aegis v0.1.0 Aegis.Policy behaviour View Source
Provides behavior that individual policy modules should adopt.
Usage:
defmodule SomeResource.Policy do
@behaviour Aegis.Policy
def authorize(user, action, resource)
def scope(user, scope, action)
end
Link to this section Summary
Functions
This macro allows another module to inherit Aegis.Policy
behaviour
Link to this section Functions
This macro allows another module to inherit Aegis.Policy
behaviour.
Examples:
iex> defmodule Some.Policy do
...> use Aegis.Policy
...> def authorize(%{admin: true}, _action, _resource), do: true
...> def authorize(%{admin: false, id: id}, _action, %{user_id: user_id}) when id == user_id, do: true
...> def authorize(_user, _action, _resource), do: false
...> def scope(%{admin: true}, _resource_scope, _action), do: :admin_scope
...> def scope(_user, _resource_scope, _action), do: :some_scope
...> end
iex> admin = %{id: 1, admin: true}
iex> non_admin = %{id: 2, admin: false}
iex> resource_a = %{user_id: 1}
iex> resource_b = %{user_id: 2}
iex> resource_c = %{user_id: 3}
iex> resource_scope = %{from: "resources"}
iex> Some.Policy.authorize(admin, nil, resource_a)
true
iex> Some.Policy.authorize(admin, nil, resource_b)
true
iex> Some.Policy.authorize(admin, nil, resource_c)
true
iex> Some.Policy.authorize(non_admin, nil, resource_a)
false
iex> Some.Policy.authorize(non_admin, nil, resource_b)
true
iex> Some.Policy.authorize(non_admin, nil, resource_c)
false
iex> Some.Policy.scope(admin, resource_scope, nil)
:admin_scope
iex> Some.Policy.scope(non_admin, resource_scope, nil)
:some_scope