Guardian authorization verify to control template / UI elements

Is it possible to verify if current Guardian token / user has a profile/permission and hide/change elements in a template?
I already achieve this for endpoint / controllers with Guardian.Plug.EnsurePermissions.


Is there a better way?


def check_permissions(conn, profile, value) do
  {:ok, guardian} = conn.private.guardian_default_claims
  profile_string = Atom.to_string(profile)
  perm_number = guardian["pem"][profile_string]
  perm_list = Guardian.Permissions.to_list(perm_number, profile)
  |> Enum.any?(&(&1 == value))


PhoenixHelper.check_permissions(@conn, :default, :read) # returns true in the example
PhoenixHelper.check_permissions(@conn, :default, :write) # returns false in the example

There are lots of ways. What kind of API would you prefer for it? :slight_smile:

Currently only Web, but implemented ueberauth (identity/providers) / Guardian / Guardian DB for future api.
The idea is to hide menus and object that an user can’t go ( controller / action forbidden by Guardian Plug Ensure… ).
Any suggestions are welcome?
Also is it better to implement subset permissions on a small group of profiles (default [read, write]) , or a profile for each “permission” (resulting in 1 value for Guardian) (default_read, default_write)?
Our application will have less then 10 possible permissions.

I mean from the template side of things. How would you like it to be used from the template most optimally?

Check if user has permissions and show or hide element (buttons, menus, etc.).

But what kind of API would you like for that? Like show an example template that you want to be able to create to do that? :slight_smile:

Basically if you can think of how you want it to look, then you can make it in Elixir, syntax dependent of course. :slight_smile: