Hi Elixir community,
I am implementing RBAC into my project and have declared the routes that each role can access such as:
# User Management
scope "/users", MyWeb do
pipe_through([:browser, :require_authenticated_user, :require_admin_role])
live_session :crud_users, on_mount: MyWeb.UserAuthLive do
live("/", UserLive.Index, :index)
live("/new", UserLive.Index, :new)
live("/:id/edit", UserLive.Index, :edit)
live("/:id/show", UserLive.Index, :show)
# ...
end
end
# Product Management
scope "/products", MyWeb do
pipe_through([:browser, :require_authenticated_user, :require_role_product_manager])
live_session :crud_products, on_mount: MyWeb.UserAuthLive do
live("/", ProductLive.Index, :index)
# ...
end
end
Now, the accessible routes of each role of the users have been declared and it works perfectly.
The problem I am facing now is that I am trying to display certain elements on the frontend which requires checking the user’s role(s).
My current solution is to use a custom function like has_role?/2 to validate by passing in the user and required_roles. The problem here is that whenever there is a change in the user’s permission, we have to find the functions (has_role?/2) that need to be modified everywhere in the app.
To make it clearer, for instance:
There is this edit user button that can be accessed by admin & hr. One day, the app owner decided to not allow hr to edit users anymore. We have to change has_role?(user, ["Admin", "HR"]) to has_role?(user, ["Admin"]).
I was thinking if there is any method to check if this user has permission to access a route by validating from the declared routes in the router.ex instead of using a function like has_role?/2?
Thank you so much in advance,
Best wishes,
Jing Hui P.
