search

ghiobi / tally-ticketsystem

Making Expensing Better Than Great Again
MIT License
1 stars 0 forks source link

Scaling user authorization. #67

Closed ghiobi closed 5 years ago

ghiobi commented 5 years ago

We do user access validation in the controller, or create multiple middle-wares which may not scale in case we have different combinations of policies all over the place. Instead we could divide those validations and create a parameterized middleware for handling such cases.

For example we could have fine grain policies

class IsAdminPolicy {
   get name() {
       return 'admin'
   }
    authorize({auth}) {
         return auth.user.hasRole('admin')
     }
}

and create our middleware that will parse such parameters

and use it as middleware(['is:admin|self'])

which allow access for either admin or self. for AND auth. just chain them middleware(['is:admin', 'is:self'])

ghiobi commented 5 years ago

The solution can be achieved by proper use of https://adonisjs.com/docs/4.1/validator#_route_validator