Dynamic user roles

[lynaghk]

Allow :roles to be a function, which will be executed with no args and assumed to return a collection of roles each time user authorizations are checked.

This allows, e.g., promoting a user to a new role without forcing a logout+login.

Closes #21.

[lynaghk]

Actually, I'd like to split out the roles accessor into its own function:

(defn roles [identity]
  (let [granted-roles (-> identity current-authentication :roles)]
    (if (fn? granted-roles)
      (granted-roles)
      granted-roles)))

I'd like to dispatch against a user's roles manually.
E.g., if the user has the "free-user" role and tries to access the "/paid-content" context, I can redirect him or her to "/buy" in the unauthorized handler.

Or is that approach asking for trouble?

[lynaghk]

Re: our in-person conversation, handling the dispatch against user-roles manually sounds good, so disregard the previous comment.

For Internet posterity, here's what that'd look like:

(if (friend/authorized? #{::db/member} (friend/identity req))
  (members-handler req)
  (redirect "/buy"))