About how to security the view without Await.
djx314 opened this issue · comments
What about this:
controller
val dataFuture: Future[Data] = ???
val subjectWithPermissionsFromCacheOrDBFuture: Future[CaseSubject] = ???
for {
data <- data
subject <- subjectWithPermissionFromCacheOrDBFuture
} yield {
Ok(view(data)(SubjectWrap(subject)))
}
view.scala.html
@(data: Data)(wrap: SubjectWrap)
@wrap.require("superAdmin") {
@data.name
}
I mean get the subject informations with future in the controller first and render the view with no db connection.
Oh, when I review this issue, I think I need to say more specific.
model.scala
case class Subject(name: String, permissions: List[Permission]) {
def require[T](permission: String)(content: => T) =
if(permissions.exists(_.getName == permission)) {
Option(content)
} else {
None
}
}
controller.scala
val dataFuture = Future[Data]
val subjectFuture = Future[Subject]
for {
data <- dataFuture
subject <- subjectFuture
} yield {
Ok(views.html.index(data)(subject))
}
view.html
@(data: Data)(subject: Subject)
...
@subject.require("admin"){
@data.name
}
...
That's an interesting idea. However, if you fetch the Subject (or DynamicResourceHandler, or whatever) in a non-blocking controller call, you can make it immediately accessible via the DeadboltHandler and set the blocking duration to -1.