Doorboy is a simple and lightweight library for authorization.
Authorization-Function
- can be freely named
- is recommended to be named with corresponding controller's action name.
if Authorization-Function returns true, it returns {:ok, nil}. if not, it returns {:error, :unauthorized}.
defmodule Sample.HogeControllerPolicy do
# Authorization-Function
#
# If this function returns true. Function 'authorize' in your controller returns {:ok, nil}
# If this function returns false . Function 'authorize' in your controller returns {:error, :unauthorized}
def update(user: user, clip: clip) do
user.id == clip.user_id
end
end
- set "use Doorboy, policy: YourPolicyFile" in your Controller
- call authorize method wherever you like.
defmodule Sample.HogeController do
use Doorboy, policy: Sample.HogeControllerPolicy
def update(conn, params) do
with {:ok, clip} <- Hoge.fetch_clip(params.id),
{:ok, _} <- authorize(:update, user: conn.assigns.current_user, clip: clip), #authorize!
...
do
...
else
{:error, :unauthorized} -> ...
end
end
end
authorize(authorize_function_name, opts)
authorize(:update, user: user, clips: clips)
# returns {:ok, nil} or {:error, :unauthorized}
authorize!(authorize_function_name, opts)
authorize!(:update, user: user, clips: clips)
# returns {:ok, nil} or raise AuthorizationError
The package can be installed by adding doorman
to your list of dependencies in mix.exs
:
def deps do
[
{:doorboy, "~> 0.1.1"}
]
end
Documentation can be generated with ExDoc and published on HexDocs. Once published, the docs can be found at https://hexdocs.pm/doorman.