I’m working on an authorization system for my phoenix app, and I need some help designing it…
I want it to be based on roles and permissions, and I also want to be able to create, update and delete roles at runtime and have them persisted in the database.
Permissions wouldn’t change very often as they would imply changes to the codebase, so I think they can be hardcoded.
I’ve seen bodyguard, canary and policy_wonk but neither of them seem to suit my needs so I prefer to roll my own.
This is the approach I would follow:
role_usertables for a many_to_many association between users and roles
- As the permissions are hardcoded, the roles table would have a column for each of the permissions(ie: a boolean
create_postcolumn) or a comma delimited
permissionsstring column. I don’t really know which is better, but I like the latter because I don’t need to run migrations if my permissions ever change.
- Write an authorization module that exposes an API like
BodyGuard's, for example:
Is this, in general, a good approach I should go for? How would you approach this?