Closed adam-clarey closed 8 years ago
Don't assess yet, i'm extending it for more flexibility
I've extended it so now the permissions callback is aync allowing for aync logic for checking permissions.
I also added a real world example of this in use for the entity edit page. Before it was hardcoded that only admins could access the page. Now it checks the 'can edit any [type]' and 'can edit own [type]' permissions
+1
Wouldn't it be nicer to make this extension general across the whole of the permission system rather than just routes? Under register permission you could register an optional callback. Only a thought. I'll put it as a separate issue.
This extends the iris routes so now you can add logic to page permissions.
use case:
There is an entity type where you want certain users (not entity authors) to edit specific entities based on some requirement, ie, they are listed as a manager of that entity.
When defining the route options for that callback you add 'permissionsCallback' and provide a function as the value.
The function needs to be defined before the route as below:
'permissionsCallback' is not required so should not be a breaking change.