// Use when adding or modifying a model in pkg/models/ that needs CRUD operations or permission checks. Covers Can* method placement, CRUDable interface, and required test coverage.
| name | crudable |
| description | Use when adding or modifying a model in pkg/models/ that needs CRUD operations or permission checks. Covers Can* method placement, CRUDable interface, and required test coverage. |
| user-invocable | true |
Models in pkg/models/ that expose CRUD operations must implement the CRUDable interface and the permission methods. Permissions are enforced at the model level via Can* methods — never re-checked in route handlers.
Reference docs: read pkg/web/readme.md for the full interface definitions, DB session semantics, and call order. The interface lives at pkg/web/web.go. This skill is a checklist of what the review feedback surfaces on top of that.
CanRead(s *xorm.Session, a web.Auth) (bool, int, error)CanCreate(s *xorm.Session, a web.Auth) (bool, error)CanUpdate(s *xorm.Session, a web.Auth) (bool, error)CanDelete(s *xorm.Session, a web.Auth) (bool, error)Can* method. Do not re-implement the check inline or duplicate the logic in pkg/routes/.Look at pkg/models/project.go or pkg/models/task.go for reference implementations.
The initial querying of the data should happen in the Can* function. Because we're operating on a pointer, the function that does the work should not need to re-query the model data.
pkg/routes/ handlers instead of on the model.Create but forgetting CanUpdate / CanDelete because "only create is new right now".CanRead.CanUpdate and CanDelete — extract a helper.pkg/web/handler/ without a clear reason (the generic handler already invokes the Can* methods for you).Every Can* method needs both positive and negative coverage. Run with mage test:filter <TestName> while iterating.
pkg/web/handler/pkg/web/auth.go, pkg/models/permissions.gopkg/routes/api/v1/ and add Swagger annotations. Do not edit pkg/swagger/ directly — it's generated.