Questions: Have 3 levels of authentication

Question

Questions: Have 3 levels of authentication

yoannspace opened this issue 9 years ago · 1 comments

Hi,

Following our twitter discussion: https://twitter.com/gakuzzzz/status/729984863244189697
I am not sure what to do... For the moment, I have 3 different levels in authorize function:

type User = models.UserLoggedData //a container that also contains a authorityUser which is the database object
type Authority = models.Role //simple role trait really close to your default one

def authorize(user: User, authority: Authority)(implicit ctx: ExecutionContext): Future[Boolean] = Future.successful {
    (user.authorityUser.role, authority) match {
      case ("admin", _)       => true
      case ("moderator", Role.moderator)   => true
      case ("simpleuser", Role.simpleuser)  => true
      case _                  => false
    }
  }

I can use this by having a StackAction with AuthorityKey -> admin (or moderator, or simpleuser). But I would like to have one action which can be used by 2 roles (moderator AND simpleuser).
Is there a simple way to do this ? (I think I found a workaround, but I guess you know a normal/easy way to do this)

Thanks,
Yoann

Answer 1 · 2016-05-10T13:05:26.000Z

We found the solution, way too simple...
We finally got 2 "similar" ways of doing it:

Use an additional role for both "moderator" and "simpleuser"
models.Role:

case object admin extends Role
case object moderator extends Role
case object moderatoruser extends Role
case object simpleuser extends Role
...

def authorize(user: User, authority: Authority)(implicit ctx: ExecutionContext): Future[Boolean] = Future.successful {
    (user.authorityUser.role, authority) match {
      case ("admin", _)       => true
      case ("moderator", Role.moderator)   => true
      case ("moderator", Role.moderatoruser)   => true
      case ("simpleuser", Role.moderatoruser)   => true
      case ("simpleuser", Role.simpleuser)  => true
      case _                  => false
    }
  }

That works great if you have actions that need to be used by both simpleuser and moderator, but not all pages.
Then we realized that all actions of a simpleuser could be used by a moderator so we went back a bit and decided to use:
2.
models.Role:

case object admin extends Role
case object moderator extends Role
case object simpleuser extends Role
...

def authorize(user: User, authority: Authority)(implicit ctx: ExecutionContext): Future[Boolean] = Future.successful {
    (user.authorityUser.role, authority) match {
      case ("admin", _)       => true
      case ("moderator", Role.moderator)   => true
      case ("moderator", Role.simpleuser)   => true
      case ("simpleuser", Role.simpleuser)  => true
      case _                  => false
    }
  }

Anyway, it took us a while to realize how easy it was... Anyway, thanks for the help and for the play2auth module.