Attribute Macro actix_web_grants::proc_macro::protect

source ·

#[protect]

Expand description

Macro to сheck that the user has all the specified permissions. Allow to add a conditional restriction based on handlers parameters. Add the expr attribute followed by the the boolean expression to validate based on parameters

Also you can use you own types instead of Strings, just add ty attribute with path to type

§Examples

use actix_web::web::Json;

// User should be ADMIN with OP_GET_SECRET permission
#[actix_web_grants::protect("ROLE_ADMIN", "OP_GET_SECRET")]
async fn macro_secured() -> &'static str {
    "some secured info"
}

// User should be ADMIN with OP_GET_SECRET permission and the user.id param should be equal
// to the path parameter {user_id}
#[derive(serde::Deserialize)]
struct User {id: i32}

#[actix_web_grants::protect("ROLE_ADMIN", "OP_GET_SECRET", expr="user_id == user.id")]
async fn macro_secured_params(user_id: i32, user: Json<User>) -> &'static str {
    "some secured info with user_id path equal to user.id"
}

#[derive(Hash, PartialEq, Eq)]
enum MyPermissionEnum {
  OpGetSecret
}

// User must have MyPermissionEnum::OpGetSecret (you own enum example)
#[actix_web_grants::protect("MyPermissionEnum::OpGetSecret", ty = MyPermissionEnum)]
async fn macro_enum_secured() -> &'static str {
    "some secured info"
}