Open isikhi opened 4 years ago
I'm not sure I get what you mean but when a given role is invalid (does not exist), AccessControl should definitely throw because this is most probably due to invalid configuration. And since this is security related, AC takes it seriously and throws.
From the linked threads, I can only agree with the case where no roles are defined, AC can simply deny access instead of throwing for empty array of roles. (That can also be suppressed by assigning a "guest" role for non-privileged users.)
I ll quote an comment here directly;
Actually you could have the permission in the db or in memory with RB. The idea is that if you remove or suspend certain global permission or an action from your RB, you would not need to update all users affected, as the permission does not exist in memory, everything continues to work correctly. Otherwise, as is happening right now, if any existing permission in the User that does not exist in the RB memory, either because it is misspelled or simply does not exist, the application throws an error. Ignore is better!
quoted from @ruslanguns
Rb=role builder
Edit: Thanks for your interest and this great library.
@isikhi, thanks. Let me put it this way: the quoted comment suggests an opinionated system. They prefer to "ignore". Other systems are more strict when it comes to security aspects. They would not tolerate misspellings or enable no-role users.
So I think, it'd be best to make this configurable in AC constructor. Sounds good?
If the user(or whatever subject) contains any of the roles required to access somewhere, they don't need to give an error if they can't find the role by looking for other roles. We can use as many roles as he it find here given accesses.
We can ignore invalid roles error if one or more of role is valid.