The LiveView security model recommends checking permissions using on_mount[1], however the latest LiveDashboard README only shows checking at the plug level [2].

Should on_mount be passed through to the underlying live_session?

Is that supported?

Thank you.

[1] https://github.com/phoenixframework/phoenix_live_view/blob/master/guides/server/security-model.md
[2] https://github.com/phoenixframework/phoenix_live_dashboard#extra-add-dashboard-access-on-all-environments-including-production

The way it works is that we use the plug authentication to generate a token and then we check if the token is valid inside the LiveDashboard. So we are validating the user is proper on both fronts. Without the initial http request, the user cannot join the dashboard, so the plug authentication is fine. But if someone has a fine grained need for on_mount, we will be glad to add it. Thanks!