Deadbolt Restrictions Annotation missing - Play 2.1.1, Deadbolt 2.1

StackOverflow https://stackoverflow.com/questions/19113239

Pergunta

I just noticed that the @Restrictions Annotation is missing in Deadbolt 2.2 and also in the deadbolt-2.1 version. In the example and the documentation it is explained (http://deadbolt-2-java.herokuapp.com/#controller-Restrictions).

Here it exists (DB-2.1.x): https://github.com/schaloner/deadbolt-2/tree/D2-1.x/project-code/app/be/objectify/deadbolt/actions

Here it doesnt:

deadbolt 2.1: https://github.com/schaloner/deadbolt-2-java/tree/deadbolt-2.1/app/be/objectify/deadbolt/java/actions

master (2.2): https://github.com/schaloner/deadbolt-2-java/tree/master/app/be/objectify/deadbolt/java/actions

Is there a reason why it is missing? How do i accomplish grouping roles togehter using OR without the Annotation, just write my own Dynamic Handler or is there a better way?

Thanks for answering in advance!

Foi útil?

Solução

I noticed this as well and looked through some of the source. It looks like both the @Restrictions and @Restrict annotations were replaced with only @Restrict. From the comments on the current @Restrict code:

Within an {@Group} roles are ANDed, and between {@Group} the role groups are ORed. For example, @Restrict({@Group("foo"), @Group("hurdy", "gurdy)}) means the @Subject must have either the foo role OR both the hurdy AND gurdy roles.

So it looks like you can just use the one @Restrict annotation now combined with the new @Group one as well.

Link to source code

Outras dicas

Well I dont know why it is missing, but I think using a custom DynamicHandler is cleaner anyway. The dynamic Annotation is shorter because the role names dont need to be typed into every Annotation.

With the @Restrictions Annotation it would look like this:

@Restrictions({@And("foo"),@And("bar"), @And("more_roles"})

Using a Dynamic Handler it looks like this:

@Dynamic("custom_restriction")

The code in the Dynamic Handler:

static {
        HANDLERS.put("custom_restriction", new AbstractDynamicResourceHandler() {
            public boolean isAllowed(String name, String meta, DeadboltHandler deadboltHandler, Http.Context context) {
                Subject subject = deadboltHandler.getSubject(context);
                boolean allowed = false;
                if (DeadboltAnalyzer.hasRole(subject, "foo") || DeadboltAnalyzer.hasRole(subject, "bar") || DeadboltAnalyzer.hasRole(subject, "more_roles")) {
                    allowed = true;
                }

                return allowed;
            }
        });
}
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top