Open travisulrich opened 6 years ago
I just came here to request this myself, it would be super helpful. Though, the redirect on fail should be specified differently for this and logged in; maybe we can set both?
I would think the login_url: /login
should apply if the user is not logged in. If they are logged in but lack the group or role, it would return a 403 forbidden (the same as the ip_address scheme)
I like this.
Although I don't think it really warrants a new scheme. We could probably just let you specify a role or group on the logged_in
scheme.
Something like
protect:
type: logged_in
login_url: /login
append_redirect: true
roles: [vip, overlord] # or groups
That'd work great I think.
It would be helpful to be able to restrict a user's access to a page based on their role/permissions or membership in a specific user group. This would allow more granulated permissions for a page than is currently available out of the box.
An example of where this might be useful: On a site where user identity needs to be manually validated before they have access to "internal information", the user would be able to register as usual. Then an administrator could validate his identity and add him to a group "member" which would then provide access to the restricted information.
This could function similarly to the other protect schemes but with different terms:
or for group