[Live][RFC] `LiveProp::$role`

[kbond]

Wondering if it would be desired to add LiveProp::$role:

#[LiveProp(writable: true, role: 'OWNS_POST')]
public Post $post;

When hydrating the property, we'd use AuthorizationChecker::isGranted($liveProp->role, $post) and throw an AccessDeniedException if false.

[weaverryan]

How would this work with exposed properties? Like, if “title” is exposed, i guess the security check would still be applied only to the top-level post, right?

I also think we should list a few specific use cases for this to make sure it feels right.

Also: what if whether I can do this depends on the value of another property? Like, the new value is valid only if some other non-writable LiveProp Boolean is true?

in general, it does seem reasonable to have a way to restrict what values a prop is changed to. Most of the time it doesn’t matter: if you change to a bad value, then on an action, you can fail validation. But I’m some cases, a bad value could be used to expose info (like changing to a see info about a Post you don’t own).

[d3vpunk]

Could be an alternative to work with methods that manage the permissions? That allows more fine grained decision that there are enough rights.

Example:

#[LiveProp(writable: true,  authorization_method: 'authorizePost')]
public Post $post;

//...

public function authorizePost(Post $post)
{
    $authorizationChecker = $this->get('security.authorization_checker');

    // check for edit access
    if (false === $authorizationChecker->isGranted('EDIT', $post)) {
        throw new AccessDeniedException();
    }
}

like here: https://github.com/symfony/acl-bundle/blob/main/src/Resources/doc/index.rst#checking-access

[kbond]

How would this work with exposed properties? Like, if “title” is exposed, i guess the security check would still be applied only to the top-level post, right?

Yes, that was my thinking.

Also: what if whether I can do this depends on the value of another property? Like, the new value is valid only if some other non-writable LiveProp Boolean is true?

One possibility I guess would be to have an option that passes the entire component as the subject.

Could be an alternative to work with methods that manage the permissions? That allows more fine grained decision that there are enough rights.

This could be an option, yes, but I believe the same thing could be effectively achieved with a post-hydrate hook.

[carsonbot]

Thank you for this issue.
There has not been a lot of activity here for a while. Has this been resolved?

[carsonbot]

Thank you for this issue.
There has not been a lot of activity here for a while. Has this been resolved?