Phoenix authorization out of context

From my latest post/question I followed the complete tutorial explaing how to handle context & authentication/authorization by @chrismccord …and I took advantage of his post about decoupling auth from dockyard blog :slight_smile: auth for phoenix context
Continuing the discussion from Phoenix 1.3.0 released:

According to this, In a CMS all created post/page needs an authenticated author with their session (that’s great).

Now suppose a situation in which not all created post/page needs a referenced author or maybe not all author have to be logged in before creating their page. how code will looks like?

Just change your checks as appropriate, that all depends on the code. ^.^

1 Like

thanks for your reply @OvermindDL1 , in my own opinon the user_registration concerns the Admin system’s part and shouldn’t be exposed… so:

  1. when the Admin is logged in/registered… S/he can achieve administrative tasks (create Users, Authors, pages, etc.) that’s allowed by:
scope "/cms", HelloWeb.CMS, as: :cms do
    pipe_through [:browser, :authenticate_user]

    resources "/pages", PageController

for the page’s tasks
2. In the mentioned case earlier if we consider that scope CMS is the admin part and we want to allow pages to be created through the public part by author without being linked into an account , we can use another line of scope named pipe_through :public or pipe_through :browser instead of pipe_through : authenticate_user

scope "/", HelloWeb do
    pipe_through :public # or pipe_through :browser

    resources "/students", StudentController  only [:new, :create, :show]

and then define the plug :public i’m not sure but it could be improved / corrected…

defp public(conn, _) do
    if conn.assigns[:current_user] do
        |> Phoenix.Controller.put_flash(:success, "You're in!")
        |> Phoenix.Controller.redirect(to: .....page_path...(conn, :show)
        |> halt()
        |> Phoenix.Controller.redirect(to: .....page_path...(conn, [:create, :show])

what do u think?

Would not even remotely work for my system (I’m mandated to have very fine grained permissions), but that is a common style for more simple servers. :slight_smile: