-
-
Notifications
You must be signed in to change notification settings - Fork 828
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replacement options for dispatcher->until() #2091
Comments
Franz and I had a very productive discussion today, here are my takeaways for how to procees: Permissions and Policies.The policies system will face a broaded refactor, discusssed here: #2092. However, so far the 4 tiered decision system (allow, deny, forceallow, forceDeny) seems like a good approach. Which values we actually pick to represent this might be controversial, but should not affect forward compatibility. At this point, I'm thinking of Model relationships (planned in Models Extender) (Also, why do we limit it to only 1 custom relationship right now lol?)A replacement is proposed here: #2100. Serialization Relationships (planned in API Serializer Extender)Will be implemented the same way as model relationships. Whether Discussions and Posts are privatehttps://github.com/flarum/core/blob/d492579638fb52dafbfe65f1f36a95eb6047f7f3/src/Post/Post.php#L102 In this case, marking something as private should NOT be overriden. In other words, if ANY extension returns Checking for floodingIt doesn't really make sense to return However, there should be a method for extensions to disable flood checkers introduced by other extensions. For that reason, each flood checker will be assigned a string id as a second parameter in the extender. There will be a method on the extender called Getting users' display nameshttps://github.com/flarum/core/blob/d492579638fb52dafbfe65f1f36a95eb6047f7f3/src/User/User.php#L312 This doesn't make sense as Checking passwordshttps://github.com/flarum/core/blob/d492579638fb52dafbfe65f1f36a95eb6047f7f3/src/User/User.php#L323 Here, |
Can't we move the Floodgate throttling to a middleware? So that extensions can pluck that from the middleware stack and others could inject their own? Sounds like a lot of bloat to add unique id's to floodgates.. |
Perhaps, but that would require a rewrite of how floodgate works (I believe). I would be open to that though. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We do this to keep the amount of open issues to a manageable minimum. |
This can be further discussed in the relevant issues/PRs for particular extenders. |
Functionality Discussion
Is your feature request related to a problem? Please describe.
Certain extendable features currently use ->until() with. While this has some benefits, there are also several significant issues, namely:
I've compiled a list of all instances where ->until() is used here: #2015 (comment)
Describe the solution you'd like
I have come up with 2 possible ideas this far. In my opinion, at this stage, the actual implementation is less important than deciding how to handle this situation.
Consider ALL responses returned by extensions. This is inspired by Symfony's voter approach. When requesting this replacment to a
->until()
check, the code would indicate an 'evaluation mode'. Depending on the mode, return:a.
true
if any true values are presentb.
false
if any false values are presentc. whichever of
true
orfalse
has more returned, withtrue
returned if there is a tied. whichever of
true
orfalse
has more returned, withfalse
returned if there is a tieExtensions can return one of 4 options:
a. $this->allow()
b. $this->allow()
a. $this->forceAllowallow()
a. $this->forceDeny()
Any $this->forceDeny()s returned would override, if not present, any $this->forceAllow()s would override, if not present any $this->allow()s would override, and so on. This is my preferred approach as it's intuitive and flexible. One potential implementation is included in #2056
EDIT:
Some time after writing this, I realized that this would not necessarily work for ->until() methods that don't return a boolean (such as GetDisplayName). For those cases, I think that the extender should be refactored to use a driver, and a driver should be selectable in the admin configuration, like we do with mail drivers.
The text was updated successfully, but these errors were encountered: