access_decision_manager v0.2.1 AccessDecisionManager.Voter behaviour

Voters must implement the Voter behavior, which means they have to implement a vote function.

All voters set in the config are called for every granted? call. If the attribute and subjects are not supported by the voter, then return :access_abstain.

defmodule Mypp.Auth.FooVoter do
  @behaviour AccessDecisionManager.Voter
  def vote(_primary_subject, _attribute, _secondary_subject), do :access_abstain
end

Link to this section Summary

Callbacks

This method does the actual voting

Link to this section Callbacks

Link to this callback vote(subject, attribute, subject)
vote(subject :: struct(), attribute :: String.t(), subject :: struct()) ::
  :access_granted |
  :access_denied |
  :access_abstain

This method does the actual voting.

One of the following atoms must returned:

  • :access_granted
  • :access_denied
  • :access_abstain

Examples

Check a user’s permission to edit a blog post:

vote(current_user, "EDIT", blog)

Check a user’s permission to delete a blog post’s comments

vote(current_user, "DELETE_COMMENTS", blog)

Check if a user has a particular role:

vote(current_user, "ROLE_ADMIN", nil)

The attribute names are entirely arbitrary. Make them up to suit your needs!