diff --git a/.gitignore b/.gitignore index 216cd02..5f0df53 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ rbac-*.tar *.beam /config/*.secret.exs .elixir_ls/ +.env \ No newline at end of file diff --git a/README.md b/README.md index 6629ae0..5505a20 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ # `rbac` -Role Based Access Control (RBAC) gives you +Role Based Access Control (**`RBAC`**) gives you a human-friendly way of controlling access to specific data/features in your App(s). @@ -20,7 +20,9 @@ to specific data/features in your App(s). ## Why? -RBAC lets you easily manage roles and permissions in any application +You want an _easy_ way to restrict access to features fo your Elixir/Phoenix App +based on a sane model of roles. +**`RBAC`** lets you _easily_ manage roles and permissions in any application and see at a glance exactly which permissions a person has in the system. It reduces complexity over traditional Access Control List (ACL) based permissions systems. @@ -29,7 +31,7 @@ Access Control List (ACL) based permissions systems. ## What? -The purpose of RBAC is to provide a framework +The purpose of **`RBAC`** is to provide a framework for application administrators and developers to manage the permissions assigned to the people using the App(s). @@ -39,7 +41,7 @@ to manage the permissions assigned to the people using the App(s). Anyone who is interested in developing secure applications used by many people with differing needs and permissions -should learn about RBAC. +should learn about **`RBAC`**. ## _How_? @@ -52,7 +54,7 @@ Install by adding `rbac` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:rbac, "~> 0.1.0"} + {:rbac, "~> 0.3.0"} ] end ``` @@ -61,6 +63,10 @@ API/Function reference available at [https://hexdocs.pm/rbac](https://hexdocs.pm/rbac). +### Setup + + + ### Usage diff --git a/lib/rbac.ex b/lib/rbac.ex index 3e183ce..0888e44 100644 --- a/lib/rbac.ex +++ b/lib/rbac.ex @@ -37,4 +37,36 @@ defmodule RBAC do def transform_role_list_to_string(roles) do [Map.delete(roles, :__meta__)] |> transform_role_list_to_string() end + + @doc """ + `get_approles/1` fetches the roles for the app + """ + def get_approles(auth_url, client_id) do + url = "#{auth_url}/approles/#{client_id}" + HTTPoison.start() + HTTPoison.get(url) + |> parse_body_response() + end + + @doc """ + `parse_body_response/1` parses the response + so your app can use the resulting JSON (list of roles). + """ + @spec parse_body_response({atom, String.t}) :: String.t + def parse_body_response({:error, err}), do: {:error, err} + def parse_body_response({:ok, response}) do + body = Map.get(response, :body) + # IO.inspect(body) + if body == nil do + {:error, :no_body} + else # make keys of map atoms for easier access in templates + {:ok, str_key_map} = Jason.decode(body) + atom_key_map = Enum.map(str_key_map, fn role -> + for {key, val} <- role, into: %{}, + do: {String.to_atom(key), val} + end) + {:ok, atom_key_map} + end # https://stackoverflow.com/questions/31990134 + end + end diff --git a/test/rbac_test.exs b/test/rbac_test.exs index 84d3b79..f040223 100644 --- a/test/rbac_test.exs +++ b/test/rbac_test.exs @@ -81,8 +81,8 @@ defmodule RBACTest do assert RBAC.transform_role_list_to_string(roles) == roles end - test "this" do - roles = %{ + test "transform_role_list_to_string/1" do + roles = [%{ __meta__: "#Ecto.Schema.Metadata<:loaded", desc: "Subscribes for updates e.g. newsletter", id: 6, @@ -90,8 +90,16 @@ defmodule RBACTest do name: "subscriber", person_id: 1, updated_at: ~N[2020-08-21 16:40:22] - } + }] assert RBAC.transform_role_list_to_string(roles) == "6" end + + test "get_approles/2 loads the list of roles for an app" do + auth_url = "https://dwylauth.herokuapp.com" + client_id = AuthPlug.Token.client_id() + {:ok, roles} = RBAC.get_approles(auth_url, client_id) + assert length(roles) > 7 + end + end