Elaborate documentation concerning roles checks inside authorize function

Question

Elaborate documentation concerning roles checks inside authorize function

acrolink opened this issue 8 years ago · 2 comments

In documentation, an example is given to make role checks inside authorize function. Kindly, provide more information how to implement the role field itself, datatype, schema properties etc.

  # Admin users can do anything
  def authorize(_, %Blog.User{role: :admin}, _), do: :ok

Answer 1 · 2017-07-01T13:16:33.000Z

Update:

I have managed to do this:

 def authorize(:list_posts, %User{role: "admin"}, _), do: :ok

I have created a Roles table with a string field named name as primary key. But still I need to specify it as "admin" not :admin in def authorize(...)

Answer 2 · 2017-07-05T00:26:53.000Z

Yes, the role field is an implementation detail left to the user. It could be an atom in some cases.