About how to security the view without Await.

Question

About how to security the view without Await.

djx314 opened this issue 9 years ago · comments

What about this:

controller

val dataFuture: Future[Data] = ???
val subjectWithPermissionsFromCacheOrDBFuture: Future[CaseSubject] = ???
for {
  data <- data
  subject <- subjectWithPermissionFromCacheOrDBFuture
} yield {
  Ok(view(data)(SubjectWrap(subject)))
}

view.scala.html

@(data: Data)(wrap: SubjectWrap)
@wrap.require("superAdmin") {
  @data.name
}

I mean get the subject informations with future in the controller first and render the view with no db connection.

漓江丽火 · Answer 1 · Thu Sep 03 2015 21:17:46 GMT+0800 (China Standard Time)

Oh, when I review this issue, I think I need to say more specific.
model.scala

case class Subject(name: String, permissions: List[Permission]) {
  def require[T](permission: String)(content: => T) =
    if(permissions.exists(_.getName == permission)) {
        Option(content)
    } else {
        None
    }
}

controller.scala

val dataFuture = Future[Data]
val subjectFuture = Future[Subject]
for {
  data <- dataFuture
  subject <- subjectFuture
} yield {
  Ok(views.html.index(data)(subject))
}

view.html

@(data: Data)(subject: Subject)
...
@subject.require("admin"){
  @data.name
}
...

Steve Chaloner · Answer 2 · Fri Sep 04 2015 13:47:38 GMT+0800 (China Standard Time)

That's an interesting idea. However, if you fetch the Subject (or DynamicResourceHandler, or whatever) in a non-blocking controller call, you can make it immediately accessible via the DeadboltHandler and set the blocking duration to -1.