Fork me on GitHub
#biff
<
2022-12-21
>
2FO18:12:38

Howdy, For a game site where users can view and favorite games, and admins have full CRUD powers via an admin page. What would a biff flavored approach to new admin authorization look like? Are there any examples?

pavlosmelissinos19:12:06

Well, not sure if it's biff-flavored but here's how I'd approach it... For starters, how about a user with a role that can be :admin or missing (simple user)

(def schema
  {:user/id :uuid
   :user    [:map {:closed true}
             [:xt/id          :user/id]
             [:user/email     :string]
             [:user/role     [:enum :admin]
             [:user/joined-at inst?],,,]
     ,,,})
Beyond that, for admin-only pages you can have a middleware that checks if the current user is an admin before loading the page (https://github.com/jacobobryant/biff/blob/83622612e39e5b0aaa6a496dac9c72947776a870/example/src/com/example/middleware.clj#L10-L15) If your goal is to load different content in the same page depending on if the user is an admin or not, I'd just handle it with regular Clojure and something as simple as this:
(case (role x)
    :admin (produce admin hiccup)
    :else (produce non-admin-hiccup))

1
Jacob O'Bryant20:12:47

That's how I'd do it too!

Jacob O'Bryant20:12:09

For giving admin access to other users, you can make an admin-only page with a crud form for setting the :user/role attribute. you could start out by showing a list of all the users and have a button that toggles the admin role.

1
Jacob O'Bryant20:12:52

make sure the admin-role-checking middleware wraps both the admin page and the other CRUD routes

👍 1
2FO20:12:41

Thanks all, that's much clearer now. 🎉