I am in need of help to create a role in my access rules.
can you help me?
I currently have Pow-based authentication
However, I need to improve these access permissions.
I need every standard user (user) to be able to change only his own records.
Below is my files
MyprojectWeb.EnsureRolePlug
defmodule MyprojectWeb.EnsureRolePlug do
@moduledoc """
This plug ensures that a user has a particular role.
## Example
plug MyprojectWeb.EnsureRolePlug, [:user, :admin]
plug MyprojectWeb.EnsureRolePlug, :admin
plug MyprojectWeb.EnsureRolePlug, ~w(user admin)a
"""
import Plug.Conn, only: [halt: 1]
alias MyprojectWeb.Router.Helpers, as: Routes
alias Phoenix.Controller
alias Plug.Conn
alias Pow.Plug
@doc false
@spec init(any()) :: any()
def init(config), do: config
@doc false
@spec call(Conn.t(), atom() | binary() | [atom()] | [binary()]) :: Conn.t()
def call(conn, roles) do
conn
|> Plug.current_user()
|> has_role?(roles)
|> maybe_halt(conn)
end
defp has_role?(nil, _roles), do: false
defp has_role?(user, roles) when is_list(roles), do: Enum.any?(roles, &has_role?(user, &1))
defp has_role?(user, role) when is_atom(role), do: has_role?(user, Atom.to_string(role))
defp has_role?(%{role: role}, role), do: true
defp has_role?(_user, _role), do: false
defp maybe_halt(true, conn), do: conn
defp maybe_halt(_any, conn) do
conn
|> Controller.put_flash(:error, "Acesso não autorizado!")
|> Controller.redirect(to: Routes.dashboard_path(conn, :index))
|> halt()
end
end
In the controller
plug MyprojectWeb.EnsureRolePlug, :admin when action in [:index, :new, :show, :edit, :update, :delete]
So the question is
How do I make the standard user access only his own records and not be able to change another user?
Could help me, with any example?