Dynamic is the most powerful constraint in Deadbolt. It enforces arbitrary rules. See the documentation for a full overview.
In these examples, the action is shown on the left, the rule specified in the relevant DynamicResourceHandler is in the center and the result is in an iframe on the right.
@@Dynamic("pureLuck") public static Result pureLuck() { return ok(accessOk.render()); }
public boolean isAllowed(String name, String meta, DeadboltHandler deadboltHandler, Http.Context context) { return System.currentTimeMillis() % 2 == 0; }
@@Dynamic(value = "pureLuck", handler = MyAlternativeDeadboltHandler.class) public static Result noWayJose() { return ok(accessOk.render()); }
public boolean checkPermission(String permissionValue, DeadboltHandler deadboltHandler, Http.Context ctx) { // Computer says no return false; }
@@Dynamic(value = "pureLuck", handler = MyAlternativeDeadboltHandler.class) public static Result noWayJose() { return ok(accessOk.render()); }
public boolean isAllowed(String name, String meta, DeadboltHandler deadboltHandler, Http.Context context) { Subject subject = deadboltHandler.getSubject(context); boolean allowed; if (DeadboltAnalyzer.hasRole(subject, "admin")) { allowed = true; } else { // a call to view profile is probably a get request, so // the query string is used to provide info // See the Deadbolt documentation on why this is harder to do with path parameters MapqueryStrings = context.request().queryString(); String[] requestedNames = queryStrings.get("userName"); allowed = requestedNames != null && requestedNames.length == 1 && requestedNames[0].equals(subject.getIdentifier()); } return allowed; }
@@Dynamic(value = "viewProfile") public static Result viewProfile(String userName) { return ok(accessOk.render()); }
public boolean isAllowed(String name, String meta, DeadboltHandler deadboltHandler, Http.Context context) { Subject subject = deadboltHandler.getSubject(context); boolean allowed; if (DeadboltAnalyzer.hasRole(subject, "admin")) { allowed = true; } else { // a call to view profile is probably a get request, so // the query string is used to provide info // See the Deadbolt documentation on why this is harder to do with path parameters MapqueryStrings = context.request().queryString(); String[] requestedNames = queryStrings.get("userName"); allowed = requestedNames != null && requestedNames.length == 1 && requestedNames[0].equals(subject.getIdentifier()); } return allowed; }