AuvalOffice.Policy behaviour (auval_office v0.1.0)
Use to make a policy like:
defmodule MyPolicy do
use AuvalOffice.Policy
end
See the high-level docs in AuvalOffice
to understand what's going on.
Link to this section Summary
Callbacks
Function generated in a module that use
s this module.
Link to this section Types
authorization_result()
Specs
Link to this section Functions
Define a fetcher.
Takes an additional do
block, or a do:
expression.
Parameters
id
: An identifier to disambiguate this fetcherattr
: The attribute that will be set in the context. The fetcher will be skipped if there is already an attribute by this name in the context.
Options
subject
: A pattern to match against the subject being authorizedobject
: A pattern to match against the object being authorizedaction
: A pattern to match against the action being authorizedcontext
: A pattern to match against the context built up so farwhen
: A guard. The fetcher will be skipped if this evaluates to false. Can refer to variables bound in the matchers. Will be evaluated in the context of anif
block, so not limited to guard expressions.
Define a rule.
Takes an additional do
block, or a do:
expression.
Parameters
id
: An identifier to identify and disambiguate the rule.actions
: An action or list of action that is authorized (or forbidden) by this rule. The action:all
matches any action. This is not a pattern.subject
: A pattern matching the subject that this rule applies to. If the pattern does not match, the rule is skipped.object
: A pattern matching the object that this rule applies to. If the pattern does not match, the rule is skipped.options
: A keyword list of options as described below.
Options
action
: A pattern to bind the action to that is authorized. Only necessary for advanced matching or if you need to refer to the action in the body of the rule.context
: A pattern to match against the context of the authorization.when
: A guard expression. The rule is skipped if this expression evaluates to false. Can refer to any variable bound by the patterns passed to this macro. Will be evaluated in the context of anif
, so not limited to guard expressions.
Link to this section Callbacks
authorize(subject, object, action, context)
Specs
authorize( subject :: term(), object :: term(), action :: atom(), context :: map() ) :: authorization_result()
Function generated in a module that use
s this module.
Parameters
subject
: The subject that should be authorized.object
: The object that would be acted upon by the subject.action
: The action taken by the subject upen the object.context
: A map of additional information necessary to make an authorization decision. Defaults to the empty map%{}
if not given.
Return value
{:ok, deciding_rule, parameters}
:Returned when one rule returns a positive result. The rule that made the decision is identified by the second element, and any additional values returned by it are in the third element.
{:error, deciding_rule, parameters}
:Returned when one rule returns a negative result. The rule that made the decision is identified by the second element, and any additional values returned by it are in the third element. If no rule matched, the decision is considered negative, and the second element will be
:default_deny
.