Advanced usage - need to get request path and method #54
Comments
|
Hi, thanks for using play2-auth. I want to consider this case. |
|
Hi Tom I considered this problem. I recommend you to use following ways.
What do you think about these ways? Best regards, |
|
The reason with me negative to add Alternatively you can convert request path to domain object in controller and use it as authority. Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, I have just started using play2-auth and it is working nicely in my app. However I want to customise my authorize function and have used the example in the read me where a user can only edit their own messages.
In my app I need to authorize a user based on their role. The roles are not hard-coded and are stored in database. I also store in the database all the server root URLS (e.g. DELETE/users).
When a user tries to use an authenticated method I look up the user's role and if that role is allowed access to the server root.
However I have not been able to get the request parameters into my authorize method without making the following modifications to play2-auth:
diff --git a/module/src/main/scala/jp/t2v/lab/play2/auth/AsyncAuth.scala b/module/src/main/scala/jp/t2v/lab/play2/auth/AsyncAuth.scala
index effeb79..5a7ad5b 100644
--- a/module/src/main/scala/jp/t2v/lab/play2/auth/AsyncAuth.scala
+++ b/module/src/main/scala/jp/t2v/lab/play2/auth/AsyncAuth.scala
@@ -40,7 +40,7 @@ trait AsyncAuth {
} recoverWith {
case _ => authenticationFailed(request).map(Left.apply)
} flatMap {
} recoverWith {
case _ => authorizationFailed(request).map(Left.apply)
diff --git a/module/src/main/scala/jp/t2v/lab/play2/auth/Auth.scala b/module/src/main/scala/jp/t2v/lab/play2/auth/Auth.scala
index 98fca52..7e398a7 100644
--- a/module/src/main/scala/jp/t2v/lab/play2/auth/Auth.scala
+++ b/module/src/main/scala/jp/t2v/lab/play2/auth/Auth.scala
@@ -39,7 +39,7 @@ trait Auth {
def authorized(authority: Authority)(implicit request: RequestHeader): Either[SimpleResult, User] = for {
user <- restoreUser(request).toRight(Await.result(authenticationFailed(request), 10.seconds)).right
_ <- Either.cond(Await.result(authorize(user, authority), 10.seconds), (), Await.result(authorizationFailed(request), 10.seconds)).right
_ <- Either.cond(Await.result(authorize(user, authority, request), 10.seconds), (), Await.result(authorizationFailed(request), 10.seconds)).right
} yield user
private[auth] def restoreUser(implicit request: RequestHeader): Option[User] = for {
diff --git a/module/src/main/scala/jp/t2v/lab/play2/auth/AuthConfig.scala b/module/src/main/scala/jp/t2v/lab/play2/auth/AuthConfig.scala
index 73e4a16..f04bb5b 100644
--- a/module/src/main/scala/jp/t2v/lab/play2/auth/AuthConfig.scala
+++ b/module/src/main/scala/jp/t2v/lab/play2/auth/AuthConfig.scala
@@ -26,7 +26,7 @@ trait AuthConfig {
def authorizationFailed(request: RequestHeader)(implicit context: ExecutionContext): Future[SimpleResult]
lazy val idContainer: IdContainer[Id] = new CacheIdContainer[Id]
In my app I then use the following:
type Authority = (User, RequestHeader) => Future[Boolean]
def authorize(user: User, authority: Authority, request: RequestHeader)(implicit context: ExecutionContext): Future[Boolean] = authority(user,request)
Please can you tell me if this is correct way to use the request parameters inside my authorize method? If so can this change be made in a future release?
Many thanks,
Tom
The text was updated successfully, but these errors were encountered: