luciano/reitit
1
0
Fork 0
mirror of https://github.com/metosin/reitit.git synced 2025-12-17 00:11:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update dynamic_extensions.md

Browse source 
I find the clarity of this example important because the implementation of (ring/get-match) c23f591283/modules/reitit-ring/src/reitit/ring.cljc (L309) doesn't explain what's going on here.

I find the destructing of the qualified keyword `::roles` unnecessary to the example. To this end I propose using an unqualified keyword.

Additionally there is a collision between the name of the required rolls to access the route and the name of the roles held by the user making the request. To this end I propose having the roles held by the user named `:my-roles`
This commit is contained in:
Samuel J McHugh 2020-02-28 14:44:05 +01:00 committed by GitHub
parent 8b9aa2c4fe
commit 6c458e26d0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
doc/ring/dynamic_extensions.md
View file

@ -9,9 +9,9 @@ Example middleware to guard routes based on user roles:
(require '[clojure.set :as set])
(defn wrap-enforce-roles [handler]
(fn [{::keys [roles] :as request}]
(fn [{:keys [my-roles] :as request}]
(let [required (some-> request (ring/get-match) :data ::roles)]
(if (and (seq required) (not (set/subset? required roles)))
(if (and (seq required) (not (set/subset? required my-roles)))
{:status 403, :body "forbidden"}
(handler request)))))
```
@ -48,7 +48,7 @@ Anonymous access to guarded route:
Authorized access to guarded route:
```clj
(app {:request-method :get, :uri "/api/admin/ping", ::roles #{:admin}})
(app {:request-method :get, :uri "/api/admin/ping", :my-roles #{:admin}})
; {:status 200, :body "ok"}
```