zachallaun

zachallaun

Feedback wanted: Authorization library with composable Ecto queries

Hi friends,

I wanted an authorization utility for an existing project I’m working on where I have a fair amount of permissions logic duplicated between functions that check whether a person can do something to a given resource and query utilities that filter a query based on what a person is allowed to do.

After spending a bit of time looking at existing solutions, I decided to spend a couple days putting something together myself.

Janus is the result.

The library is extremely alpha and not yet released on hex. It’s basically at the “works enough to test in my own project” stage, but I’d like to hear from folks on the approach I’ve taken and whether it’s worth pursuing further. Basically: I (think I) like it and will use it myself, but I’m not sure whether it makes sense to invest in bits that may make it more useful for others.

If you have a spare 5-10 minutes, please consider reading through the example in the README. I’d love to hear any thoughts or feedback. Thanks!

Most Liked

zachallaun

zachallaun

This proved a little trickier, but the result is actually pretty dang cool. I’m not quite done implementing this yet but I’m confident it can be done.

To take your example a little further: Let’s say you were implementing user search. In the results, you wanted to display the user’s last thread, the first post in that thread, and user’s latest post in any thread.

Normal users can’t see banned users or archived threads or posts, but moderators can see both.

Here’s how it might look like using Janus:

latest_thread = Thread |> order_by(desc: :inserted_at) |> limit(1)
first_post = Post |> where(index: 0) |> limit(1)
latest_post = Post |> order_by(desc: :inserted_at) |> limit(1)

search_params
|> Accounts.search()
|> Policy.filter(:read, current_user,
  preload_filtered: [
    threads: {latest_thread, posts: first_post},
    posts: latest_post
  ]
)
|> Repo.all()

The result of this would be the users that the current user can read, preloaded with the latest thread created by that user (and that thread’s first post) that the current user can read, and the latest post by that user that the current user can read. So a normal user would see non-banned users and non-archived threads/posts, while a moderator may see banned users and archived threads/posts mixed into the results. This all done with a single query and includes users that may have no threads or posts.

Man, Ecto is really cool.

Where Next?

Popular in RFCs Top

bartblast
:test_tube: Could use a hand testing something. Just landed a protocol pruning enhancement - the compiler now drops protocol implementati...
New
brettbeatty
At my work we build a lot of mix tasks for backfills and other maintenance tasks. Even with OptionParser we seem to copy a lot of boilerp...
New
UlrikHD
I’ve been wanting to write a library for the lemmy API so that I can port some of my scripts over to elixir. For those unfamiliar with le...
New
simulacre7
Hi everyone, I’m building Aethrion, an early alpha Elixir runtime for persistent AI characters. Repo: GitHub - simulacre7/aethrion: A s...
New
laibulle
Hello, I am playing with quantitative finance with Elixir. This library is more a way for me to explore and learn in this area and especi...
New
KristerV
I got fed up with removing unused aliases manually so made a package for it: GitHub - KristerV/remove_unused_ex: Remove unused aliases an...
New
ca1989
Hi all, this week I played a bit with Phoenix and Elm. I ended up with this POC: https://github.com/carlotm/elmex The repository cont...
New
Billzabob
Hello! I have an idea for an Elixir library I’d like to work on, but wanted to get some thoughts from the community first. It would allo...
New
Overbryd
Polyglot-Ex Rust and wasmex bindings for polyglot. State: Pre-release Hi there, I am starting a thread for my humble bindings library ...
New
BartOtten
This lib is now published and has a new topic. Once this topic was about PhxAltRoutes. A lib pioneering localized routes for Phoenix. I...
New

Other popular topics Top

siddhant3030
Hi, I have to write a raw query for one of my project. But till now I have used ecto queries and don’t have much experience writing raw ...
New
Nvim
Anybody knows a comprehensive comparison of Django and Phoenix, thanks for the help. Where are they similar? Where do they differ the m...
New
JeremM34
Hello, how can I check the Phoenix version ? Thanks !
New
electic
Hi, I am new to Elixir. I am trying to use the DateTime component to insert a date into MySQL however the there seems to be no way to fo...
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New
alice
Hey, Just curious what are the main benefits of Elixir compared to Clojure? When is Elixir more useful than Clojure and vice versa? Th...
New
AstonJ
Please see the new poll here: Which code editor or IDE do you use? (Poll) (2022 Edition) It’s been a while since we first asked this, I...
208 31142 143
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New
komlanvi
Hi everyone, I was playing with phoenix liveView but I run into an issue. I have a form and want to validate each input text when the te...
New
AstonJ
We’ve put together this wiki for Phoenix LiveView - please feel free to add any info you feel is worth including. What is Phoenix LiveV...
New

We're in Beta

About us Mission Statement