Global 'operations' authorization

Question

Global 'operations' authorization

garrettcam opened this issue 9 months ago · comments

I currently have the following to allow only some operations, it is table independent.

'authorization.tableHandler' => function ($operation, $tableName) {
    return in_array($operation, ['list', 'read']);
},

As I only want to control global 'operations' would another level of authorization handler be logical? eg something like this to prevent deletion

'authorization.operationHandler' => function ($operation) {
    return $operation != 'delete';
},

jaleonardo · Answer 1 · Sat Nov 11 2023 14:37:48 GMT+0800 (China Standard Time)

The CRUD operation works on the tables. Inside the authorization.tableHandler,
returning false if $operation == 'delete' seems to do what you need.

'authorization.tableHandler' => function ($operation, $tableName) {
 if($operation == 'delete') return false;
 return in_array($operation, ['list', 'read']);
 },

Maurits van der Schee · Answer 2 · Sat Nov 11 2023 16:06:10 GMT+0800 (China Standard Time)

Yes, great advice here: use the tableHandler and ignore the tableName argument.