What is the correct usage of the Nitrogen Auth API?
https://stackoverflow.com/questions/1967983
-
21-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Just wanting to confirm the usage of the Nitrogen Authentication and Authorization API. The description of the API is:
wf:user() -> User or 'undefined'
Return the user value that was previously set by wf:user(User)
wf:user(User) -> ok
Set the user for the current session.
wf:clear_user() -> ok
Same as wf:user(undefined).
wf:role(Role) -> 'true' or 'false'
Check if the current user has a specified role.
wf:role(Role, IsInRole) -> ok
Set whether the current user is in a specified role.
wf:clear_roles() -> ok
Remove the user from all roles.
To use this API I would first validate a user login against my database that stores the credentials, then set wf:user(User) to the successfully authenticated user? Then I can do things like check if undefined = wf:user() to tell if the user has authenticated to protect restricted pages? Similarly I would set roles for the user, etc then I could perform validations against the role as well? And Nitrogen is storing this information in a session for me in the background somehow?
Solution
you are correct. Nitrogen sessions are just an erlang process storing the session information. The usage is just as you described. You can query to see whether the user has logged in or not and also set and query for the roles the user has. Anything more sophisticated you'll have to do yourself.
