How do you handle cases when role is defined in another model?

Question

How do you handle cases when role is defined in another model?

abitdodgy opened this issue 8 years ago · comments

Mohamad El-Husseini commented 8 years ago

For example, in scenarios where you have a many-to-many association between, say, companies and users, where the role column is defined in the memberships schema.

In this scenario, the current user is not enough. We also need the membership record.

Mohamad El-Husseini · Answer 1 · Tue Dec 06 2016 19:27:47 GMT+0800 (China Standard Time)

Easy enough, I suppose:

  def can?(%User{id: user_id}, action, %Organisation{id: org_id})
  when action in [:edit, :update] do
    case Repo.get_by(Membership, user_id: user_id, organisation_id: org_id, role: :admin) do
      nil -> false
      _ -> true
    end
  end

Rockwell Schrock · Answer 2 · Wed Dec 07 2016 00:24:26 GMT+0800 (China Standard Time)

Can you preload the user.memberships association prior to authorization? If so, then in your policy you can do everything in-memory:

def can?(%User{memberships: memberships}, action, %Organisation{id: org_id})
when action in [:edit, :update] do
  Enum.any?(memberships, &match?(%Membership{organisation_id: ^org_id, role: :admin}, &1))
end

Mohamad El-Husseini · Answer 3 · Wed Dec 07 2016 19:30:14 GMT+0800 (China Standard Time)

@schrockwell great suggestion as well. Thanks.