Authorization #67
Authorization #67
Conversation
|
It's looks straightforward to use. Rules would be db calls we'd write to validate if the user has the correct permissions? |
|
@fergusmeiklejohn yeah you can easily call a DB from a Rule, the idea is that you can create multiple rules for different things, some rules are going to be global (applied to Authenticator when created) while others are maybe related to specific routes (e.g. a route to ensure you are the author of a comment before you delete it) |
|
most rules will be predictable, isAdmin, isCreator.., but as long we can make a rule be anything that returns a boolean or something then that'll fit any use case |
Exactly, that's the idea of the rules, some are most likely to be the same (e.g. role based) but then you can start having more custom needs, that's when rules come handy, for example, an internal app of a company may want to limit the access to only an IP range (their offices or VPN) or only in business hours and days. |
|
@sergiodxa are there any docs about this ? I couldnt find it (even tho the tests look good / are helping) |
|
@goldo I never documented it because I wanted to use it more before doing so, the API has been stable since this PR but I never really ended up using it that much to feel confident about it |
|
@sergiodxa Ok I see thanks! do you know anyone who might have did it ? (or use something else) |
I don't really know, but you can see here a list of open source repos using Remix Auth, maybe someone there used it https://github.com/sergiodxa/remix-auth/network/dependents?package_id=UGFja2FnZS0yNTE1NTk4MDI5 |
Closes #62