Closed OzanKurt closed 5 months ago
I agree with the missing authorization and have been wondering how to do it with minimal or no breaking change for quite some time.
Atm, this is how I handle authorization:
On Editor code:
Button::makeIfCan('manage-users', 'create')->editor('editor'),
On routes:
Route::post('users', [UsersController::class, 'store'])->middleware('can:manage-users');
Please do not hesitate to submit a proposed implementation.
Is it possible for you to check the versioning of the package?
Since I am not familiar with tests I can't make the packages tests run.
I've installed the editor standalone and it choose to install Laravel components of version 6.*. Which caused A LOT of depreciation errors, maybe its time to add a minimum version requirement for the composer packages. I've also tried running the tests via PHPUnit after upgrading the Laravel components and orchestra/testbench, it didn't go that well... It cannot locate the classes.
I was not able to update the editor package version and it stays on 1.x
series. Also planning to bump this to 10.x
to match the framework version but don't have time to do it yet.
This issue is stale because it has been open for 30 days with no activity. Remove stale label or comment or this will be closed in 7 days.
We might focus on this in the future.
Hello there,
I've been recently learning how to use the datatable editor. From what I've seen datatables editor doesn't have any autorization checks.
Wouldn't it be nice to implement it inside the editor actions so that it checks a certain
Policy
automatically in case it was not configured.I have seen a great API example by a package providing generalized API endpoints.
https://github.com/tailflow/laravel-orion/blob/main/src/Concerns/HandlesStandardOperations.php
We only care about the create, update and delete portions of this.
A similar adaptation of
DataTablesEditor
would be something like this:I know this is a huge addition but it will have its use cases.
Lets go over the additions 1 by 1:
$this->authorize('create', $this->resolvePolicy($instance));
Allows user to properly use Laravels authorization functionalities for the editor such ascreate a Post
$data = $this->prepareForValidation($data);
Allows the developer to manipulate each "data" from the request before they are sent to validation.$errorsToAppend = $this->validateRequest($data);
handles the validation related stuff and returns an array of errors. The processing of the "data" in that foreach loop will halt and the next data will be processed.beforeStore
,beforeSave
,afterSave
,afterStore
This will allow developers to return custom response information and maybe display an alert message unrelated to the editor defaults.Here is an example for the
hookResponds
implementation.Let me know what you think about this. Since we did not remove any actual code from the editor it should NOT be a breaking change.
Here is a screenshot of it: