What's the recommended approach for user roles? #30
Comments
|
Sure, so extended plug does comparison inside the user meta objects. So if you had plug AuthExtended, role: "admin" it would check the uses meta object(that was stored on registration) for the key of role that equals value of "admin". So all things you want to compare against in the keyword list passed to the plug are compared in the users meta object. |
|
Great! Last question: how can I make sure users can't make themselves admins? Normally I'd filter out that field in my controller if the user isn't an admin. |
|
Sure so you can do that a couple different ways. You can run your own custom validation on the changeset to include/exclude roles in the meta object using the custom_user_changes behavior. Or You could do the same custom validation logic and use insert_override to handle the changeset insert yourself. |
|
If for example you don't want users to add role to the meta on registration you would do something like follows inside the custom_user_changes behavior put_change(changeset, :meta, %{}) This would update the meta object to empty regardless of what the users passed in. |
|
Awesome, that's a very elegant solution. Thanks! |
|
No problem! Thanks for all the feedback through github issues! I have a project I have been working on for quite a while that is going through a closed private beta shortly I would love feedback on if thats something that might interest you. It is actually the reason I made accesspass in the first place. Information on the project: https://medium.com/appdoctor/what-is-appdoctor-5cceaedf7a05 email beta@appdoctor.io if interested so I can send you a key when we add our next group to the closed beta! |
The docs mention using the extended plug to check for an admin role, but how should that data be set on the user? If I simply add a role field to the user table it still won't be present on the AccessPass.Users record.
Thanks!
The text was updated successfully, but these errors were encountered: