riverrun
commented
6 years ago On the authorization page, there is an example of role_check. Do you think we should add anything to that example?
Closed 3141618 closed 6 years ago
riverrun
commented
6 years ago On the authorization page, there is an example of role_check. Do you think we should add anything to that example?
3141618
commented
6 years ago Yes. Based on my understanding, that approach works if the user's role is set to a string. However, it would allow for more flexibility to check a user's list of roles (an array or map of strings) against the opts[:roles] defined in user_controller.ex.
For example, the user_controller.ex could restrict :index and :delete actions to either admins or superadmins. If the user's roles contains either, they would be granted access to the :index and :delete actions.
In the section titled: More complex examples, id_or_admin/2 assumes current_user.role is a string. I am suggesting to include an example where current_user.role is an array or map of strings as this provides greater flexibility.
3141618
commented
6 years ago Hi David,
I figured out how to resolve a multi-role setup using maps instead of arrays. It's easier to use a map (or keyword list) instead of an array.
Thank you for developing Phauxth. You did a very good job.
riverrun
commented
6 years ago In your case, does each user have more than one role? When I wrote the example, I was thinking of each user just having one role, but I suppose it's possible for them to have multiple roles.
If you have any examples that you think will be useful for the wiki, just let me know.
3141618
commented
6 years ago Yes, multiple roles with potentially multiple permission sets. My implementation is somewhat similar to https://github.com/riverrun/phauxth/pull/32
Given a list of roles, I am trying to check if one of the roles is contained in the roles set. Can the wiki include an example?
user.ex schema
user_controller.ex
authorize.ex