Gardien v0.0.2 Gardien.Authorize

Gardien.Authorize can be use-d in order to implement a more descriptive Gardien.Policy:

defimpl Gardien.Policy, for: MyApplication.Post do
  use Gardien.Authorize

  def new(_resource, _user) do
    true
  end

  def edit(resource, user) do
    user.id == resource.user_id
  end

  def update(resource, user) do
    edit(resource, user)
  end

  ...
end

In case you’re building a closed system, where only logged in users are able to do anything, you can define your own Authorize:

defmodule MyApplication.Authorize do
  defmacro __using__(_opts) do
    def authorize?(_resource, _action, user) when is_nil(user), do
      do: false
    def authorize?(resource, action, user),
      do: apply(__MODULE__, action, [resource, user])
  end
end

defimpl Gardien.Policy, for: MyApplication.Post do
  use MyApplication.Authorize

  ...
end