Multi-privilege Users

[jackcarlisle]

When developing a project you might want to authenticate multiple user types with multiple access privileges, for example, an admin user. Has anyone had experience with this in Phoenix? I found a couple of resources but they are quite complex. Has anyone found a simpler solution?

Medium Article

• Part 3
• Part 4

[jackcarlisle]

Update: We wanted to implement the simplest solution possible and after discussion with @iteles we decided to add an admin field to the users table which is a boolean. We are assigning the logged in user to conn.assigns which means we have access to it in our controller functions. The plan is to check whether or not the logged-in user has admin: true and then rendering the necessary page based on the result. This is something we would want to re-visit if we wanted to add more complexity but for now this will do the job.

[katbow]

@jackcarlisle how was it decided which users would be admin? What was the flow to become an admin user? It's as that first article (part 3) says, that it seems to be a catch-22 where admin users may decide who else is admin, but first you need admin users to do that.

See https://github.com/healthlocker/healthlocker/issues/327.

[jackcarlisle]

@katbow so the way we decided to do it was to enter an admin user directly in our priv/repo/seeds.exs file here. The requirement of the project was only to have one admin user, so we don't have a flow within the application to determine others.

Our use case isn't as complex as yours so I haven't thought about it in much detail yet. As you mentioned in your issue you'll probably need a verification layer for users with special permissions and capabilities (clinicians or carers). Do they have a professional ID number that you could reference when they register? This could give them access straight away if it is verified against an existing list automatically. If not then you'll need another user type that deals with this side of things.