Hello,
Do we have in Phoenix a mechanism to limit the authenticated user to certain routes based on role we assign to profile or that is something to be developed by the app?
As an example if user X login to the application they can visit all routes while if user Z login only certain routes are allowed and if tried to visit it through URL , unauthorized or no permission will show.
Regards
For controllers you create a Plug to handle this.
Yes, Phoenix supports this mostly via the separate :pipeline blocks in your router.ex. One will require authentication, the other – not.
And for liveview… You have live_session
And for API, You can use a Phoenix token to authenticate your users
This can be used to authenticate your websockets as well
Thanks all for the feedback as based on it I found the below in the docs - which mostly mean to fulfill the business requirements I have to alter users default table plus adding others that will store the role of the users and per each role what are allowed routes/permission.
I am not sure if this is something that can be suggested to be included in the standard phoenix product as I never worked on an enterprise application where you do not have user/roles management by default.
Blockquote
live_session :admin, on_mount: MyAppWeb.AdminLiveAuth do
scope “/” do
# Regular routes
pipe_through [MyAppWeb.AdminPlugAuth]
get “/admin/health”, AdminHealthController, :index
# Live routes
live “/admin”, AdminDashboardLive, :index
live “/admin/posts”, AdminPostLive, :index
end
end
© Copyright Elixir Forum | Terms | Privacy & Cookies
