Do we really need to apply server restrict to each server action we want to protect? e.g.: /admin/user/delete
Wouldn’t it be better to just apply the server restrict to a group of routes? e.g. /admin
Am I missing something? It feels like Wappler didn’t nail this right yet. In other frameworks we have middlewares, so we can apply common logic to a group of routes instead of manually going to every possible page/server action we want to protect
Manually protecting every single Server Action is error-prone. Did you really protect every single Server Action?
We did introduce the global action that always run first. So common logic you can put in there.
Similar idea is also to have common action per folder indeed. But should it execute for server actions directly under this folder or any children even nested ones.
Although it does sounds great when we consider it, it does have some disadvantages.
Most important one is that you loose any overview of which actions ran automatically before the current one.
People already have trouble with single global action and forget that they added things in there, lets stay a multi level global actions from all parent folders.
You will be pulling your hair out debugging this.
So that was what stopped us from implementing it yet.
Most are well versed with the Security Provider and Security Restrict components. Usually among the first questions asked by Users is how to secure their application.
I’ll play with the Global steps.