View Source Terminator.UUID (terminator_uuid v0.6.0)

Main Terminator module for including macros

Terminator has 3 main components:

Terminator.UUID.Ability - Representation of a single permission e.g. :view, :delete, :update
Terminator.UUID.Performer - Main actor which is holding given abilities
Terminator.UUID.Role - Grouped set of multiple abilities, e.g. :admin, :manager, :editor

relations-between-models
Relations between models

Terminator.UUID.Performer -> Terminator.UUID.Ability [1-n] - Any given performer can hold multiple abilities this allows you to have very granular set of abilities per each performer

Terminator.UUID.Performer -> Terminator.UUID.Role [1-n] - Any given performer can act as multiple roles this allows you to manage multple sets of abilities for multiple performers at once

Terminator.UUID.Role -> Terminator.UUID.Ability [m-n] - Any role can have multiple abilities therefore you can have multiple roles to have different/same abilities

calculating-abilities
Calculating abilities

Calculation of abilities is done by OR and DISTINCT abilities. That means if you have

Role[:admin, abilities: [:delete]], Role[:editor, abilities: [:update]], Role[:user, abilities: [:view]] and all roles are granted to single performer, resulting abilities will be [:delete, :update, :view]

available-permissions
Available permissions

Terminator.UUID.has_ability/1 - Requires single ability to be present on performer
Terminator.UUID.has_role/1 - Requires single role to be present on performer

Link to this section Summary

Functions

as_authorized(list)

Macro for wrapping protected code

calculated(func_name)

Defines calculated permission to be evaluated in runtime

calculated(func_name, bindings)

has_ability(ability)

Requires an ability within permissions block

has_ability(ability, entity)

has_ability?(performer, ability_name)

Perform authorization on passed performer and abilities

has_ability?(performer, ability_name, entity)

has_role(role)

Requires a role within permissions block

has_role?(performer, role_name)

Perform role check on passed performer and role

is_authorized?()

Returns authorization result on collected performer and required roles/abilities

permissions(list)

Macro for defining required permissions

reset_session()

Resets ETS table

Link to this section Functions

as_authorized(list)

(macro)

Macro for wrapping protected code

example
Example

defmodule HelloTest do
  use Terminator.UUID

  def test_authorization do
    as_authorized do
      IO.inspect("This code is executed only for authorized performer")
    end
  end
end

calculated(func_name)

(macro)

Defines calculated permission to be evaluated in runtime

examples
Examples

defmodule HelloTest do
  use Terminator.UUID

  def test_authorization do
    permissions do
      calculated(fn performer ->
        performer.email_confirmed?
      end)
    end

    as_authorized do
      IO.inspect("This code is executed only for authorized performer")
    end
  end
end

You can also use DSL form which takes function name as argument

  defmodule HelloTest do
  use Terminator.UUID

  def test_authorization do
    permissions do
      calculated(:email_confirmed)
    end

    as_authorized do
      IO.inspect("This code is executed only for authorized performer")
    end
  end

  def email_confirmed(performer) do
    performer.email_confirmed?
  end
end

For more complex calculation you need to pass bindings to the function

  defmodule HelloTest do
  use Terminator.UUID

  def test_authorization do
    post = %Post{owner_id: 1}

    permissions do
      calculated(:is_owner, [post])
      calculated(fn performer, [post] ->
        post.owner_id == performer.id
      end)
    end

    as_authorized do
      IO.inspect("This code is executed only for authorized performer")
    end
  end

  def is_owner(performer, [post]) do
    post.owner_id == performer.id
  end
end

calculated(func_name, bindings)

(macro)

has_ability(ability)

@spec has_ability(atom()) :: {:ok, atom()}

Requires an ability within permissions block

example
Example

defmodule HelloTest do
  use Terminator.UUID

  def test_authorization do
    permissions do
      has_ability(:can_run_test_authorization)
    end
  end
end

has_ability(ability, entity)

has_ability?(performer, ability_name)

@spec has_ability?(Terminator.UUID.Performer.t(), atom()) :: boolean()

Perform authorization on passed performer and abilities

has_ability?(performer, ability_name, entity)

has_role(role)

@spec has_role(atom()) :: {:ok, atom()}

Requires a role within permissions block

example
Example

defmodule HelloTest do
  use Terminator.UUID

  def test_authorization do
    permissions do
      has_role(:admin)
    end
  end
end

has_role?(performer, role_name)

Perform role check on passed performer and role

is_authorized?()

@spec is_authorized?() :: :ok | {:error, String.t()}

Returns authorization result on collected performer and required roles/abilities

example
Example

defmodule HelloTest do
  use Terminator.UUID

  def test_authorization do
    case is_authorized? do
      :ok -> "Performer is authorized"
      {:error, message: _message} -> "Performer is not authorized"
  end
end

permissions(list)

(macro)

Macro for defining required permissions

example
Example

defmodule HelloTest do
  use Terminator.UUID

  def test_authorization do
    permissions do
      has_role(:admin)
      has_ability(:view)
    end
  end
end

reset_session()

Resets ETS table

Settings View Source Terminator.UUID (terminator_uuid v0.6.0)

relations-between-models Relations between models

calculating-abilities Calculating abilities

available-permissions Available permissions

Link to this section Summary

Functions

Link to this section Functions

as_authorized(list)

example Example

calculated(func_name)

examples Examples

calculated(func_name, bindings)

has_ability(ability)

example Example

has_ability(ability, entity)

has_ability?(performer, ability_name)

has_ability?(performer, ability_name, entity)

has_role(role)

example Example

has_role?(performer, role_name)

is_authorized?()

example Example

permissions(list)

example Example

reset_session()

View Source Terminator.UUID (terminator_uuid v0.6.0)

relations-between-models
Relations between models

calculating-abilities
Calculating abilities

available-permissions
Available permissions

example
Example

examples
Examples

example
Example

example
Example

example
Example

example
Example