AuthShield v0.0.1 AuthShield.Authorization View Source
Implements a set of functions to deal with authorization requests.
Authorization is the function of specifying access rights/privileges to resources and checks if an authenticated subject can or not perform some action on the system.
We use an Role-based access control (RBAC) authorization where we give or remove privileges for users changing his set of roles and its defined permissions.
Link to this section Summary
Types
The type of check that will be performed on role or permission resources
Authorization possible responses
Functions
Authorize an resource user by its role permissions.
Authorize an resource user by its roles.
Link to this section Types
The type of check that will be performed on role or permission resources
responses()
View Sourceresponses() :: {:ok, :authorized} | {:error, :unauthorized}
Authorization possible responses
Link to this section Functions
authorize_permissions(user, permissions, opts \\ [])
View Sourceauthorize_permissions( user :: AuthShield.Resources.Schemas.User.t(), permissions :: [String.t()], opts :: check_opts() ) :: responses()
Authorize an resource user by its role permissions.
If the user is active and one of its roles has the given permission or, depending of the options,
one of the permissions it will return {:ok, :authorized}
otherwiese {:error, :unauthorized}
.
Exemples:
# Checking if the user has all the roles passed
AuthShield.Authorization.authorize_permissions(user, ["can_create_user"], rule: :all)
# Checking if the user one of the roles passed
AuthShield.Authorization.authorize_permissions(user, ["can_create_role", "can_create_permission"], rule: :any)
authorize_roles(user, roles, opts \\ [])
View Sourceauthorize_roles( user :: AuthShield.Resources.Schemas.User.t(), roles :: [String.t()], opts :: check_opts() ) :: responses()
Authorize an resource user by its roles.
If the user is active and has the given role or, depending of the options, one of the roles it
will return {:ok, :authorized}
otherwiese {:error, :unauthorized}
.
Exemples:
# Checking if the user has all the roles passed
AuthShield.Authorization.authorize_roles(user, ["admin"], rule: :all)
# Checking if the user one of the roles passed
AuthShield.Authorization.authorize_roles(user, ["admin", "root"], rule: :any)