platformOS Community

Authorization policies

authorization_policies

karan.vtn Feb 18 2021 at 08:19

I am trying to impement authorization_policies as explained in documentations, however it's not working as mentioned in documentation.
I can access restricted page without error (I have added policy for page).

piotrze Feb 18 2021 at 09:56

You can authorize page access withredirect_to tag.
https://documentation.platformos.com/api-reference/liquid/platformos-tags#redirect_to

# app/views/pages/dashboard.liquid
---
slug: dashboard
---
{% liquid
	unless context.current_user.id
	  redirect_to '/'
	endunless

For more advanced example you can look at: https://github.com/mdyd-dev/product-marketplace-template/blob/master/app/views/pages/dashboard/index.liquid

Adam Cook Feb 18 2021 at 20:28
I think it should work even without a redirect_to. It should just show an error page.
karan.vtn Feb 19 2021 at 05:06
@piotrze as @Adam said that it should work without redirect_to. Above mentioned approaches are alternates and different from authorization_policies. As per documentation authorization_policies parsed before page rendering.

Dean Feb 20 2021 at 11:11

I've noticed this week as well, the original page will still render if the redirect_to is null and there is no custom page set for the http_status

Example:

# app/authorization_policies/test.liquid
---
name: test
http_status: 403
redirect_to: null
---
false

If the site does not have a page with a slug of 403 then the page that the auth policy is applied to will still render even if it fails

Please sign in or fill up your profile to answer a question