-
-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Discussion: Moving to policies for controller based authorization #3080
Conversation
…s the delete field.
…ates. Will allow for much more detailed permissions bits in the future.
…es/assets to policies instead of in authserviceprovider
8fce9d6
to
b62ec35
Compare
Add an artisan command for installing a settings setup on travis-ci
…e id for tests that need an existing one.
b62ec35
to
9fed422
Compare
…igration errors found along the way.:
All permissions have been moved to policies that make sense to move to policies. Unit tests have been written to check that we are gating properly. This PR also fixes/enables functional tests on travis-ci. Also, I've gone ahead and ported a lot of hardcoded /admin/blah urls to use the relevant routes, and fixed issues I encountered along the way. This should be mergable I think, and close to usable. |
…_ET. Increase lenght in mysql and add a validation
@@ -5,20 +5,20 @@ | |||
$I->am('logged in user'); | |||
$I->wantTo('ensure that the accessories listing page loads without errors'); | |||
$I->lookForwardTo('seeing it load without errors'); | |||
$I->amOnPage('/admin/accessories'); | |||
$I->amOnPage('/accessories'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should probably eventually switch these to routes, since that's what we're using mostly now in the app
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah. I'm not 100% sure what we want to do with acceptance tests long term. I think functional + api tests will replace most of it.
Hello,
This still has a long ways to go, just wanted to get the first bit into the wild so we could discuss whether we think this is a good idea. I think it will make everything cleaner as we add in controller gates, and it will allow for much more granularity of permissions in the future as as policy methods automatically have the Item and the user as parameters.
This PR looks huge until the delete PR is merged and this is rebased, but it's just the last commit that has the changes of importance here.