Getting Started

Config

In config.exs

# Access Decision Manager (permission voting)
config :access_decision_manager,
  voters: [MyApp.Auth.FooVoter]

Voter

defmodule MyApp.Auth.FooVoter do

  alias MyApp.User

  @behaviour AccessDecisionManager.Voter
  
  @supported_attributes [
    "CREATE_FOO",
    "UPDATE_FOO",
    "DELETE_FOO"
  ]

  def vote(%User{} = user, attribute, %Foo{} = foo) when attribute in @supported_attributes do
    op_allowed(user, attribute, foo)
  end
  def vote(_primary_subject, _attribute, _secondary_subject), do: :access_abstain

  defp op_allowed(%User{} = user, "CREATE_BAR", %Foo{} = foo) do
    # your permission logic goes here (db checks, etc.)
    :access_granted
  end
  defp op_allowed(%User{} = user, "UPDATE_BAR", %Foo{} = foo) do
    # your permission logic goes here (db checks, etc.)
    :access_granted
  end
  defp op_allowed(%User{} = user, "DELETE_BAR", %Foo{} = foo) do
    # your permission logic goes here (db checks, etc.)
    :access_granted
  end
end

Controller

defmodule MyAppWeb.FooController do

  import AccessDecisionManager

  def create_foo(conn) do
    if granted?(conn.assigns.current_user, "CREATE_FOO") do
      # permission granted, create some foo
    else
      # permission denied, no foo for you
    end
  end
end