Support returning a resource from authorize

Chris Job · Chris Job · commit 245ad2c5368c · 2020-10-13T22:01:34.000+08:00
Applied coryodaniel's PR. Reference here: schrockwell#54
diff --git a/README.md b/README.md
@@ -51,7 +51,7 @@ end
 
 To implement a policy, add `@behaviour Bodyguard.Policy` to a context, then define `authorize(action, user, params)` callbacks, which must return:
 
-* `:ok` or `true` to permit an action
+* `:ok`, `{:ok, resource}`, or true to permit an action
 * `:error`, `{:error, reason}`, or `false` to deny an action
 
 Don't use these callbacks directly - instead, go through `Bodyguard.permit/4`. This will convert any keyword-list `params` into a map, and will coerce the callback result into a strict `:ok` or `{:error, reason}` result. The default failure `reason` is `:unauthorized` unless specified otherwise in the callback.
diff --git a/lib/bodyguard.ex b/lib/bodyguard.ex
@@ -172,6 +172,7 @@ defmodule Bodyguard do
   # Coerce auth results
   defp resolve_result(true), do: :ok
   defp resolve_result(:ok), do: :ok
+  defp resolve_result({:ok, resource}), do: {:ok, resource}
   defp resolve_result(false), do: {:error, @default_error}
   defp resolve_result(:error), do: {:error, @default_error}
   defp resolve_result({:error, reason}), do: {:error, reason}
diff --git a/lib/bodyguard/policy.ex b/lib/bodyguard/policy.ex
@@ -11,7 +11,7 @@ defmodule Bodyguard.Policy do
         @behaviour Bodyguard.Policy
 
         def authorize(action, user, params) do
-          # Return :ok or true to permit
+          # Return :ok {:ok, resource}, or true to permit
           # Return :error, {:error, reason}, or false to deny
         end
       end
@@ -37,12 +37,12 @@ defmodule Bodyguard.Policy do
 
   """
 
-  @type auth_result :: :ok | :error | {:error, reason :: any} | true | false
+  @type auth_result :: :ok | {:ok, resource :: any} | :error | {:error, reason :: any} | true | false
 
   @doc """
   Callback to authorize a user's action.
 
-  To permit an action, return `:ok` or `true`. To deny, return `:error`,
+  To permit an action, return `:ok`, `{:ok, resource}`, or `true`. To deny, return `:error`,
   `{:error, reason}`, or `false`.
 
   The `action` is whatever user-specified contextual action is being authorized.
diff --git a/test/bodyguard/policy_test.exs b/test/bodyguard/policy_test.exs
@@ -14,6 +14,7 @@ defmodule PolicyTest do
   test "authorizing via helper", %{context: context, user: user} do
     assert :ok = Bodyguard.permit(context, :action, user)
     assert :ok = Bodyguard.permit(context, :ok_boolean, user)
+    assert {:ok, resource} = Bodyguard.permit(context, :ok_with_resource, user)
     assert {:error, :unauthorized} = Bodyguard.permit(context, :fail, user)
 
     assert {:error, %{key: :value}} =
diff --git a/test/test_helper.exs b/test/test_helper.exs
@@ -31,6 +31,10 @@ defmodule TestContext do
     true
   end
 
+  def authorize(:ok_with_resource, _user, _params) do
+    {:ok, %{id: 1, name: "foo"}}
+  end
+
   def authorize(:fail_boolean, _user, _params) do
     false
   end
