Releases · eisberg-labs/actix-permissions

12 Apr 08:33

amarjanica

v2.0.0

15813f1

Release 2.0.0 Latest

Latest

Changed

Changed to fluent writing permission in a route.

            web::scope("").route(
                "/",
                permission()
                    .check(web::get())
                    .validate(dummy_permission_check)
                    .to(index)
                    .build(),
            ),

Deprecated check and check_with_custom_deny in favor of permission() builder.
Fixed disappearing Payload from handler.

Assets 2

29 Mar 11:35

amarjanica

v1.0.1

e02048c

Release 1.0.1

Removed

Clone requirement from Args

Assets 2

28 Mar 11:12

amarjanica

v1.0.0

168cf37

Release 1.0.0

This release is a complete rework of permissions. Reason is need for async, no request extractor logic, and lifetime limitations.

Changed

Permission call signature. Instead of call(&req, &mut payload), it is now call(req, args).
Permission supports async functions and there's no need for data extractors. Works same as actix Handler. You can no write something like

async fn dummy_permission_check(
    _req: HttpRequest,
    dummy_service: web::Data<DummyService>,
    data: web::Query<MyStatus>,
) -> actix_web::Result<bool> {
    // Unecessary complicating permission check to show what it can do.
    // You have access to request, payload, and all injected dependencies through app_data.
    Ok(dummy_service.check(data.status.clone()))
}

Removed

Builder removed. No more composing different permissions. check method accepts a Permission instead of Builder, and would look like check(web::get(), dummy_permission_check, index))

Assets 2

08 Mar 16:42

amarjanica

v0.1.1

945a4df

Release 0.1.1

Added

check_with_custom_deny for custom deny handlers:
403 with empty body is returned by default for failed permission checks. You may want to toggle between Unauthorized and Forbidden, maybe even customize return messages.
Example:

pub enum Role {Administrator, Moderator, User}

fn custom_deny_handler(req: &HttpRequest, _payload: &mut Payload) -> HttpResponse {
    let role_exists = req.extensions().get::<Role>().is_some();
    if !role_exists {
        return HttpResponse::Unauthorized().body("You don't have access rights!");
    } else {
        return HttpResponse::Forbidden().body("Forbidden!");
    }
}

pub fn check<F, Args>(route: Route, builder: Builder, handler: F) -> Route
where
    F: Handler<Args>,
    Args: FromRequest + 'static,
    F::Output: Responder,
{
    check_with_custom_deny(route, builder, handler, custom_deny_handler)
}