Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Play framework, Scala: authenticate User by Role

I've user roles: user, manager, admin. I need to authenticate them in controllers (methods). For example only admin can delete (now it looks like this, need to change that only admin should have permission):

def deleteBook(id: Int) = DBAction {
    findById(id) match {
        case Some(entity) => {
            books.filter(_.id === id).delete
            Ok("")
        }
        case None => Ok("")
    }
}

I've many controllers and methods. I need to authenticate before process request (for example deleting book). My routes file contains:

...
DELETE        /books/:id                  @controllers.Book.deleteBook(id: Int)
...

Some routes are only accessible to admin and manager. Some are for all types of users.

I'm currently seeing deadbolt2scala authorization module for play.

Can you recommend best way to authenticate multirole users in playframework scala?

like image 552
Ikrom Avatar asked Oct 09 '14 10:10

Ikrom


1 Answers

I've managed to do this by using StackableControllers provided by https://github.com/t2v/stackable-controller Basically, I use a basic access control list provided by my application.conf. I start by checking if there is a user in my request. If there is one, I can check if he has sufficient access rights to perform the action.

Such a feature may be implemented using BodyParser composition too. I've never done that, though, so someone else's advice may be better for you.

like image 119
Agemen Avatar answered Nov 15 '22 00:11

Agemen