braunse

braunse

Auval_office - a flexible AUthorization policy eVALuator

Hi ElixirForum,

I was looking for a library to help me implement authorization in a principled way, and looking around, I liked the simplicity of authorize, but I wanted to try out my own variation on the theme.

So yesterday I published auval_office, a flexible AUthorization policy eVALuator.

What’s in the box?

When you define a policy module like this:

defmodule My.Policy
  use AuvalOffice.Policy

  rule ...
  rule ...
  rule ...
end

then auval_office will augment your policy with an authorize function:

case My.Policy.authorize(subject, object, action) do
  {:ok, rule_id, parameters} -> # allowed
  {:error, rule_id, parameters} -> # not allowed
end

What’s different from other authorization packages?

  • auval_office is self-contained.

    It has no dependency on phoenix or ecto. It includes no plug for your web pipeline. You decide if authorization should be a domain responsiblity or a web layer responsibility, and where authorization-related data should be stored.

  • auval_office does not favor one access control model.

    It is flexible enough to implement lots of different access-control schemes, but favors none of them. I believe it offers enough flexibility to implement Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC) and Access Control Lists (ACLs), and combinations of those models.

  • auval_office justifies its decisions.

    The return value of the authorize function includes the ID of the rule that made the decision, and you can return parameters from the rule to augment that information. This enables the user to build historical audit trails, answering questions like “Who changed that data, and why was that allowed at the time?”

  • auval_office can consider context.

    The authorize function has an optional context parameter, where you can provide a map of additional information items to consider when making an authorization decision:

    My.Policy.authorizer(subject, object, action, %{moon_in_house: :seventh})
    

    auval_office also includes a fetcher facility, that enables you to fetch necessary context values at authorization time. Just include a fetch in your policy:

    defmodule My.Policy do
      use AuvalOffice.Policy
    
      fetch :fetch_user_group_memberships, :groups, subject: %User{id: id} do
        groups = Accounts.get_groups_by_user_id(id)
        {:ok, groups}
      end
    
      rule ...
    end
    

    Before evaluating the policy, auval_office will check if a :groups item is present in the context, and if not, will call the fetcher you defined to add the :groups to the context.

Links

Where Next?

Popular in Announcing Top

wmnnd
Hi there, for my project DBLSQD, I needed a file storage solution that is a bit more flexible than Arc. Because I thought others might f...
New
seancribbs
Today I released a new dialyzer Mix task as the dialyzex package! At the time we started writing this task, the existing dialyzer integra...
New
Crowdhailer
The latest release of Ace (0.10.0) includes serving content over HTTP/2. I have started writing a webserver to teach my self more about...
New
alisinabh
Hey everyone i’ve developed a library for Jalaali calendar for elixir which supports converting Gregorian dates to Jalaali and vice vers...
New
Crowdhailer
Experimenting with this code. OK.try do user <- fetch_user(1) cart <- fetch_cart(1) order = checkout(cart, user) save_orde...
New
wojtekmach
Hey everyone! Req is an HTTP client for Elixir that I’ve been working on for quite some time. There is already a lot of HTTP clients out...
New
nikokozak
Hello all, I’ve been working on Svonix - a library for quickly integrating Svelte components into Phoenix views. It’s a much-needed succ...
New
sabiwara
Dune is a sandbox for Elixir and aims to safely evaluate user-provided code. You can try it out using this basic Elixir playground made ...
New
benlime
LiveMotion enables high performance animations declared on the server and run on the client. As a follow up to my previous thread A libr...
New
wfgilman
I’ve cleaned up and open sourced three financial libraries I was using for my company. They are bindings for the APIs of these three comp...
New

Other popular topics Top

malloryerik
Hi, this is for people who, like me, have had some friction using .html.heex templates in VSCode. The solution seems to be, in a hyphena...
New
9mm
I am constructing a JSON object (map) and I need to conditionally set a field. I’m trying to write proper elixir-way code… and I’m at a l...
New
lastday4you
I wanted to check elixir version in phoenix because i found that my elixir is 1.5 but when i use Enum.chunk_by it said the function is un...
New
hariharasudhan94
lets say i have a sample like a = 20; b = 10; if (a > b) do {:ok, "a"} end if (a < b) do {:ok, b} end if (a == b) do {:ok, "equa...
New
pmjoe
I have a relationship of love and hate with Elixir. Lots of things are just absolutely right, but there are some things that are kind of ...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
sergio_101
I am VERY much an elixir newbie. I have taken one elixir course and one phoenix course on Udemy. During that course, I saw the instructor...
New
fayddelight
I tried installing elixir 1.11.2 erlang 23.3.4 via asdf in my zsh shell. Enabled the versions locally and globally. When I list them ...
New
AstonJ
Please see the new poll here: Which code editor or IDE do you use? (Poll) (2022 Edition) It’s been a while since we first asked this, I...
208 31142 143
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New

We're in Beta

About us Mission Statement