0

I am using a dynamic permission in Deadbolt 2 on my controller to check whether a user has access to a resource or not. This resource has an ID and in my controller, I have a method getById(String id) . Looks like that :

@Dynamic("checkAccess")
public CompletionStage<Result> getById(String id) {
    //Go get my item from DB
}

In my custom resource handler in Deadbolt, I'd like to use the id String that is passed to the method when called (for example, to check if the current user has ownership of this specific item designated by the ID).

The ID is present in at least two places : my URL, as a route parameter, and as an argument when calling the method. How can I access this ID in my Dynamic permission controller :

 HANDLERS.put("checkAccess", Optional.of(new AbstractDynamicResourceHandler() {
            public CompletionStage<Boolean> isAllowed(final String name, final Optional<String> meta,
                    final DeadboltHandler deadboltHandler, final Http.Context context) {
                Logger.debug("*** Custom permission test");
                //HERE - Do something with the ID
                return CompletableFuture.completedFuture(Boolean.FALSE);
            }
        }));

I found something about this problem here but it's quite hacky and it was 6 years ago, i'm kind of hoping for a cleaner way to do that.

Tom
  • 1,357
  • 2
  • 13
  • 32

1 Answers1

0

If you use your own DynamicResourceHandler, you are supposed to implement the DynamicResourceHandler interface somewhere. There you will need to implement the isAllowed() function (for @Dynamic annotation). One of its parameters is Http.context ctx from which you can get the route parameters using ctx.request() for your permission check.

import be.objectify.deadbolt.java.*;
import play.mvc.Http;
import java.util.*;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;

public class YourOwnDynamicResourceHandler implements DynamicResourceHandler {

    @Override
    public CompletionStage<Boolean> isAllowed(String name, Optional<String> meta, DeadboltHandler deadboltHandler, Http.Context ctx) {
        System.out.println(ctx.request().toString()); // <- route parameters
        // Your check goes here
        return CompletableFuture.completedFuture(false);
    }

    @Override
    public CompletionStage<Boolean> checkPermission(String permissionValue, Optional<String> meta, DeadboltHandler deadboltHandler, Http.Context ctx) {
         // Your check goes here
         return CompletableFuture.completedFuture(false); 
    }

}

Note: Answer is based on Deadbolt 2.6.4.

Jens.Huehn_at_SlideFab.com
  • 717
  • 7
  • 12