I would like to be able to set permissions from a DB table rather than hard coded in a permissions set. about guardian HOT 8 OPEN

You should not do a function call at compile time to find the permissions (Notice that you are calling a function).

That is why when you try to compile the code, it fails because you haven't started the repository and whatnot needed to call the database.

Your intent could be achieved by passing an MFA configuration that could be called to fetch the permissions instead, something like:

  use Guardian, otp_app: :dynamic,
    permissions: {BaseStructures, :get_table_permissions!, []}

I am not sure if this is supported yet, but a PR is welcomed.

from guardian.

  use Guardian, otp_app: :dynamic,
    permissions: [BaseStructures, :get_table_permissions!, [])

I believe it's a tuple (threeple) {BaseStructures, :get_table_permissions!, []} see Guardian.Config.

But that won't work still because permissions are cached at compile time. (I just made it so only permissions are resolved at compile time instead of all config). That would need to be changed for this kind of resolution to work for permissions.

From what I'm seeing, the compile time pieces look like they might be optimizations that could just be read at runtime?

from guardian.

I believe it's a tuple (threeple) {BaseStructures, :get_table_permissions!, []} see Guardian.Config.

I fixed it; I meant to use a tuple instead of a list.

But that won't work still because permissions are cached at compile time.

I hear you. The idea is moving it at runtime 🤷🏻 otherwise, no way we could figure this one out as far as I can tell.

from guardian.

I forked this repo as a POC to see if I could approach it with this capability, fork instead of PR at first because I wasn't sure if this was done intentionally or not. Perhaps for added security ??? not sure.

POC here: https://github.com/kairos0ne/guardian

Its a bit rudimentary - Added a update_permissions(perms) function. It can certainly can be improved.

      @spec update_permissions(permissions :: map) :: :ok
      def update_permissions(permissions) do
        Application.put_env(unquote(otp_app), __MODULE__, Keyword.put(config(), :permissions, permissions))
      end

Then you can call update_permissions from you Guardian module implementation.

I also changed the permissions module to support run time updates.

If you guys have any suggestions or improvements let me know.

from guardian.

I forked this repo as a POC to see if I could approach it with this capability, fork instead of PR at first because I wasn't sure if this was done intentionally or not. Perhaps for added security ??? not sure.

Please create a PR in Draft. That will help me to follow exactly what you have done so far since otherwise it is hard for me to follow the work.

from guardian.

Sure I'll create a draft PR and a pull in all the changes np

from guardian.

@kairos0ne, any updates from your end?

from guardian.

Let me take a look...

from guardian.