policy_wonk

Build Status Hex.pm Hex.pm Hex.pm

PolicyWonk is a lightweight authorization and resource loading library for any Plug or Phoenix application. Authorization (Auth-Z) is the process of deciding what a user/entity is allowed to do after they’ve been authenticated.

What’s coming

I’m working on changes (as time allows) to make Policy Wonk work well in Phoenix 1.3 umbrella applications. This will probably mean a small number of breaking changes, so may be a major version number bump.

Also re-thinking error flow given Phoenix 1.3’s cool new controller actions and how they recover from errors. If you use Policy Wonk and have opinions on how you would like to see this work, this is a good time to make suggestions…

Setup

Add policy_wonk to the deps section of your application’s mix.exs file

defp deps do
  [
    # ...
    {:policy_wonk, "~> 0.2"}
    # ...
  ]
end

Don’t forget to run mix deps.get

Plugs

PolicyWonk provides three main plugs.

Decisions are made before controller actions are called, isolating authorization logic, encouraging policy re-use, and reducing the odds of messing Auth-Z up as you develop your controllers.

In a router:

  pipeline :browser_session do
    plug PolicyWonk.LoadResource, :current_user
    plug PolicyWonk.Enforce, :current_user
  end

  pipeline :admin do
    plug PolicyWonk.Enforce, {:user_permission, "admin"}
  end

In a controller:

  plug PolicyWonk.Enforce, {:user_permission, "admin_content"}
  plug PolicyWonk.EnforceAction

Tutorial

You can read a full tutorial on setting up and using policy wonk here.

Documentation

You can read the full documentation here.