Anybody implemented deadbolt or any other authorisation mechanism with securesocial?

Question

I'm browsing around the web to find some kind of tutorial but I'm having trouble finding it. I guess I could just use the twitter example provided with securesocial

example:

def onlyAdmin = SecuredAction(WithAuth("admin")) { implicit request =>
      Ok("You could see this since you are admin")
}

case class WithAuth(role: String) extends Authorization {
  def isAuthorized(user: Identity) = {
val existingDbUser = User.findUserByProviderUserId(user)
    existingDbUser.hasRole(role)
}

User.findUserByProviderUserId(user) calls the db to find the stored user and it's roles. I would prefer not to call the db every time and make use of the Identity.

How would you solve this?

Answer 1

That would be the right approach. You could, from the UserService.save() method return an instance of your own model (as long as it implements Identity). That would allow you to return your User object and then run user.hasRole(role) directly without querying the database again. But the query, needs to be done at some point.