@SimonLab good question. Thank you for opening this issue for us to capture the discussion/research.

Short/Quick Answer

Yes, we are going to have RBAC system built-in to Auth as "auth" stands for both "authentication" and "authorisation" which is synonymous for permission.

We don't need to over-think it, we just need the concept of Roles, Content Types and levels of Permissions.

Longer Answer

The best way of thinking about Auth is in the context of an Example Application: "Blog".

Let's consider a typical publishing platform like Medium. https://en.wikipedia.org/wiki/Medium_(website)
It has four Content Types:

1. Post which typically include:
   • Title - e.g: "The Arctic is Melting"
   • Slug - /arctic-melting
   • Tags/Categories: arctic, melting, climate change https://medium.com/tag/climate-change
   • Body see:
     • Images (zero or more)
2. Comment - Anyone who is authenticated (and not blocked) can comment on Posts where commenting is enabled. (Medium calls comments Response ...)
3. Reaction - In the case of Medium there is now only a "clap" which can be clicked multiple times.
   (a variety of Reaction Emojis and one "unit" of each reaction per person would be my pref.)
4. Highlight - A highlight is where a person drags their cursor over a section of text and saves it as a highlight. See: https://help.medium.com/hc/en-us/articles/214406358-Highlights

Don't worry, we aren't going to build a blogging platform, the space is way too crowded.
However, we are going to build a basic CMS so that we can publish our own content for our Learning Platform which will use the Auth (Login, Roles, Permissions and Notifications Systems).

By default we should have at least 7 Roles in the Roles table/schema:

from auth.

Given that we need the concept of roles, privileges and grants in order to regulate access to doors @home dwyl/smart-home-auth-server#1 I'm going to focus on this today.
I have closed all other browser tabs and applications and will be focussing on RBAC exclusively until it's finished.
I will still check my notifications 3 times per day, so if anyone needs me for something else I will still respond.
But until further notice this is my highest priority: #31

from auth.

Taking a little detour to refresh my knowledge of testing as I want to add the helper function to the ConnCase file.
See: https://github.com/phoenixframework/phoenix/blob/master/guides/testing/testing.md

from auth.

@SimonLab given that you opened this issue, if you want to take a look at #85 your feedback is very welcome. 👍

from auth.

If you google for "rbac database schema": https://www.google.com/search?q=rbac+database+schema&tbm=isch
There are several hundred examples you can get inspiration from:

Some are more complex than others.
This is what I've distilled from my reading:

Let's create the Database Schemas (Tables) to store our RBAC data,
starting with Roles:

mix phx.gen.html Ctx Role roles name:string desc:string person_id:references:people

Next

mix phx.gen.html Ctx Permission permissions name:string desc:string person_id:references:people

Next create the many-to-many relationship between roles and permissions.

mix ecto.gen.migration create_role_permissions

Now create the many-to-many relationship between people and roles:

mix ecto.gen.migration create_people_roles

from auth.

By putting the roles and permissions resources in an auth pipeline, none of the tests pass.
Just need to write a helper function that sets up the JWT/session. BRB.

from auth.

Didn't learn anything new from reading the official docs. Going to keep searching. 🔍

from auth.

https://stackoverflow.com/questions/58902019/phoenix-exunit-where-should-i-define-global-helpers

from auth.

Before:

Finished in 74.9 seconds
1 property, 79 tests, 17 failures

After:

Finished in 8.9 seconds
1 property, 79 tests, 0 failures

With 100% coverage.

Next: create associations between the Roles and Permissions Schemas.

from auth.

Default roles summarised in: #82 (comment) included in next PR. 🔜 #85 🚧

from auth.

Roles deployed to https://dwylauth.herokuapp.com/roles
RBAC for controlling access in apps: https://github.com/dwyl/rbac

The original question of this issue is answered:
https://github.com/dwyl/auth/blob/master/role-based-access-control.md

Closing. ✅

Any further questions: please open new issues. (thanks!)

from auth.