ExCedar.Authorizer (ex_cedar v0.1.2)

Copy Markdown View Source

Authorization over compiled handles.

Use ExCedar.authorize/4 for a stateless one-shot call. Use this module when you need to authorize multiple requests against the same pre-compiled PolicySet and Entities without recompiling on each call.

Example

{:ok, ps}   = ExCedar.PolicySet.compile(policy_text)
{:ok, ents} = ExCedar.Entities.from_list(entities)
{:ok, %ExCedar.Decision{decision: :allow}} =
  ExCedar.Authorizer.authorize(ps, ents, request)

Pass schema: (a compiled ExCedar.Schema handle) to validate the request shape and enable type-aware evaluation.

Summary

Functions

Runs authorization over compiled policy_set and entities handles.

Like authorize/4 but returns %ExCedar.Decision{} directly and raises on error.

Functions

authorize(policy_set, entities, req, opts \\ [])

@spec authorize(term(), term(), ExCedar.Request.t(), keyword()) ::
  {:ok, ExCedar.Decision.t()} | {:error, term()}

Runs authorization over compiled policy_set and entities handles.

Options:

  • :schema — a compiled ExCedar.Schema handle; validates the request against the schema before evaluating.

Returns {:ok, %ExCedar.Decision{}} on success, or {:error, %ExCedar.Error.Invalid{}} if the request is invalid (e.g. principal type not in schema).

Emits [:ex_cedar, :authorize, :start | :stop | :exception] telemetry — see ExCedar.Telemetry.

authorize!(policy_set, entities, req, opts \\ [])

@spec authorize!(term(), term(), ExCedar.Request.t(), keyword()) ::
  ExCedar.Decision.t()

Like authorize/4 but returns %ExCedar.Decision{} directly and raises on error.