This is a minimal example that demonstrates how to use EACL, an embedded SpiceDB-compatible* ReBAC authorization library built in Clojure and backed by Datomic.
The ~70 lines in src/eacl_example/core.clj shows the following:
- Install the latest EACL Datomic schema
- Transact a small permission schema with resources for users, accounts and products:
- where a user can own an account,
- a product has under an account, and
- users havae basic permissions.
- Transact some permissioned entities.
- Transact some relationships for
[user :owner account]&[account :account product]so EACL can traverse the graph betweenduser -> account <- product. - Run some
eacl/can?permission checks, which returntrueorfalse. - Enumerate the resources a subject can access via
eacl/lookup-resources.
If you'd like to try this from your project, you'll need the Datomic Peer library and the EACL dependencies in your deps.edn file:
cloudafrica/eacl {:git/url "git@github.com:cloudafrica/eacl.git"
:git/sha "715ad6eed9f8b100e502909395126cef65cca27d"}(or use a newer :git/sha, until EACL is published on Clojars)