Openmaize v0.10.0 Openmaize.AccessControl

Function plugs to handle authorization.

The functions in this module need to be run after the Openmaize.Authenticate plug, as they use the current_user value in conn.assigns.

With all of these functions, if the current_user is nil, or if there is any other error, the connection will be halted. If the redirects option is set to true, which is the default, the user will be redirected to the login page.

Summary

Functions

Verify that the user is authorized to access the requested page / resource

Verify that the user, based on the user id, is authorized to access the requested page / resource

Functions

authorize(conn, opts)

Verify that the user is authorized to access the requested page / resource.

This check is based on user role.

This function has two options:

  • roles - a list of permitted roles
  • redirects - if true, which is the default, redirect on login / logout

Examples with Phoenix

In the relevant controller.ex file:

import Openmaize.AccessControl

Only allow users with the role “admin” to access the pages in that module:

plug :authorize, roles: ["admin"]

Only allow users with the role “admin” to access the create and update pages (this means that the other pages are unprotected):

plug :authorize, roles: ["admin"] when action in [:create, :update]

Allow users with the role “admin” or “user” to access pages, and set redirects to false:

plug :authorize, roles: ["admin", "user"], redirects: false
authorize_id(conn, opts)

Verify that the user, based on the user id, is authorized to access the requested page / resource.

This check only performs a check to see if the user id is correct. You will need to use the authorize plug to verify the user’s role.

This function has one option:

  • redirects - if true, which is the default, redirect on login / logout