Datacop.Policy behaviour (datacop v0.1.4)

Where authorization rules live.

Typically the callbacks are designed to be used by Datacop.permit/4 and are not called directly.

The only requirement is to implement the authorize/3 callback:

defmodule MyApp.MyContext do
  @behaviour Datacop.Policy

  def authorize(action, user, params) do
    # Return :ok or true to permit
    # Return {:error, reason}, or false to deny
    # Return {:dataloader, data} to process data in the Dataloader
  end
end

To perform authorization checks, use Datacop.permit/4:

with :ok <- Datacop.permit(MyApp.MyContext, :action_name, user, subject: :value) do
  # ...
end

if Datacop.permit?(MyApp.MyContext, :action_name, user, subject: :value) do
  # ...
end

If you want to define the callbacks in another module, you can use defdelegate:

defmodule MyApp.MyContext do
  defdelegate authorize(action, user, params), to: MyApp.MyContext.Policy
end

Summary

Types

Link to this type

dataloader_result()

@type dataloader_result() ::
  {:dataloader, %{source_name: module(), batch_key: any(), inputs: any()}}

Callbacks

Link to this callback

authorize(action, actor, subject)

@callback authorize(Datacop.action(), Datacop.actor(), subject :: any()) ::
  :ok | {:error, String.Chars.t()} | boolean() | dataloader_result()