Skip to content

Custom actions authorization#337

Open
sineed wants to merge 3 commits intosmpallen99:masterfrom
grabr:custom-action-authorization
Open

Custom actions authorization#337
sineed wants to merge 3 commits intosmpallen99:masterfrom
grabr:custom-action-authorization

Conversation

@sineed
Copy link

@sineed sineed commented Mar 29, 2017

Related to #334

Things in which I'm not confident enough:

  1. Custom map instead of conn object. Currently I forward only action name (for pattern matching) and id (to find resource for member actions):
    %{action: custom_action_name, id: id}
    |> Utils.authorized_action?(action, resource_model) 
    But maybe someone needs more data for authorisation. On the other side I don't want to put specific data inside %Plug.Conn{} struct. As a compromise I think about putting :ex_admin_metadata key inside conn.assigns map.
  2. Refactoring. I only extracted functions from ExAdmin. I started to go further but realised that this is not as simple as I thought. I don't think that 7 arguments is good for functions but currently I have bad knowledge of ex_admin domain.

I understand that you may not accept this PR without proper module design

Copy link
Owner

@smpallen99 smpallen99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, a great first pass. Thanks!! Couple things...

The authorization protocol requires the conn object, so that part needs to be reworked. Also, support should also be added for the ActiveAdmin theme.

do: th(".th-#{parameterize field_name} #{humanize field_name}")
def build_th(field_name, opts, %{fields: fields} = table_opts) do
if String.to_atom(field_name) in fields and opts in [%{}, %{link: true}] do
if opts[:link] == true do
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do you think its safe to replace the original implementation? I think this may have regression issues, but I'm not sure without regressing it. Why the change?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a couple of changes to this PR which are not related to the authorization logic. This part is one of them. Will do some cleanups

@tag as_resource: %TestExAdmin.ExAdmin.Simple{}
test "action_button", %{defn: defn, conn: conn} do
result = ExAdmin.action_button(conn, defn, "Simple", :show, :edit, defn.actions, "17")
result = ExAdmin.ResourceTitleActions.action_button(conn, defn, "Simple", :show, :edit, defn.actions, "17")
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aliasing ExAdmin.ResourceTitleActions would reduce a little noise here.

end

@doc false
def action_button(conn, defn, name, _page, action, actions, id \\ nil) do
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this is the old code, just moved. But I'd appreciate if you could remove the nesting. Something like this (not tested):

  def action_button(conn, defn, name, _page, action, actions, id \\ nil) do
    with true <- action in actions, 
         true <- Utils.authorized_action?(conn, action, defn) do
      
      action_name = defn.action_labels[action] || Utils.humanize(action)
      [action_link(conn, "#{action_name} #{name}", action, id)]
    else
      _ -> []
    end
  end

@sineed sineed force-pushed the custom-action-authorization branch from 810f5df to 50afd90 Compare May 19, 2017 08:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants