Ideas for User types

ecto
phoenix
#1

I have authentication working to some degree but I would like to improve my User model by being able to restrict user access to certain routes based on (potentially) EctoEnum. For instance I want a way to have a super user access any page, while a Contributor access only certain routes.

So something like:

UserType = %{
  superuser = 0, # access to all routes
  admin = 1, # limited access to single domain, for example
  contributor = 2 # restricted access 
}

Inside the controller, the user type is checked on the User as to whether or not access can be granted.

Does this seem like a generally viable idea or does this re-invent the wheel?

Michael

1 Like
#2

:wave:
Seems viable, I don’t believe it’s reinventing the wheel since authorization is kind of unique for each project. One thing you could do is, create a plug that checks if the user has enough authorization, so it can be easily composed on your routes. I mean “enough” because you can do something like: if the route requires level 3 and the user has 1 then it can be accessed (note that its inverted since the levels will be the enum ordinal, and superuser is 0).

3 Likes
#3

Yeah a Plug seems like a perfect application for something like this. And yes, inverting the order is the more logical application of the idea so:

UserType = %{
  contributor = 0, # restricted access
  admin = 8000, # limited access to single domain, for example
  superuser = 10000 # full access
}

And if more user types needed to be added later, they can be interleaved anywhere within the 0 - 10000 range.

Thanks for the feedback!

2 Likes
#4

You might want to look at this response to a similar question I posted some time ago

Maybe roles and permissions is the flexible approach you’re looking for?

1 Like
#5

That’s a good point, if I don’t enumerate the permissions, things could get messy pretty fast, thanks for providing that thread.

1 Like