{-|
Module: IHP.AuthSupport.Authorization
Description: Building blocks to provide authorization to your application
Copyright: (c) digitally induced GmbH, 2020
-}
module IHP.AuthSupport.Authorization where

import IHP.Prelude
import Control.Monad.Fail (fail)

class CanView user model where
    canView :: (?modelContext :: ModelContext) => model -> user -> IO Bool

-- | Stops the action execution with an error message when the access condition is false.
--
-- __Example:__ Checking a user is author of a blog post.
-- 
-- > action EditPostAction { postId } = do
-- >     post <- fetch postId
-- >     accessDeniedUnless (get #authorId post == currentUserId)
-- >     
-- >     renderHtml EditView { .. }
--
-- This will throw an error and prevent the view from being rendered when the current user is not author of the post.
accessDeniedUnless :: Bool -> IO ()
accessDeniedUnless :: Bool -> IO ()
accessDeniedUnless Bool
condition = if Bool
condition then () -> IO ()
forall (f :: * -> *) a. Applicative f => a -> f a
pure () else String -> IO ()
forall (m :: * -> *) a. MonadFail m => String -> m a
fail String
"Access denied"