search

cpjk / canary

:hatching_chick: Elixir authorization and resource-loading library for Plug applications.
MIT License
473 stars 52 forks source link

extend model name actions in authorize_resource plug #45

Closed jmufugi closed 7 years ago

jmufugi commented 8 years ago

PR to extend non-id actions ie those that require model name as opposed to struct; list is currently hard-coded to [:index, :new, :create]. Actions are specified using 'non_id' option on authorize_resource plug. e.g, non_id: [:action1, :custom_action2, ...]. Note that this also addresses issue #38 on authorizing singleton resources.

cpjk commented 8 years ago

Looking good other than my comments :smile:

jmufugi commented 8 years ago

Agreed - using Enum.concat is a great idea. Will amend. rgds

cpjk commented 8 years ago

Awesome! Just need some tests now.

rlopzc commented 7 years ago

+1, can you merge this? @cpjk Very nice! @jmufugi

cpjk commented 7 years ago

@romariolopez We just need some regression tests to ensure that future changes don't break the changes here, and we should be good to go! :smiley_cat:

cpjk commented 7 years ago

@jmufugi ^ :smile:

jmufugi commented 7 years ago

Noted. Will endeavor to add a couple of tests tomorrow.

rgds

On Sat, Nov 5, 2016 at 9:29 AM, Chris Kelly notifications@github.com wrote:

@jmufugi https://github.com/jmufugi ^ 😄

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cpjk/canary/pull/45#issuecomment-258596354, or mute the thread https://github.com/notifications/unsubscribe-auth/AMASRKYovo5_D1o0Gb8RKcha0dWUoO92ks5q7DBvgaJpZM4JzqX1 .

jmufugi commented 7 years ago

@cpjk, style is subjective, pls you adjust to yr taste on master after merging. Also prefer consistency, suggest you refactor code to use Plug.Conn.assign (agree is cleaner) on all tests.

thx

On Sun, Nov 6, 2016 at 11:47 PM, Chris Kelly notifications@github.com wrote:

@cpjk commented on this pull request.

In test/plug_test.exs https://github.com/cpjk/canary/pull/45:

+

  • test "it authorizes the resource correctly when non_id_actions is a list" do

  • when opts[:non_id_actions] is set as a list

  • opts = [model: Post, non_id_actions: [:other_action]] +
  • params = %{"id" => 1}
  • conn = conn(
  • %Plug.Conn{
  • private: %{phoenix_action: :other_action},
  • assigns: %{current_user: %User{id: 1}, authorized: true}
  • },
  • :get,
  • "/posts/other-action",
  • params
  • )
  • expected = %{conn | assigns: Map.put(conn.assigns, :authorized, true)}

@jmufugi https://github.com/jmufugi ^

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cpjk/canary/pull/45, or mute the thread https://github.com/notifications/unsubscribe-auth/AMASRMguBx30EX9eLP7xS-NLpkPvnQ2yks5q7krjgaJpZM4JzqX1 .