Distinguishing between calls to authorized? for UX purposes versus actual attempted actions #7856
Unanswered
tjohnell-handy
asked this question in
Help
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Did you find a bug?
Right now, all authorization checks funnel through the
authorized?
method whether it be to display a particular action as an option in a dropdown or to prevent a particular action from taking place.I'm in the process of adding in some logging to our admin to track actions taking place (both authorized and unauthorized), so the
authorized?
method seemed like the perfectly logical place to put this. If I log all failed authorizations, I'll also log the authorization checks that are baked into activeadmin in order to determine whether to show the view/update/delete actions as well.Is there a way to distinguish "I'm checking to see if they have permission for UX purposes" versus "I'm checking to see if they have permission because they're attempting the action"? If not, is this additional context this library would be interested in having?
Expected behavior
authorized?
provides additional context on why the authorization check is taking placeActual behavior
There is no way to distinguish a failed attempt at performing an action versus a UX check to hide/show an action.
Beta Was this translation helpful? Give feedback.
All reactions