laravel-orion icon indicating copy to clipboard operation
laravel-orion copied to clipboard

Published 20 hours ago verified publisher icon tailflow

Relation resources authorization using parent key

Open mr-Sepi0l opened this issue 3 years ago • 2 comments

Hello,

While using Orion I spotted a point that could be enhanced. I have several entities that are related to the Company model like companies/{company}/messages or companies/{company}/documents.

I have for each to override store method just to change this : $this->authorize('create', [$resourceModelClass, $parentEntity]);

That makes a lot of code duplication.

I think that in relation controller, passing the parentKey in authorization would be nice, wouldn't it ? if you want I can probably make a pull request for this change if it makes sense to you as well.

EDIT: when you override store method the response status become a 200 instead of a 201

mr-Sepi0l avatar Aug 02 '21 15:08 mr-Sepi0l

Hi @DavidSprauel,

I think it would make sense to introduce wrapper methods for authorization, similar to how it is implemented for operations (e.g. performStore, performUpdate, etc.) - https://tailflow.github.io/laravel-orion-docs/v2.x/guide/relationships.html#customizing-queries.

Passing parent entity directly to a policy is an app-specific feature and would result in unexpected behavior for many users.

alexzarbn avatar Aug 04 '21 04:08 alexzarbn

Maybe it is better to create something like createChild policy method?

Marko298 avatar Aug 25 '21 09:08 Marko298