View Source Getting Started

Installation

Add the ash_rbac dependency to your mix.exs

defp deps do
  [
    {:ash_rbac, "~> 0.4.0"}
  ]
end

Adding AshRbac to your resource

First, the authorizer and the extension need to be added.

defmodule RootResource do
    @moduledoc false
    use Ash.Resource,
      data_layer: Ash.DataLayer.Ets,
      authorizers: [Ash.Policy.Authorizer], # Add the authorizer
      extensions: [AshRbac] # Add the extension
  ...
end

Afterwards, you can add a rbac block to your resource.

  rbac do
    role :user do
      fields [:name, :email]
      actions [:read]
    end
  end

The options defined in the rbac block are transformed into policies during compile time.

The previous example will generate the following policies:

field_policies do
  field_policy [:name, :email]do
    authorize_if {AshRbac.HasRole, [role: [:user]]}
  end

  # it also adds a policy for all other fields like this
  field_policy [:other_fields, ...] do
    forbid_if always()
  end
end

policies do
  policy [action(:read), {AshRbac.HasRole, [role: [:user]]}] do
    authorize_if always()
  end
end