ExBouncer :muscle:

An authorization library :cop: in Elixir :sake: for Plug applications that restricts what resources the current user/admin or any role is allowed to access.

Use this in any of your plug module, where you fetch the current user or admin. You could then halt the chain, even before it reaches the controller.

Installation

Dependencies: Make sure you have Erlang 18+ version installed and Elixir 1.x version.

1. Add exbouncer to your list of dependencies in mix.exs:

```elixir
def deps do
  [{:exbouncer, "~> 0.0.1"}]
end
```

1. Ensure exbouncer is started before your application:

```elixir
def application do
  [applications: [:exbouncer]]
end
```

1. Define a ExBouncer.Entries module with authorization logic

```elixir
defmodule ExBouncer.Entries do
  import ExBouncer.Base

  bouncer_for %User{role: :admin}, [
    ["api", "users", _],
    {"DELETE", ["api", "posts", _]}
  ]
end
```

Usage

In your plug, once you identify the appropriate resource (say: a current user), you can pass it to check if they are allowed to visit the route.

ExBouncer.allow_resource?(%User{role: :admin}, conn)
#=> true

ExBouncer.allow_visitor?(conn)
#=> false

For every bouncer_for for a particular resource (say %User{}) is made, then for that route allow_visitor?\1 would be false.

Begin your code :boom: Bonne Chance :metal: