I have authentication working to some degree but I would like to improve my User model by being able to restrict user access to certain routes based on (potentially) EctoEnum. For instance I want a way to have a super user access any page, while a Contributor access only certain routes.
So something like:
UserType = %{
superuser = 0, # access to all routes
admin = 1, # limited access to single domain, for example
contributor = 2 # restricted access
}
Inside the controller, the user type is checked on the User as to whether or not access can be granted.
Does this seem like a generally viable idea or does this re-invent the wheel?
Seems viable, I don’t believe it’s reinventing the wheel since authorization is kind of unique for each project. One thing you could do is, create a plug that checks if the user has enough authorization, so it can be easily composed on your routes. I mean “enough” because you can do something like: if the route requires level 3 and the user has 1 then it can be accessed (note that its inverted since the levels will be the enum ordinal, and superuser is 0).