Authorize singleton resources

[maufl]

I would like to use the :authorize_resource plug in a controller for a singleton resource (/user). This means that there is no :id parameter for the show action. However canary always tries to fetch the resource for the show action by id. I'm not sure what a good solution would be? Maybe allow overwriting the fetch_resource/2 method?

[cpjk]

I haven't thought much about the singleton use case.

To solve this, the first, most pragmatic solution would be to just to use conventional resource URLs like /users/1 instead of /user.

However, it would be nice to support a non-conventional URL structure.

One solution could be a singleton: true flag in the plug call, but this would need to asssume a specific id that the singleton would use - probably id 1 - for the database query.

The other solution - that you suggested - is to allow the user to specify a custom fetch_resource function. If this were to happen, the entry-point for such a custom function would have to be inside fetch_resource and fetch_all instead of replacing them completely, since fetch_resource and fetch_all contain a lot of logic that is core to the library's functionality.

I think the best thing might be to replace the ecto methods in fetch_resource with a method that checks for a custom fetch function and calls it instead of e.g. repoget_by` if present. For example, at https://github.com/cpjk/canary/blob/ff76baa10b1b4973adcfebd8d961090225b8f870/lib/canary/plugs.ex#L298.

I'll look into it. Also, PRs are always welcome :).

[cpjk]

Work in progress PR here https://github.com/cpjk/canary/pull/39.

[cpjk]

Closing this, since the conversation is dead.