ux icon indicating copy to clipboard operation
ux copied to clipboard

Published 20 hours ago verified publisher icon symfony

[Live][RFC] `LiveProp::$role`

Open kbond opened this issue 2 years ago • 3 comments

Wondering if it would be desired to add LiveProp::$role:

#[LiveProp(writable: true, role: 'OWNS_POST')]
public Post $post;

When hydrating the property, we'd use AuthorizationChecker::isGranted($liveProp->role, $post) and throw an AccessDeniedException if false.

kbond avatar Aug 12 '22 14:08 kbond

How would this work with exposed properties? Like, if “title” is exposed, i guess the security check would still be applied only to the top-level post, right?

I also think we should list a few specific use cases for this to make sure it feels right.

Also: what if whether I can do this depends on the value of another property? Like, the new value is valid only if some other non-writable LiveProp Boolean is true?

in general, it does seem reasonable to have a way to restrict what values a prop is changed to. Most of the time it doesn’t matter: if you change to a bad value, then on an action, you can fail validation. But I’m some cases, a bad value could be used to expose info (like changing to a see info about a Post you don’t own).

weaverryan avatar Aug 12 '22 15:08 weaverryan

Could be an alternative to work with methods that manage the permissions? That allows more fine grained decision that there are enough rights.

Example:

#[LiveProp(writable: true,  authorization_method: 'authorizePost')]
public Post $post;

//...

public function authorizePost(Post $post)
{
    $authorizationChecker = $this->get('security.authorization_checker');

    // check for edit access
    if (false === $authorizationChecker->isGranted('EDIT', $post)) {
        throw new AccessDeniedException();
    }
}

like here: https://github.com/symfony/acl-bundle/blob/main/src/Resources/doc/index.rst#checking-access

d3vpunk avatar Aug 17 '22 10:08 d3vpunk

How would this work with exposed properties? Like, if “title” is exposed, i guess the security check would still be applied only to the top-level post, right?

Yes, that was my thinking.

Also: what if whether I can do this depends on the value of another property? Like, the new value is valid only if some other non-writable LiveProp Boolean is true?

One possibility I guess would be to have an option that passes the entire component as the subject.

Could be an alternative to work with methods that manage the permissions? That allows more fine grained decision that there are enough rights.

This could be an option, yes, but I believe the same thing could be effectively achieved with a post-hydrate hook.

kbond avatar Aug 17 '22 12:08 kbond

Thank you for this issue. There has not been a lot of activity here for a while. Has this been resolved?

carsonbot avatar Apr 26 '24 12:04 carsonbot