RephiWeb.Auth.AuthorizationPlug (Rephi v0.0.2)

View Source

Phoenix plugs for authorization checks in controllers.

This module provides various plugs to protect controller actions based on user permissions and roles. The plugs integrate with the authorization system to check user permissions before allowing access to protected actions.

Usage

Add authorization plugs to your controller:

defmodule MyAppWeb.UserController do
  use MyAppWeb, :controller

  # Protect specific actions
  plug AuthorizationPlug, {:permission, "users:edit"} when action in [:edit, :update]
  plug AuthorizationPlug, {:role, "admin"} when action in [:delete]

  # Multiple permission checks
  plug AuthorizationPlug, {:any_permission, ["users:create", "users:edit"]}
  plug AuthorizationPlug, {:all_permissions, ["users:edit", "system:manage"]}

  # Your controller actions...
end

Response Codes

  • 401 Unauthorized - User is not authenticated
  • 403 Forbidden - User is authenticated but lacks required permissions

Summary

Functions

Plug to use in controllers for authorization. Call with :init_options set to {:permission, "permission:slug"} or {:role, "role_slug"}

Ensures the current user has all of the specified permissions.

Ensures the current user has any of the specified permissions.

Ensures the current user has the specified permission.

Ensures the current user has the specified role.

Functions

call(conn, arg)

init(opts)

Plug to use in controllers for authorization. Call with :init_options set to {:permission, "permission:slug"} or {:role, "role_slug"}

Examples

# In a controller
plug RephiWeb.Auth.AuthorizationPlug, {:permission, "users:edit"}
plug RephiWeb.Auth.AuthorizationPlug, {:role, "admin"}
plug RephiWeb.Auth.AuthorizationPlug, {:any_permission, ["users:edit", "users:create"]}
plug RephiWeb.Auth.AuthorizationPlug, {:all_permissions, ["users:edit", "system:manage"]}

require_all_permissions(conn, permission_slugs)

Ensures the current user has all of the specified permissions.

Examples

# In a controller
plug RephiWeb.Auth.AuthorizationPlug, :require_all_permissions, ["users:edit", "system:manage"]

require_any_permission(conn, permission_slugs)

Ensures the current user has any of the specified permissions.

Examples

# In a controller
plug RephiWeb.Auth.AuthorizationPlug, :require_any_permission, ["users:edit", "users:create"]

require_permission(conn, permission_slug)

Ensures the current user has the specified permission.

Returns 401 if user is not authenticated, 403 if user lacks the permission.

Parameters

  • conn - The Plug.Conn struct
  • permission_slug - The permission slug to check (e.g., "users:edit")

Examples

# Direct function call (not recommended)
conn = require_permission(conn, "users:edit")

# Use as plug (recommended)
plug AuthorizationPlug, {:permission, "users:edit"}

require_role(conn, role_slug)

Ensures the current user has the specified role.

Examples

# In a controller
plug RephiWeb.Auth.AuthorizationPlug, :require_role, "admin"