search

tedconf / front_end_builds

Rails engine to manage front end builds and deployments
MIT License
75 stars 21 forks source link

allow containing application to add `before_action` to front ends #75

Open alexdean opened 8 years ago

alexdean commented 8 years ago

problem

  1. my front-end application requires authentication/authorization (auth/authz) in order to do anything useful.
  2. for users who need auth/authz, i want to redirect them in rails, so as not to force them to load all of ember just to see a 'you are not authorized' message. i want all auth/authz logic & flows to be entirely in rails, and not require coordination in the ember code.
  3. currently the only way i can see to add a before_action to a front end build is via a monkey patch. this is brittle & a likely source for unexpected behavior

for example:

# config/initializers/front_end_builds.rb
module FrontEndBuilds
  class ApplicationController < ActionController::Base
    before_action :do_authentication_things
  end
end

possible solutions

i'm not stuck on either of these. just trying to brainstorm some options.

inherit from ::ApplicationController

change FrontEndBuilds::ApplicationController to inherit from ::ApplicationController. This gives the containing application a way to add before_action & other hooks without monkey patching

support a per-frontend before_action explicitly

# config/routes.rb
front_end 'something', '/', before_action: :do_authentication_things

this might be even nicer than the ::ApplicationController change, but i'm not sure how this would work exactly. (where/how would my :do_authentication_things method be defined?)

cc @samselikoff

samselikoff commented 8 years ago

Related: https://github.com/tedconf/front_end_builds/issues/33

alexdean commented 8 years ago

update: i think i'd prefer the 'inherit from ::ApplicationController' option.

  1. this seems to be a normal/conventional thing to do. this approach is mentioned in the rails guide to engines.
  2. it would allow me to easily integrate FEB with other aspects of my application, like handling cases where i want to deny access to a resource.

re that 2nd point: i'm not doing something exactly like this, but similar. raising an exception which signals "access is denied", & which is then handed by a rescue_from in ::ApplicationController. I'd like to be able to extend this approach to my FEB endpoints also, but that's not possible w/ only a before_action.

alexdean commented 8 years ago

Allowing me to add concerns into FrontEndBuilds::ApplicationController might be another acceptable option. I could encapsulate the behaviors i want in concerns, and add them to both ::ApplicationController and FrontEndBuilds::ApplicationController. afaik, I can add both before_action and rescue_from via concerns.

alexdean commented 8 years ago

Another option... Devise allows the main application to configure which controller the devise controllers will inherit from.

code references: