terminator v0.2.0 Terminator View Source
Main Terminator module for including macros
Terminator has 3 main components:
Terminator.Ability
- Representation of a single permission e.g. :view, :delete, :updateTerminator.Performer
- Main actor which is holding given abilitiesTerminator.Role
- Grouped set of multiple abilities, e.g. :admin, :manager, :editor
Relations between models
Terminator.Performer
-> Terminator.Ability
[1-n] - Any given performer can hold multiple abilities
this allows you to have very granular set of abilities per each performer
Terminator.Performer
-> Terminator.Role
[1-n] - Any given performer can act as multiple roles
this allows you to manage multple sets of abilities for multiple performers at once
Terminator.Role
-> Terminator.Ability
[m-n] - Any role can have multiple abilities therefore
you can have multiple roles to have different/same abilities
Calculating abilities
Calculation of abilities is done by OR and DISTINCT abilities. That means if you have
Role[:admin, abilities: [:delete]]
, Role[:editor, abilities: [:update]]
, Role[:user, abilities: [:view]]
and all roles are granted to single performer, resulting abilities will be [:delete, :update, :view]
Available permissions
Terminator.has_ability/1
- Requires single ability to be present on performerTerminator.has_role/1
- Requires single role to be present on performer
Link to this section Summary
Functions
Macro for wrapping protected code
Requires an ability within permissions block
Requires a role within permissions block
Returns authorization result on collected performer and required roles/abilities
Macro for defining required permissions
Link to this section Functions
as_authorized(list) View Source (macro)
Macro for wrapping protected code
Example
defmodule HelloTest do
use Terminator
def test_authorization do
as_authorized do
IO.inspect("This code is executed only for authorized performer")
end
end
end
has_ability(ability) View Source
Requires an ability within permissions block
Example
defmodule HelloTest do
use Terminator
def test_authorization do
permissions do
has_ability(:can_run_test_authorization)
end
end
end
has_role(role) View Source
Requires a role within permissions block
Example
defmodule HelloTest do
use Terminator
def test_authorization do
permissions do
has_role(:admin)
end
end
end
is_authorized?()
View Source
is_authorized?() :: :ok | {:error, String.t()}
is_authorized?() :: :ok | {:error, String.t()}
Returns authorization result on collected performer and required roles/abilities
Example
defmodule HelloTest do
use Terminator
def test_authorization do
case is_authorized? do
:ok -> "Performer is authorized"
{:error, message: _message} -> "Performer is not authorized"
end
end
permissions(list) View Source (macro)
Macro for defining required permissions
Example
defmodule HelloTest do
use Terminator
def test_authorization do
permissions do
has_role(:admin)
has_ability(:view)
end
end
end