AuthShield v0.0.2 AuthShield.Authorization View Source

Implements a set of functions to deal with authorization requests.

Authorization is the function of specifying access rights/privileges to resources and checks if an authenticated subject can or not perform some action on the system.

We use an Role-based access control (RBAC) authorization where we give or remove privileges for users changing his set of roles and its defined permissions.

Link to this section Summary

Types

The type of check that will be performed on role or permission resources

Authorization possible responses

Functions

Authorize an resource user by its role permissions.

Authorize an resource user by its roles.

Link to this section Types

Link to this type

check_opts()

View Source
check_opts() :: [{:rule, :all | :any}]

The type of check that will be performed on role or permission resources

Link to this type

responses()

View Source
responses() :: {:ok, :authorized} | {:error, :unauthorized}

Authorization possible responses

Link to this section Functions

Link to this function

authorize_permissions(user, permissions, opts \\ [])

View Source
authorize_permissions(
  user :: AuthShield.Resources.Schemas.User.t(),
  permissions :: [String.t()],
  opts :: check_opts()
) :: responses()

Authorize an resource user by its role permissions.

If the user is active and one of its roles has the given permission or, depending of the options, one of the permissions it will return {:ok, :authorized} otherwiese {:error, :unauthorized}.

Exemples:

  # Checking if the user has all the roles passed
  AuthShield.Authorization.authorize_permissions(user, ["can_create_user"], rule: :all)

  # Checking if the user one of the roles passed
  AuthShield.Authorization.authorize_permissions(user, ["can_create_role", "can_create_permission"], rule: :any)
Link to this function

authorize_roles(user, roles, opts \\ [])

View Source
authorize_roles(
  user :: AuthShield.Resources.Schemas.User.t(),
  roles :: [String.t()],
  opts :: check_opts()
) :: responses()

Authorize an resource user by its roles.

If the user is active and has the given role or, depending of the options, one of the roles it will return {:ok, :authorized} otherwiese {:error, :unauthorized}.

Exemples:

  # Checking if the user has all the roles passed
  AuthShield.Authorization.authorize_roles(user, ["admin"], rule: :all)

  # Checking if the user one of the roles passed
  AuthShield.Authorization.authorize_roles(user, ["admin", "root"], rule: :any)