-
-
Notifications
You must be signed in to change notification settings - Fork 419
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow explicitly disabling actors #514
Comments
A concrete example of how this would be cool. For flipper cloud, say we have an api feature. Its always enabled. If we made it possible to disable for individual actors or groups, then when we got a bad actor using too many resources or whatever we could just No code changes. No additional software other than flipper. Now the bad actor can no longer do things. |
Would it work to add Flipper.deny_actor :api, bad_actor
Flipper.deny_group :api, :abusers Implementation wise, it could use |
Yeah that could work. We’d still need to adjust api, ui, adapters and Feature but that verbiage could help make it all more clear. We’d also still need a way to remove someone from the deny list. I guess we could use allow/deny. Part of me wonders if that is confusing, like what is the difference between allow and enable. |
I'll definitely second/third this feature - we ❤️ this I definitely think that a Let me know if there's anything we can do to help this along. |
Somewhat related to this, it'd be useful to be able to specify a default when checking if a feature is enabled. For example, if I run a hypothetical SaaS blogging platform and everyone has comments, but then I sell to a customer who doesn't want comments it'd be nice to be able to add a Presumably the changes you're talking about here would support this because you could globally enable comments, then disable it for that particular user. I'm currently looking at trying to build this on top of our use of Flipper at the moment. As for the terminology, |
For the terminology, I think Let's think of "real-world" analogies. If you try to enter an event, but you don't have a ticket, you'll be denied entry. Not because you're on a list of blocked people, but because you're not on the list of invited people (based on the credentialing system of tickets). But block as a word in English seems to imply a more active prevention of access rather than just avoiding the granting of access. Also, since deny and disable begin with the same letter, it's easier to occasionally confuse them. (Especially since their meaning is also more similar (IMO) than block and disable.) |
This has come up a few times. It would be great if we could come up with a good way of explicitly enabling a feature with exceptions. For example, this feature is enabled for everyone but john. Or this feature is enabled for everyone but customers on the basic tier.
The main problem currently is that flipper is about gates and letting people through the gates. Flipper.disable is about clearing those enablements, not explicitly disabling the gate for the actor which is different.
#82 (comment) talks more about this. Storage of disabled is easy but the interface changes could cause quite a ripple for existing flipper users so we'd want to be careful.
Workarounds
Flipper.enabled?(:redesign, actor) && !Flipper.enabled?(:redesign_disabled, actor)
. A bit painful but can be wrapped up in another application method (e.g.Redesign.enabled?(actor)
which can check both and return value). Con: Involves checking two features. Also involves knowing what/how the negative feature works in this context.return false if actor.redesign_disabled?
or whatever. Con: Involves you storing stuff on your own instead of baked into flipper.The text was updated successfully, but these errors were encountered: