View Source README
SecureX
SecureX (An Advancement To ACL) is Role Based Access Control(RBAC) and Access Control List (ACL) to handle "User Roles And Permissions". You can handle all list of permissions attached to a specific object for certain users or give limited or full Access to specific module.
It has 4 basic modules, SecureX.Roles, SecureX.Res, SecureX.Permissions and SecureX.UserRoles.
All Modules have CRUD to maintain your RBAC.
SecureX Module has validation for user.
installation
Installation
If installing from Hex, use the latest version from there:
# mix.ex
def deps do
[
{:securex, "~> 1.1.0"}
]
endNow You need to add configuration for securex in your config/config.ex
You need to add Your Repo and User Schema in config.
If you are using binary_id type for your project default as @primary_keys. You can pass type: :binary_id.
# config/config.exs
config :securex, repo: MyApp.Repo, #required
schema: MyApp.Schema.User, #required
type: :binary_id #optionalSecureX comes with built-in support for apps. Just create migrations with mix securex.gen.migration.
iex> mix securex.gen.migration
* creating priv/repo/migrations
* creating priv/repo/migrations/20211112222439_create_table_roles.exs
* creating priv/repo/migrations/20211112222440_create_table_resources.exs
* creating priv/repo/migrations/20211112222441_create_table_permissions.exs
* creating priv/repo/migrations/20211112222442_create_table_user_roles.exsThe Migrations added to your project.
iex> "Do you want to run this migration?"
iex> mix ecto.migrateYou are Now Up and Running!!!
pagination-with-scrivener
Pagination with Scrivener
SecureX Supports pagination with Scrivener & ScrivenerEcto,
Please read the following documentations if you have :
-> https://hexdocs.pm/scrivener_ecto/readme.html
-> https://hexdocs.pm/scrivener/readme.htmlPlease add to your project Repo,
use Scrivener, page_size: 10## Guide
You can also use SecureX as a Middleware.
Valid inputs for permissions are "POST", "GET", "PUT", "DELETE", "read", "write", "edit" and "delete". Permissions have downward flow. i.e if you have defined permissions for a higher operation, It automatically assigns them permissions for lower operations. like "edit" grants permissions for all operations. Their hierarchy is in this order.
"read" < "write" < "edit" < "delete"
"GET" < "POST" < "PUT" < "DELETE"
1 < 2 < 3 < 4
middlewares
Middlewares
In RestApi or GraphiQL all you have to do, add a Plug.
examples
Examples
#lib/plugs/securex_plug.ex
defmodule MyApp.Plugs.SecureXPlug do
@behaviour Plug
import Plug.Conn
def init(default), do: default
def call(conn, _) do
with ["Bearer " <> token] <- get_req_header(conn, "authorization"),
{:ok, claims} <- MyApp.Auth.Guardian.decode_and_verify(token),
{:ok, user} <- MyApp.Auth.Guardian.resource_from_claims(claims),
{:ok, %Plug.Conn{}} <- check_permissions(conn, user) do
conn
else
{:error, error} ->
conn
|> put_resp_content_type("application/json")
|> send_resp(403, Jason.encode!(%{errors: error}))
|> Plug.Conn.halt()
_ ->
conn
|> put_resp_content_type("application/json")
|> send_resp(403, Jason.encode!(%{errors: ["Permission Denied"]}))
|> Plug.Conn.halt()
end
end
defp check_permissions(%{method: method, path_info: path_info} = conn, %{id: user_id}) do
res = List.last(path_info)
case SecureX.has_access?(user_id, res, method) do
false -> {:error, false}
true -> {:ok, conn}
end
end
defp check_permissions(_, _), do: {:error, ["Invalid Request"]}
endYou are all set. Please let us know about and open issue on https://github.com/DevWasi/secruex/issues Looking Forward to it.
Happy Coding !!!!!