Authorize singleton resources

[maufl]

I would like to use the :authorize_resource plug in a controller for a singleton resource (/user).
This means that there is no :id parameter for the show action. However canary always tries to fetch the resource for the show action by id. I'm not sure what a good solution would be? Maybe allow overwriting the fetch_resource/2 method?

[cpjk]

I haven't thought much about the singleton use case.

To solve this, the first, most pragmatic solution would be to just to use conventional resource URLs like /users/1 instead of /user.

However, it would be nice to support a non-conventional URL structure.

One solution could be a singleton: true flag in the plug call, but this would need to asssume a specific id that the singleton would use - probably id 1 - for the database query.

The other solution - that you suggested - is to allow the user to specify a custom fetch_resource function. If this were to happen, the entry-point for such a custom function would have to be inside fetch_resource and fetch_all instead of replacing them completely, since fetch_resource and fetch_all contain a lot of logic that is core to the library's functionality.

I think the best thing might be to replace the ecto methods in fetch_resource with a method that checks for a custom fetch function and calls it instead of e.g. repoget_by` if present. For example, at

canary/lib/canary/plugs.ex

Line 298 in ff76baa

repo.get_by(opts[:model], get_map_args)

.

I'll look into it. Also, PRs are always welcome :).

[cpjk]

Work in progress PR here #39.

[cpjk]

Closing this, since the conversation is dead.