Hi,
I’ve got two issues:
1st issue
class UserRequest[A](val user: Option[UserView], request: Request[A]) extends WrappedRequest[A](request)
class OrganisationRequest[A](val organisationId: OrganisationId, val userId: UserId, val role: Role, request: UserRequest[A]) extends WrappedRequest[A](request)
class UserAction @Inject()(val parser: BodyParsers.Default, env: Environment, organisationDAO: OrganisationDAO)(implicit val executionContext: ExecutionContext, configuration: Configuration)
extends ActionBuilder[UserRequest, AnyContent] with ActionTransformer[Request, UserRequest] {
override def transform[A](request: Request[A])= Future.successful {
new UserRequest[A](user = request.jwtSession.getAs[UserView]("user"), request)
}
}
case class SecuredControllerComponents @Inject()(
userAction: UserAction,
actionBuilder: DefaultActionBuilder,
parsers: PlayBodyParsers,
messagesApi: MessagesApi,
langs: Langs,
fileMimeTypes: FileMimeTypes,
executionContext: scala.concurrent.ExecutionContext
) extends ControllerComponents
class SecuredController @Inject()(scc: SecuredControllerComponents, organisationDAO: OrganisationDAO)(implicit val executionContext: ExecutionContext, configuration: Configuration)
extends AbstractController(scc) {
def organisationActionOn(organisationId: OrganisationId)(implicit executionContext: ExecutionContext) = new ActionRefiner[UserRequest, OrganisationRequest] {
def executionContext: ExecutionContext = executionContext
def refine[A](request: UserRequest[A]) = Future.successful {
request.user.map { user =>
organisationDAO
.getOrganisationRoleByOrganisationIdForUserId(user.id, organisationId)
.map(role => Right(new OrganisationRequest[A](organisationId, user.id, role, request)))
.getOrElse(Left(InternalServerError.refreshJwtSession(request)))
}.getOrElse(Left(Unauthorized))
}
}
def adminFilter(implicit executionContext: ExecutionContext) = new ActionFilter[OrganisationRequest] {
override protected def executionContext: ExecutionContext = executionContext
override protected def filter[A](request: OrganisationRequest[A]) = Future.successful {
if (request.role == ORGANISATION_ADMIN || request.role == ORGANISATION_MEMBER) None
else Some(Forbidden.refreshJwtSession(request))
}
}
def organisationAdminAction(organisationId: OrganisationId) = scc.userAction. andThen(organisationActionOn(organisationId)).andThen(adminFilter)
}
This code is just a https://www.playframework.com/documentation/2.7.x/ScalaActionsComposition impl. I got a Request, I check if there is JwtSession on it, then I transform it to UserRequest. Then I refine to OrganisationRequest to add user + organisation informations. Finally I filter if the user is authorized to access to the organisation given.
Currently it stucks to the refine impl. For a Left(Unauthorized) it outputs nothing and stucks. The query (using curl) just timeouts. No exceptions throwed.
2nd issue
The second is about to override the invokeBlock method to refresh the jwtSession. I don’t know where to place it.
Globally
I’m pretty sure I did a wrong usage of https://www.playframework.com/documentation/2.7.x/ScalaActionsComposition, but I think I exactly followed the documentation.
Thanks for you help.