views:

216

answers:

1

Just wanting to confirm the usage of the Nitrogen Authentication and Authorization API. The description of the API is:

wf:user() -> User or 'undefined'
Return the user value that was previously set by wf:user(User)

wf:user(User) -> ok
Set the user for the current session.

wf:clear_user() -> ok
Same as wf:user(undefined).

wf:role(Role) -> 'true' or 'false'
Check if the current user has a specified role.

wf:role(Role, IsInRole) -> ok
Set whether the current user is in a specified role.

wf:clear_roles() -> ok
Remove the user from all roles.

To use this API I would first validate a user login against my database that stores the credentials, then set wf:user(User) to the successfully authenticated user? Then I can do things like check if undefined = wf:user() to tell if the user has authenticated to protect restricted pages? Similarly I would set roles for the user, etc then I could perform validations against the role as well? And Nitrogen is storing this information in a session for me in the background somehow?

+1  A: 

you are correct. Nitrogen sessions are just an erlang process storing the session information. The usage is just as you described. You can query to see whether the user has logged in or not and also set and query for the roles the user has. Anything more sophisticated you'll have to do yourself.

Jeremy Wall
OK, thanks for the info.
Jeremy Raymond
Know of any good Nitrogen doc/tutorials? The docs on nitrogenproject.com are OK, but to so detailed.
Jeremy Raymond
I have a couple I've written that you can find here: http://jeremy.marzhillstudios.com/index.php/tag/nitrogen/Other than that the demos and docs on nitrogen project are the only stuff I really know of.
Jeremy Wall