Module actix_web_grants::proc_macro[−][src]

Expand description

Procedural macros for checking user permissions or roles.

Examples

use actix_web::{web, get, HttpResponse};
use actix_web_grants::proc_macro::{has_permissions, has_roles};

// User should be ADMIN with OP_GET_SECRET permission
#[has_permissions["ROLE_ADMIN", "OP_GET_SECRET"]]
async fn macro_secured() -> HttpResponse {
    HttpResponse::Ok().body("some secured info")
}

// Role - is permission with prefix "ROLE_".
// User should be ADMIN and MANAGER
#[has_roles["ADMIN", "MANAGER"]]
async fn role_macro_secured() -> HttpResponse {
    HttpResponse::Ok().body("some secured info")
}

// Additional security condition to ensure the protection of the endpoint
#[has_roles("USER", secure = "user_id.into_inner() == user.id")]
#[get("/resource/{user_id}")]
async fn role_macro_secured_with_params(user_id: web::Path<i32>, user: web::Data<User>) -> HttpResponse {
    HttpResponse::Ok().body("some secured info with parameters")   
}
struct User { id: i32 }

// You own type is also supported (need to configure middleware for this type as well):
#[has_roles["Role::Admin", "Role::Manager", type = "Role"]]
async fn role_enum_macro_secured() -> HttpResponse {
    HttpResponse::Ok().body("some secured info")
}
#[derive(PartialEq, Clone)] // required bounds
enum Role { Admin, Manager }

Attribute Macros

has_any_permission

Macro to сheck that the user has any of the specified permissions.

has_any_role

Macro to сheck that the user has any the specified roles. Role - is permission with prefix “ROLE_”.

has_permissions

Macro to сheck that the user has all the specified permissions. Allow to add a conditional restriction based on handlers parameters. Add the secure attribute followed by the the boolean expression to validate based on parameters

has_roles

Macro to сheck that the user has all the specified roles. Role - is permission with prefix “ROLE_”.