the repository. Otherwise, write single-line messages in imperative mode and mark related issue number with [#number].
+
+### Branching strategy
+
+Follow [Conventional Branch](https://conventional-branch.github.io/) format if already used in the repository. Otherwise, use `issue_number-issue_name` as branch names. Create feature branches off `main` or `master` and avoid a nested branch tree.
+
+## Release process
+
+Releases are handled by maintainers:
+
+1. Version bump in `mix.exs`
+2. Update `CHANGELOG.md`
+3. Create GitHub release
+4. Publish to Hex.pm
+
+## Community
+
+### Getting help
+
+- [Elixir Slack channel][0] - for chat, questions and general discussion
+- [GitHub Discussions][1] - for questions and general discussion
+- [GitHub Issues][2] - for bug reports and feature requests
+- [Curiosum Blog][3] - for updates, tutorials and other content
+
+### Recognition
+
+We are eager to publicly recognize your valuable input as a Permit.Ecto contributor! Your contributions will be highlighted in subsequent release notes, as well as blog posts announcing community contributions.
+
+## Questions?
+
+Feel free to:
+- Ping us on [Elixir Slack][0]
+- Open a [GitHub Discussion](https://github.com/curiosum-dev/permit/discussions)
+- Contact us at [Curiosum](https://curiosum.com/contact)
+- Check our [blog](https://curiosum.com/blog) for updates
+
+Thank you for contributing to Permit.Ecto! 🎉
+
+[0]: https://elixir-lang.slack.com/archives/C091Q5S0GDU
+[1]: https://github.com/curiosum-dev/permit/discussions
+[2]: https://github.com/curiosum-dev/permit_ecto/issues
+[3]: https://curiosum.com/blog?search=permit
diff --git a/README.md b/README.md
@@ -1,17 +1,38 @@
-# Permit.Ecto
+<div align="center">
+  <img src="https://github.com/user-attachments/assets/f0352656-397d-4d90-999a-d3adbae1095f">
+
+  # Permit.Ecto
+  <p><strong>Ecto integration for Permit - Convert permissions to Ecto queries with automatic authorization scoping.
+</strong></p>
+
+  [![Contact Us](https://img.shields.io/badge/Contact%20Us-%23F36D2E?style=for-the-badge&logo=maildotru&logoColor=white&labelColor=F36D2E)](https://curiosum.com/contact)
+  [![Visit Curiosum](https://img.shields.io/badge/Visit%20Curiosum-%236819E6?style=for-the-badge&logo=elixir&logoColor=white&labelColor=6819E6)](https://curiosum.com/services/elixir-software-development)
+  [![License: MIT](https://img.shields.io/badge/License-MIT-1D0642?style=for-the-badge&logo=open-source-initiative&logoColor=white&labelColor=1D0642)]()
+</div>
+
+
+<br/>
+
+## Purpose and usage
+
+Permit.Ecto integrates [`Permit`](https://github.com/curiosum-dev/permit) with Ecto, providing means to convert permissions to Ecto queries and automatically constructing `Ecto.Query` scopes to preload records that meet authorization criteria.
+
+Key features:
+- **Automatic query generation** - Convert Permit permissions into Ecto queries
+- **Authorization scoping** - Automatically scope database queries based on user permissions
+- **Association support** - Handle has_one, has_many, and belongs_to relationships in permission rules
+- **Seamless integration** - Works with Permit.Phoenix for automatic controller and LiveView authorization
 
 [![Hex version badge](https://img.shields.io/hexpm/v/permit_ecto.svg)](https://hex.pm/packages/permit_ecto)
 [![Actions Status](https://github.com/curiosum-dev/permit_ecto/actions/workflows/elixir.yml/badge.svg)](https://github.com/curiosum-dev/permit_ecto/actions)
 [![Code coverage badge](https://img.shields.io/codecov/c/github/curiosum-dev/permit_ecto/master.svg)](https://codecov.io/gh/curiosum-dev/permit_ecto/branch/master)
 [![License badge](https://img.shields.io/hexpm/l/permit_ecto.svg)](https://github.com/curiosum-dev/permit_ecto/blob/master/LICENSE.md)
 
-Integrates [`Permit`](https://github.com/curiosum-dev/permit) with Ecto, providing means to convert permissions to Ecto queries, automatically constructing `Ecto.Query` scopes to preload records that meet authorization criteria.
-
 ## Dependencies and related libraries
 
 `Permit.Ecto` depends on `Permit`. It can be used to build custom integrations or in conjunction with `Permit.Phoenix`, which uses the generated `accessible_by/4` functions to automatically preload, authorize and inject records loaded via Ecto into controller assigns (see more in [`Permit.Phoenix documentation`](https://github.com/curiosum-dev/permit_phoenix)).
 
