It’s been so long since I did anything with authenticated users, curious about “modern” patterns and standards.
Specifically, an authenticated user wants to do something. What patterns and standards are you using for permissions?
I’m seeing middleware mentions. But, curious what else is out there. Not looking for “use Framework X” and should be testable. Doesn’t need to be web-specific as I’m just looking for patterns and standards.
@itsjoshbruce it's the request (route or route group middleware). Authenticated user is set early to the container and then various areas are protected based on the user's roles. Of course, there are more detailed checks later in the flow (e.g. parts of the interface are hidden or different depending on role/permissions). Middleware is stopping the unintended actions, like playing with URLs to access what's not supposed to be seen or actioned on.
@itsjoshbruce we still just use a table of permissions that comes along with the user info and the controllers check if the user can before it does. most things are boolean like Blog.Create==1 but its an int for future stupid decisions. shrug
@itsjoshbruce nah. prior to 2022 the controller method "should" check early it was my job to check something before doing something.
old alternate was a method with the same name but ending with WillAnswerRequest() if i wanted to do lots of checks for things which returned an HTTP status code.
but we recently built up some annotations that must pass their tests before the route executes, which looks like this currently:
@itsjoshbruce@bobmagicii I know we have roles column which is just a JSON array of main roles on the user table, then we have another table that has user permissions, and I don't remember what that looks like off the top of my head.
@ellisgl@itsjoshbruce part of our growing pains was starting with the json and then putting too much in that. im really digging the new annotations though.
Add comment