Authorization with diff levels on same controller

riverrun / openmaize

No longer maintained - was an Authentication library for Plug-based applications in Elixir

Other

206 stars 30 forks source link

Authorization with diff levels on same controller #13

Closed dmarinortega closed 8 years ago

dmarinortega commented 8 years ago

Enhancement proposal for AcessControl:

Will it be possible to do something like:

plug :authorize, roles: ["admin", user: when action in [:index, :show] ]

making explicit for the Access Control that in that controller, admin has privileges to do all operations but user can only do index, or show?

riverrun commented 8 years ago

Hi, This is already possible, but you need to have two plug calls, like this:

plug :authorize, [roles: ["admin", "user"]] when action in [:index, :show]
plug :authorize, [roles: ["admin"]] when not action in [:index, :show]

Thanks for raising the issue, though. I've made it clearer in the documentation how this can be done. By the way, I've just updated Openmaize to version 0.11, and there are changes to how login and logout is handled - I hope that doesn't cause you too much inconvenience.

dmarinortega commented 8 years ago

Thank you very much for quick response! Happy 2016!