Authorization over compiled handles.
Use ExCedar.authorize/4 for a stateless one-shot call. Use this module
when you need to authorize multiple requests against the same pre-compiled
PolicySet and Entities without recompiling on each call.
Example
{:ok, ps} = ExCedar.PolicySet.compile(policy_text)
{:ok, ents} = ExCedar.Entities.from_list(entities)
{:ok, %ExCedar.Decision{decision: :allow}} =
ExCedar.Authorizer.authorize(ps, ents, request)Pass schema: (a compiled ExCedar.Schema handle) to validate the request
shape and enable type-aware evaluation.
Summary
Functions
Runs authorization over compiled policy_set and entities handles.
Like authorize/4 but returns %ExCedar.Decision{} directly and raises on error.
Functions
@spec authorize(term(), term(), ExCedar.Request.t(), keyword()) :: {:ok, ExCedar.Decision.t()} | {:error, term()}
Runs authorization over compiled policy_set and entities handles.
Options:
:schema— a compiledExCedar.Schemahandle; validates the request against the schema before evaluating.
Returns {:ok, %ExCedar.Decision{}} on success, or
{:error, %ExCedar.Error.Invalid{}} if the request is invalid (e.g.
principal type not in schema).
Emits [:ex_cedar, :authorize, :start | :stop | :exception] telemetry —
see ExCedar.Telemetry.
@spec authorize!(term(), term(), ExCedar.Request.t(), keyword()) :: ExCedar.Decision.t()
Like authorize/4 but returns %ExCedar.Decision{} directly and raises on error.