Hey all. I'm pretty new to pedestal and I'm working on adding authorization to my routes. I was wondering if there was an easy way to solve the following; I have an interceptor that adds permitted roles to context, and then I have an interceptor, :authorization/check-roles, that checks if the current user's roles match any of the permitted roles. The problem I'm running into is finding a way to dynamically add ::check-roles prior to the handler in the execution queue. I've tried using io.pedestal.interceptor.chain.enqueue but this will add my ::check-roles interceptor after my handler. Is there an intuitive way to add an interceptor prior to the handler? Is it ok to modify {:route {:interceptors [...]}} and say add my interceptor right before the handler?

@oconn Can't you always have the authorization interceptor in the chain?

So I add :authorization/authorize to specific routes and pass in a role set. The problem I’m facing is when I have a route that is nested under that route that adds additional permissions

thats where ::check-roles was supposed to come into play and check the permissions that have accumulated prior to passing the request off to the handler

But now that you mention it, is there a simple way to always include ::check-roles right before the handler for each route? I’m using the terse syntax if that makes a difference.

@henriklundahl

@oconn, I believe I don't understand the setup. When are the roles the user has determined? When are the roles required for being authorized to make the request determined?

@henriklundahl https://gist.github.com/oconn/c38c4c6dfcfa7a98b195ac8ffe423898

This may be a problem that could be solved by reorganizing my routes or tackling the problem differently.. but I’d thought I’d ask and see if there was an easy way to support this.

@oconn, ok, I understand now. I'm not sure, but I think that if you add an interceptor after the router, it will be called after the router but before the handler (in the enter stage).

cool, I’ll give that a shot

thanks