Deadbolt - Play Framework - How to check a @RestrictedResource with parameters in a controller?

Question

With Deadbolt's module we can check the restrictedResource with a ressource name and parameters in the view.

For example in my view, I have it, and it works well:

#{deadbolt.restrictedResource resourceKeys:['Domain'] , resourceParameters:['domainid':domain.id]}
   <li><a href="@{Admin.showDomain(domain.id)}">${domain.title}</a></li>
#{/deadbolt.restrictedResource}

But in my controller, I just can check the ressource name but I don't find a way to check it in my RestrictedResourcesHandler passing the domainid with.

I am looking for a solution to do something like that:

@RestrictedResource(name = {"Domain"}, params = {domainid})
public static void showDomain(String domainid)
{
}

Thanks in advance

Answer 1

It's not possible to have dynamic information in an annotation, but you can use params to define the name of an incoming value in the request. However, this information isn't passed into the handler at the moment because it expects a map. While you can pass in a map of parameters from the restrictedResource tag, you can't do this from an annotation so an empty map is passed into the handler.

Your best approach here is to pull a well-known parameter name from the request object. I need to have a rethink about the best way to do this without breaking backwards compatibility.

Steve (author of Deadbolt)

Answer 2

I've found a way the solved the problem, not the best I think, but it is the Steve Chaloner's solution (Deadbolt's creator), and it works.

For example, if your Controller's method argument is named "id", and you want to check this id inside your checkAccess method :

// Controller's method : 
@RestrictedResource(name = {"Domain"})
public static void showDomain(String id){} 

Just check at the beginning of your checkAccess method the Map "resourceParameters" is empty, and use the request object to get the parameters:

public AccessResult checkAccess(List<String> resourceNames,
                                Map<String, String> resourceParameters)
{    
    Map<String, String> hashm = new HashMap<String,String>();

    if(resourceParameters != null && !resourceParameters.isEmpty()){
        hashm = resourceParameters;
    }else if(Http.Request.current().routeArgs!= null && !Http.Request.current().routeArgs.isEmpty()){
        hashm = Http.Request.current().routeArgs;
    }
}

Then just have to foreach your hashmap inside your checkAccess method to get your Controller's method argument and check the Access as you wish.

for (Map.Entry<String,String> mp : hashm.entrySet())
{
    // Get the id argument
    if(mp.getKey().equals("id"))
    {
        // Do something with the value..
        mp.getValue()
    }        
}