You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
without canAccess the AuthenticatedRoute does not want to function properly.
Let's look at application.js and see the implementation of the AuthenticatedRoute: this class is a bit confusing, in that it fulfils two responsibilities: it does not only check for authentication but also verifies authorization. I find these are very similar terms, so let's be clear:
Authentication is the process of verifying authenticity. -> Login
Authorization is the process of verifying authority. -> Permissions
These are two different concepts. I think that we may benefit from separating these responsibilities, because there are definitely cases where we can use a logged-in check but do not need a permissions check.
I propose the following classes: ApplicationRoute as it is now AuthenticatedRoute:
extends ApplicationRoute
verifies authentication
AuthorizedRoute,
extends AuthenticatedRoute
verifies authority
EDIT:
alternatively to splitting up the classes, we could rename AuthenticatedRoute to AuthorizedRoute. That would at least improve the reader's association when seeing this term.
Originally posted by @DrumsnChocolate in #889 (comment)
The text was updated successfully, but these errors were encountered: