Looking at a lot of the articles out there, as well as the patterns within
mix phx.gen.auth, it seems like the go to error for authentication problems is a redirect.
I’m trying to figure out a clean way to handle authorization issues and, in a perfect world, I do it without redirection. So, let’s say someone goofs in the UI and exposes an update page—or even just a button that would expose the update interface—for some resource the user doesn’t currently have access to. (Pretend this user has read only access.) The functions in our context modules handle all the authorization logic so it’s all good in terms of nothing serious happening. The user can’t make an update.
With web apps I am a huge fan of preserving the current URL as much as possible. The reason for this is said user gets annoyed, contacts customer support, and can provide the URL that’s resulting in the error. Redirects… redirect. Pushing someone to a generic “access denied” page isn’t ideal. I’m not sure a flash works in all situation because an error might prevent a resource from getting loaded and result in a template blowing up because some assigns hasn’t been set.
While there are ways around all of these, none are nearly as nice as a dead view app where a plug can check authorization and halt, potentially rendering a completely different template.
Is there a way to handle this sort of pattern in a LiveView without resorting to putting something in every template like
if @error do <error partial> else <authorized stuff> end.