All geek questions in one place

Playback plugin, Scala: authenticate user by role

I have user roles: user , manager , admin . I need to authenticate them in controllers (methods). For example, only admin can delete (now it looks like this, you need to change that only the administrator must have permission):

 def deleteBook(id: Int) = DBAction { findById(id) match { case Some(entity) => { books.filter(_.id === id).delete Ok("") } case None => Ok("") } }

I have many controllers and methods. I need to authenticate before requesting a process (e.g. deleting a workbook). My routes file contains:

 ... DELETE /books/:id @controllers.Book.deleteBook(id: Int) ...

Some routes are available only for the administrator and manager. Some of them are intended for all types of users.

I am currently seeing the deadbolt2scala authorization module.

Can you recommend the best way to authenticate multi-user in playframework scala?

+6
source share
1 answer

I managed to do this using the StackableControllers provided by https://github.com/t2v/stackable-controller Basically, I use the basic access control list provided by my application.conf. I start by checking for the presence of the user in my request. If there is one, I can check if it has sufficient access rights to perform the action.

Such a function can also be implemented using the BodyParser composition. I have never done this, so someone else advice might be better for you.

+1
source

Source: https://habr.com/ru/post/976484/

More articles:


All Articles