Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rethink AuthenticatedRoute #901

Open
DrumsnChocolate opened this issue Nov 8, 2024 · 0 comments
Open

Rethink AuthenticatedRoute #901

DrumsnChocolate opened this issue Nov 8, 2024 · 0 comments

Comments

@DrumsnChocolate
Copy link
Contributor

DrumsnChocolate commented Nov 8, 2024

without canAccess the AuthenticatedRoute does not want to function properly.

Let's look at application.js and see the implementation of the AuthenticatedRoute: this class is a bit confusing, in that it fulfils two responsibilities: it does not only check for authentication but also verifies authorization. I find these are very similar terms, so let's be clear:

  • Authentication is the process of verifying authenticity. -> Login
  • Authorization is the process of verifying authority. -> Permissions

These are two different concepts. I think that we may benefit from separating these responsibilities, because there are definitely cases where we can use a logged-in check but do not need a permissions check.
I propose the following classes:
ApplicationRoute as it is now
AuthenticatedRoute:

  • extends ApplicationRoute
  • verifies authentication

AuthorizedRoute,

  • extends AuthenticatedRoute
  • verifies authority

EDIT:
alternatively to splitting up the classes, we could rename AuthenticatedRoute to AuthorizedRoute. That would at least improve the reader's association when seeing this term.

Originally posted by @DrumsnChocolate in #889 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant