You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not sure if I am right about that, but you can also set permissions for not just a type of resource, but a specific one with an id as well. You can create a task resource locally and pass the caller's id to it. This way the resource will always have the caller's id which is what you want. However I don't know if the super user permission has a higher order of precedence or not.
As I was working with Lock today, I realized I was misunderstanding how it worked when I wrote this issue.
Correct me if I'm wrong in my assumptions:
When using the database driver, the permissions are written to the database based on what we allow in the UserManager class (used in the readme).
Then we can use Lock::can() to hit the lock_permissions table and check if a user is allowed to perform a certain action. The data that was just written in the previous step is now used to perform the checks underneath the Lock::can() abstraction.
There's no end to the number of combinations and hierarchies I can build
The lack of restrictions really threw me off at first! It's so simple to build out very complex authentication structures. The more I learn how Lock works, the more impressed I am with it. I'm working on a test project to really understand the ins and outs. I will keep you posted with feedback if I find anything worth reporting on. Thank you for developing this.
Consider the following url:
/users/1/tasks/2
I want to ensure that only the user with an id of 1 can get to their specific task.
I would also like to have a super admin (let's say that user as an id of 8) be able to access both
/users/8/tasks/4
and
/users/1/tasks/2
The super admin can access any task. Standard users that go to a task that isn't their own will get denied.
Is there a fetchOwn('tasks') method or a similar way to implement the example above?
The text was updated successfully, but these errors were encountered: