Extension for [
poem] to validate user permissions.
To check user access to specific services, you can use built-in proc-macro, PermissionGuard or manual.
The library can also be integrated with third-party solutions or your custom middlewares (like [jwt-auth] example).
Provides a complete analogue of the [actix-web-grants].
NOTE: [poem-openapi] support is still in development.
The easiest way is to declare a function with the following signature (trait is already implemented for such Fn):
rust,ignore
// You can use custom type instead of String
async fn extract(req: &poem::Request) -> poem::Result<Vec<String>>
rust,ignore
Route::new()
.at("/endpoint", your_endpoint)
.with(GrantsMiddleware::with_extractor(extract))
Steps 1 and 2 can be replaced by custom middleware or integration with another libraries. Take a look at an jwt-auth example
proc-macro way protection```rust,no_run use poem::{Response, http::StatusCode};
async fn macrosecured() -> Response { Response::builder().status(StatusCode::OK).body("ADMINRESPONSE") } ```
Here is an example using the type and secure attributes. But these are independent features.
secure allows you to include some checks in the macro based on function params.
type allows you to use a custom type for the roles and permissions (then the middleware needs to be configured).
Take a look at an enum-role example
```rust,ignore use poem::{Response, http::StatusCode, web}; use enums::Role::{self, ADMIN}; use dto::User;
async fn macrosecured(userid: web::Path
```rust,norun use poem::{Response, http::StatusCode}; use poemgrants::permissions::{AuthDetails, PermissionsCheck};
async fn manualsecure(details: AuthDetails) -> Response { if details.haspermission("ROLEADMIN") { return Response::builder().status(StatusCode::OK).body("ADMINRESPONSE"); } Response::builder().status(StatusCode::OK).body("OTHER_RESPONSE") } ```
You can find more [examples] in the git repository folder and [documentation].
poem versionspoem-grants: 1.* supported version of poem is 1.*