Closed 3141618 closed 6 years ago
On the authorization page, there is an example of role_check. Do you think we should add anything to that example?
Yes. Based on my understanding, that approach works if the user's role is set to a string. However, it would allow for more flexibility to check a user's list of roles (an array or map of strings) against the opts[:roles] defined in user_controller.ex.
For example, the user_controller.ex could restrict :index and :delete actions to either admins or superadmins. If the user's roles contains either, they would be granted access to the :index and :delete actions.
In the section titled: More complex examples, id_or_admin/2
assumes current_user.role
is a string. I am suggesting to include an example where current_user.role
is an array or map of strings as this provides greater flexibility.
Hi David,
I figured out how to resolve a multi-role setup using maps instead of arrays. It's easier to use a map (or keyword list) instead of an array.
Thank you for developing Phauxth. You did a very good job.
In your case, does each user have more than one role? When I wrote the example, I was thinking of each user just having one role, but I suppose it's possible for them to have multiple roles.
If you have any examples that you think will be useful for the wiki, just let me know.
Yes, multiple roles with potentially multiple permission sets. My implementation is somewhat similar to https://github.com/riverrun/phauxth/pull/32
Given a list of roles, I am trying to check if one of the roles is contained in the roles set. Can the wiki include an example?
user.ex schema
user_controller.ex
authorize.ex