Comments (6)
In its current functionality, authorized?/2
wouldn't help you to achieve what you want. It would actually hide the resource (i.e. the schema wouldn't appear in the side menu). I was thinking of extending the function to accept more parameters, but maybe the better option is to add a new authorize/4
function and deprecate authorized?/2
.
Let's say you have your %OrgEntitlement
resource under the organizations
context for example:
The authorize/4
function signature could be:
authorize(conn, context, schema, action)
When users go to the index page, this would be called:
OrgEntitlementAdmin.authorize(conn, "organizations", OrgEntitlement, :index)
When they try to bulk delete:
OrgEntitlementAdmin.authorize(conn, "organizations", OrgEntitlement, :bulk_delete)
Return values could be:
{:ok, conn}
: the user is authorized and the request should proceed (this is the default value).{:error, conn}
the user is not authorized.conn
is sent to the client directly.
This would give much more control to the developer.
from kaffy.
@roryfahy can you please provide more details about your use case? If you can.
from kaffy.
Sure @aesmail. We want to enable the business people to come in and make updates to resources like %OrgEntitlement
that dictate how long any member of an Org might have premium access. In cases like this, it would be handy to allow them to delete individual records but don't want to expose a way for them to shoot themselves in the foot by accidentally selecting all of the records and pressing the delete action. As it is now, we are not going to be able to expose the individual delete unless we can avoid the bulk delete. We just consider it too dangerous. Please let me know if I can add any further detail/ I'd be happy to help out with the pr if thats wanted. Thank you for Kaffy, I really appreciate the work you're doing here 🙏
from kaffy.
@roryfahy appreciate the feedback. I'm thinking of making the authorized?/2
function more flexible. Currently, it receives the schema and the conn
struct.
Making authorized?
receive the context, the resource, the schema, the conn, and the action might make Kaffy way more flexible with permissions.
This might also solve your issue more flexibly. You can just define the function in the admin module and prevent bulk deletion.
This approach might not hide "delete selected records" option though.
However, I feel this might be the way to move forward.
What do you think? @roryfahy
from kaffy.
![image](https://private-user-images.githubusercontent.com/42627486/268712300-5ba0a50c-c657-4c33-9e91-7cebc16d9998.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjAwMzI3ODcsIm5iZiI6MTcyMDAzMjQ4NywicGF0aCI6Ii80MjYyNzQ4Ni8yNjg3MTIzMDAtNWJhMGE1MGMtYzY1Ny00YzMzLTllOTEtN2NlYmMxNmQ5OTk4LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MDMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzAzVDE4NDgwN1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTFlMTdjODcwNzNiMzMzMjIxNmFmMzIwYWNlNjlmYWQwMzRlMWU5MjIyZmNmMjMzNWE5ZWU2YzBkZDc3NTU5NmImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.ShvkcnCngemzxu1IxhXJg7SknrDjQATX0S9VuRIQ738)
from kaffy.
oh, yeah that would be really neat. I like that idea.
from kaffy.
Related Issues (20)
- [FEATURE-REQUEST] Bulk Delete HOT 1
- [FEATURE-REQUEST] custom_index_query should receive all rather than paged HOT 1
- [FEATURE-REQUEST] Have a way to call a custom attribute in show/edit/create
- [FEATURE-REQUEST] - resolve deprecation warnings in Phoenix 1.7 HOT 1
- [FEATURE-REQUEST] allow to modify auto-detected resources HOT 1
- [BUG] :readonly option not working HOT 1
- [FEATURE-REQUEST] Hide action buttons in show template HOT 1
- Unexpected error `Enumerable not implemented for nil of type Atom` HOT 3
- [BUG] Crash occurs when a schema has a `:page` field or association
- [BUG] readonly also not working with dropdown fields HOT 1
- [BUG] Resource creation errors when schema contains {:array, Ecto.Enum} field ((FunctionClauseError) no function clause matching in String.length/1) HOT 2
- [BUG] create action broken HOT 3
- [BUG] (UndefinedFunctionError) function :ping_erlang.__info__/1 is undefined or private HOT 2
- How can I make Main Dashboard widgets? HOT 2
- How do I change the `default_actions/1` for all schemas at once?
- [Feature] Phoenix HTML 4.0 not supported HOT 17
- [FEATURE-REQUEST] Role-based admins HOT 2
- [BUG] Compilation error on Elixir 1.17 HOT 1
- Release new Version for Phoenix.HTML 4.0
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kaffy.