- No
- No
- No
- Please, no
- For sake of gods, no
- Nooooooooooooooo
There is a reason why Jose didn’t created authentication framework for Phoenix despite all of his experience with Devise.
Authorization with pattern matching is dumb easy, example:
defmodule MyApp.Authorization do
def can?(action, user, resource)
def can?(_action, %User{id: id}, %Article{author_id: id}), do: true
def can?(:edit, %User{role: :editor}, _article), do: true
def can?(:create, _user, _article), do: true
# All undefined actions aren't allowed
def can?(_action, _user, _article), do: false
end
About administration - there are “admin templates” out there, but the main problem is that this work only for simple CRUDs and you overgrow such tool faster than you think. And hacking around it afterwards is more troublesome than writing custom one from the day 1.
File uploads? Just upload them to the file storage directly (all S3-likes have possibility to do so) and do not handle it within your application or you will have bad time.
