bodyguard icon indicating copy to clipboard operation
bodyguard copied to clipboard
verified publisher icon schrockwell

Allow to return `{:ok, data}` from authorize callbacks?

Open ssbb opened this issue 3 years ago • 1 comments

Hi!

I am thinking about about possibility to provide some extra context for permissions. Like not the just fact that user can do something but also why. Something like this:

def authorize(:edit_post, user, post) do
  cond do
    user.is_admin -> {:ok, :admin}
    post.user_id == user.id -> {:ok, :author}
    true -> {:error, "Only adminisrators and authors can edit posts."}
  end
end

I am thinking about preparing PR but does not make sense if you think it don't fit into lib scope etc.

ssbb avatar Dec 27 '22 04:12 ssbb

Not saying you should not do this, but honestly I would keep the "why" closer to the surface. Like the controller. The reason is you may want to responds according to your interface later.

joshchernoff avatar Jan 08 '23 14:01 joshchernoff

This would unfortunately break the core API specification and would require a major version bump per SemVer, which is just not in the cards right now. And also I agree with @joshchernoff that this is solving an issue different from authorization. Thank you for the proposal.

schrockwell avatar Mar 16 '24 02:03 schrockwell