Struct actix_web_grants::GrantsMiddleware

pub struct GrantsMiddleware<E, Req, Type> where
    for<'a> E: PermissionsExtractor<'a, Req, Type>,
    Type: PartialEq + Clone + 'static,  { /* fields omitted */ }

Built-in middleware for extracting user permission.

Examples

use actix_web::dev::ServiceRequest;
use actix_web::{get, App, Error, HttpResponse, HttpServer, Responder};

use actix_web_grants::permissions::{AuthDetails, PermissionsCheck};
use actix_web_grants::{proc_macro::has_permissions, GrantsMiddleware};

fn main() {
    HttpServer::new(|| {
        let auth = GrantsMiddleware::with_extractor(extract);
        App::new()
            .wrap(auth)
            .service(you_service)
    });
}

// You can use both &ServiceRequest and &mut ServiceRequest
// Futhermore, you can use you own type instead of `String` (e.g. Enum).
async fn extract(_req: &ServiceRequest) -> Result<Vec<String>, Error> {
   // Here is a place for your code to get user permissions/grants/permissions from a request
   // For example from a token or database

   // Stub example
   Ok(vec!["ROLE_ADMIN".to_string()])
}

// `has_permissions` is one of options to validate permissions.
// `proc-macro` crate has additional features, like ABAC security and custom types. See examples and `proc-macro` crate docs.
#[get("/admin")]
#[has_permissions("ROLE_ADMIN")]
async fn you_service() -> impl Responder {
    HttpResponse::Ok().finish()
}

Implementations

impl<E, Req, Type> GrantsMiddleware<E, Req, Type> where
    for<'a> E: PermissionsExtractor<'a, Req, Type>,
    Type: PartialEq + Clone + 'static, 

pub fn with_extractor(extractor: E) -> GrantsMiddleware<E, Req, Type>

Create middleware by PermissionsExtractor.

You can use a built-in implementation for async fn with a suitable signature (see example below). Or you can define your own implementation of trait.

Example of function with implementation of PermissionsExtractor

use actix_web::dev::ServiceRequest;
use actix_web::Error;

async fn extract(_req: &ServiceRequest) -> Result<Vec<String>, Error> {
    // Here is a place for your code to get user permissions/grants/permissions from a request
     // For example from a token or database
    Ok(vec!["WRITE_ACCESS".to_string()])
}

// Or with you own type:
#[derive(PartialEq, Clone)] // required bounds
enum Permission { WRITE, READ }
async fn extract_enum(_req: &ServiceRequest) -> Result<Vec<Permission>, Error> {
    // Here is a place for your code to get user permissions/grants/permissions from a request
     // For example from a token, database or external service
    Ok(vec![Permission::WRITE])
}

Trait Implementations

impl<S, B, E, Req, Type> Transform<S, ServiceRequest> for GrantsMiddleware<E, Req, Type> where
    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
    for<'a> E: PermissionsExtractor<'a, Req, Type> + 'static,
    Type: PartialEq + Clone + 'static, 

type Response = ServiceResponse<B>

Responses produced by the service.

type Error = Error

Errors produced by the service.

type Transform = GrantsService<S, E, Req, Type>

The TransformService value created by this factory

type InitError = ()

Errors produced while building a transform service.

type Future = Ready<Result<Self::Transform, Self::InitError>>

The future response value.

fn new_transform(&self, service: S) -> Self::Future

Creates and returns a new Transform component, asynchronously