-## Configuration
+## Usage
 
 ```elixir
 defmodule MyApp.Authorization do
@@ -63,6 +84,33 @@ iex> MyApp.Permissions.accessible_by!(%MyApp.Users.User{id: 3, role: :admin}, :u
 [%MyApp.Blog.Article{id: 1, ...}, %MyApp.Blog.Article{id: 2, ...}, %MyApp.Blog.Article{id: 3, ...}]
 ```
 
+### Quick authorization checks
+
+Generate Ecto queries based on permissions for direct database querying:
+
+```elixir
+# Generate query scoped to user permissions
+query = MyApp.Authorization.accessible_by!(current_user, :read, Article)
+articles = MyApp.Repo.all(query)
+
+# Use with pagination and other Ecto features
+query
+|> where([a], a.published == true)
+|> order_by([a], desc: a.inserted_at)
+|> limit(10)
+|> MyApp.Repo.all()
+```
+
+## Ecosystem
+
+Permit.Ecto is part of the modular Permit ecosystem:
+
+| Package | Version | Description |
+|---------|---------|-------------|
+| **[permit](https://hex.pm/packages/permit)** | [![Hex.pm](https://img.shields.io/hexpm/v/permit.svg)](https://hex.pm/packages/permit) | Core authorization library |
+| **[permit_ecto](https://hex.pm/packages/permit_ecto)** | [![Hex.pm](https://img.shields.io/hexpm/v/permit_ecto.svg)](https://hex.pm/packages/permit_ecto) | Ecto integration for database queries |
+| **[permit_phoenix](https://hex.pm/packages/permit_phoenix)** | [![Hex.pm](https://img.shields.io/hexpm/v/permit_phoenix.svg)](https://hex.pm/packages/permit_phoenix) | Phoenix Controllers & LiveView integration |
+| **[permit_absinthe](https://github.com/curiosum-dev/permit_absinthe)** | [![Hex.pm](https://img.shields.io/hexpm/v/permit_absinthe.svg)](https://hex.pm/packages/permit_absinthe) | GraphQL API authorization via Absinthe |
 
 ## Installation
 
@@ -71,10 +119,39 @@ The package can be installed by adding `permit_ecto` to your list of dependencie
 ```elixir
 def deps do
   [
-    {:permit_ecto, "~> 0.2.4"}
+    {:permit, "~> 0.3.0"},        # Core authorization library
+    {:permit_ecto, "~> 0.2.4"}    # Ecto integration
   ]
 end
 ```
 
-The docs can be found at <https://hexdocs.pm/permit_ecto>.
+For a complete setup with Phoenix or Absinthe integration, add `:permit_phoenix` or `:permit_absinthe`.
+
+## Documentation
+
+- **Permit.Ecto docs**: [hexdocs.pm/permit_ecto](https://hexdocs.pm/permit_ecto)
+- **Core library**: [hexdocs.pm/permit](https://hexdocs.pm/permit)
+
+## Contributing
+
+We welcome contributions! Please see our [Contributing Guide](https://github.com/curiosum-dev/permit_ecto/blob/master/CONTRIBUTING.md) for details.
+
+### Development setup
+
+Just clone the repository, install dependencies normally, develop and run tests. When running Credo and Dialyzer, please use `MIX_ENV=test` to ensure tests and support files are validated, too.
+
+### Community
+
+- **Slack channel**: [Elixir Slack / #permit](https://elixir-lang.slack.com/archives/C091Q5S0GDU)
+- **Issues**: [GitHub Issues](https://github.com/curiosum-dev/permit_ecto/issues)
+- **Discussions**: [GitHub Discussions](https://github.com/curiosum-dev/permit/discussions)
+- **Blog**: [Curiosum Blog](https://curiosum.com/blog?search=permit)
+
+## Contact
+
+* Library maintainer: [Michał Buszkiewicz](https://github.com/vincentvanbush)
+* [**Curiosum**](https://curiosum.com) - Elixir development team behind Permit
+
+## License
 
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
