Advice for policy simplicity
Hey, I'm just getting into policies and wanted some advice on how to make this easy to work with.
So I want all code interface actions to permit calling any function from the application itself or IEx. But I want all external callers to be verified for access. Is this a good start?
If I understand it correctly, this means that if an actor is absent or authorize? is false, the caller is authorized. If an actor is present we check if they are an admin. The Admin UI always disables authorization I think, and if I don't give any extra arguments in my code interface functions then they will go through too.
Is this a good design? What is the performance impact? Or would it better to make separate actions that are only exposed externally and not in the code interface and authorize only those?
So I want all code interface actions to permit calling any function from the application itself or IEx. But I want all external callers to be verified for access. Is this a good start?
If I understand it correctly, this means that if an actor is absent or authorize? is false, the caller is authorized. If an actor is present we check if they are an admin. The Admin UI always disables authorization I think, and if I don't give any extra arguments in my code interface functions then they will go through too.
Is this a good design? What is the performance impact? Or would it better to make separate actions that are only exposed externally and not in the code interface and authorize only those?
The Elixir backend framework for unparalleled productivity. Declarative tools that let you stop wasting time. Use with Phoenix LiveView or build APIs in minutes for your front-end of choice.
2,193Members
Resources
Was this page helpful?
