# Chalk Authorization
Chalk is yet another authorization module with support for roles. It can handle
configurable custom actions and permissions, and also user and group based
authorization. If you look for some similar to unix file permissions, this
module is inspired by that.
## Installation
This package is [available in Hex](https://hexdocs.pm/chalk_authorization), and
can be installed by adding `chalk_authorization` to your list of dependencies
in `mix.exs`:
```elixir
def deps do
[
{:chalk_authorization, "~> 0.1.1"},
...
]
end
```
## Setup
Once added to your project, you can enable chalk in any model. To do so include
the following line, changing the values to match your requirements:
```elixir
use ChalkAuthorization,
repo: MyApp.Repo,
group_permissions: %{
"staff" => %{
"read_only_resource" => 2,
"restricted_resource" => 15
},
"user" => %{
"restricted_resource" => 2
}
}
```
Chalk does expect your model to include the following attributes:
```elixir
field :superuser, :boolean, default: false, null: false
field :groups, {:array, :string}, default: [], null: false
field :permissions, {:map, :integer}, default: %{}, null: false
```
Please remember to include migrations to add these to the database if there are
not present already:
```elixir
defmodule MyApp.Repo.Migrations.AddUserAuthorizationFields do
use Ecto.Migration
def change do
alter table(:users) do
add :superuser, :boolean, default: false, null: false
add :groups, {:array, :string}, default: [], null: false
add :permissions, {:map, :integer}, default: "{}", null: false
end
end
end
```
## Usage
Once your models are configured you can ask them questions. I.E: if you add it
to a "MyApp.User" model you may ask it if it's in the "staff" group like so:
```elixir
MyApp.User.is_a?(current_user, "staff")
```
Chalk follows the "?" convention, any function ending in "?" will return "true"
or "false" atoms.
If instead you want to know if the current user is allowed to "create"
something you may ask it as so:
```elixir
MyApp.User.can?(current_user, :c, "files")
```
The default actions in any resource are CRUD, stored in database as an integer.
This is configurable, by default the equivalences are:
```elixir
%{ c: 1, r: 2, u: 4, d: 8 }
```
I recommend not to alther this, but if you must you can do so in the config
files like this:
```elixir
configure :chalk_authorization,
permission_map: %{
r: 1,
w: 2,
x: 4
}
```
Per-item resource based permissions are yet not included, but the
implementation should be easy enough.
If you intent to use it with Phoenix Framework, [there is a plug for
that](https://github.com/Quarkex/chalk_authorization_plug)