Skip to content

gensosrl/squeryl-auth-module

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
project
project
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Lift SquerylAuth Module

Authentication and Authorization module for Lift-Squeryl.

SquerylAuth is a port of Tim Nelson's MongoAuth module and Torsten Uhlmann's MapperAuth to Squeryl.

Installation

git clone https://github.com/gensosrl/squeryl-auth-module.git

cd squeryl-auth-module

sbt

  • publishLocal

SBT 0.13

For Lift 2.6.x (Scala 2.9 and 2.10 and scala 2.11):

libraryDependencies += "net.liftmodules" %% "squerylauth_2.6" % "0.3" % "compile",

Configuration

You must set the SquerylAuth.authUserMeta object that you will be using (see below). Most likely in boot:

// init mapperauth
SquerylAuth.authUserMeta.default.set(User)
SquerylAuth.siteName.default.set("My app")

See SquerylAuth for other settings that can be overriden.

Creating a User Data Model

This module provides several traits for constructing user model classes, which include roles and permissions.

There are several ways you can utilize this module:

SimpleUser

model.SimpleUser is a fully implemented user model, but is not extensible in any way. This is only useful for testing and demos. This shows what is necessary to create a user from ProtoAuthUser.

ProtoAuthUser

ProtoAuthUser and ProtoAuthUserMeta are a pair of traits that can be used to build a user model class and meta object. ProtoAuthUser has some standard fields. You can add fields to it, you can modify(override) the ones provided. This is a good place to start. If you find you need to modify the provided fields, you can copy and paste them into your user class and use SquerylAuthUser.

SquerylAuthUser

SquerylAuthUser is a trait for defining a Squeryl/Record class of AuthUser (provides authorization functionality). This can be used to build a user class from scratch. It only requires id and email fields.

ProtoAuthUserMeta

ProtoAuthUserMeta is a combination of AuthUserMeta and UserLifeCycle traits. These provide authorization functionality and login/logout functionality for MetaRecord objects. No matter which version you use for the Record user class, you can use this trait to define your MetaRecord, if it provides sufficient functionality.

"Remember Me" functionality is provided by ExtSession.

LoginToken provides a way for users that forgot their password to log in and change it. Users are sent a link with a token (an UUID) on the url. When they click on it they can be handled appropriately. The implementation is left up to you.

Roles and Permissions

Permissions are stored in its own table, "permissions". To access them use APermission, a simple case class. They have three parts; domain, actions, entities. This was heavily influenced by Apache Shiro's WildcardPermission. Please see the JavaDoc for WildcardPermission for detailed information.

You can either attach permissions directly to a user or create roles with permissions attached and then add these roles to the user.

Example:

Permission.save(Permission.createUserPermission(user, APermission("printer", "print")))
Permission.save(Permission.createUserPermission(user, APermission("user", "edit", "123")))

assert(User.hasPermission(APermission("printer", "manage")) == false)

Role is a Record instance that provides a way to group a set of permissions. A user's full set of permissions is calculated using the permissions from any roles assigned to them and the individual permissions assigned to them. There are also LocParams as well as the User-Meta-Singleton that can be used to check for roles.

Example:

val superuser = Role.save(Role.findOrCreate("superuser", "a category", Permission.fromAPermission(APermission.all)))

User.save(user.userRoles.addRole("superuser"))

assert(User.hasRole("superuser")) == true)
assert(User.lacksRole("superuser")) == false)
assert(User.lacksRole("admin")) == true)

SiteMap LocParams

The Locs trait and companion object provide some useful LocParams that use can use when defing your SiteMap.

This code was inspired by the lift-shiro module.

Examples:

Meun.i("Settings") / "settings" >> RequireLoggedIn
Meun.i("Password") / "password" >> RequireAuthentication
Meun.i("Admin") / "admin" >> HasRole("admin")
Meun.i("EditEntitiy") / "admin" / "entity" >> HasPermission(APermission("entity", "edit"))

"Authenticated" means the user logged in by supplying their password. "Logged In" means the user was logged in by either an ExtSession or LoginToken, or they are Authenticated.

Localization

A default localization is provided and can be found here. If you require another language or would prefer different text, copy the default and subtitute your values. See the Localization page on the Liftweb wiki for more information.

Example Implementation

The lift-squeryl.g8 giter8 template provides a fully functioning implementation of a basic user system.

Credits

SquerylAuth as well as lift-squeryl.g8 are ported from Tim Nelson's lift-mongoauth and lift-mongo and Torsten Uhlmann's MapperAuth.

License

Apache v2.0. See LICENSE

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

2 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages