# `PgRest.Authorization`
[🔗](https://github.com/agoodway/pgrest/blob/v0.1.0/lib/pg_rest/authorization.ex#L1)

Behavior for pluggable authorization in PgRest.

Implement this behavior to add runtime permission checks to your PgRest resources.

## Usage

    defmodule MyApp.PgRestAuth do
      @behaviour PgRest.Authorization

      @impl true
      def authorize(_conn, _resource_module, :read, _context), do: :ok
      def authorize(_conn, _resource_module, _op, %{role: :admin}), do: :ok
      def authorize(_conn, _resource_module, _op, _context), do: {:error, "Forbidden"}
    end

Then configure in your router:

    forward "/api", PgRest.Plug,
      repo: MyApp.Repo,
      authorization: MyApp.PgRestAuth

# `operation`

```elixir
@type operation() :: :read | :create | :update | :delete
```

# `authorize`

```elixir
@callback authorize(
  conn :: Plug.Conn.t(),
  resource_module :: module(),
  operation :: operation(),
  context :: map()
) :: :ok | {:error, String.t() | map()}
```

---

*Consult [api-reference.md](api-reference.md) for complete listing*