Simple route permissions for Ktor.
First define your permissions, this could be anything: strings, enum, sealed class.
enum class Permission {
GLOBAL, VIEW_DATA, EDIT_DATA,
}
Next configure the authentication, sessions, and PermissionAuthorization
features.
data class UserSession(
val userId: String,
val permissions: Set<Permission>
) : Principal
fun Application.module() {
install(PermissionAuthorization) {
// Given the Principal, extract the user's permissions
extract { (it as UserSession).permissions }
// When the Principal contains the 'global' permission,
// all route specific permission checks are ignored
global(Permission.Global)
}
}
The last remaining bit is to specify permission requirements for your routes using
withPermission
, withAllPermissions
, withAnyPermissions
, withoutPermissions
.
fun Application.module() {
routing {
authenticate {
withPermission(Permission.VIEW_DATA) {
get("/data") {
// ...
}
}
withPermission(Permission.EDIT_DATA) {
post("/data") {
// ...
}
}
}
}
}
repositories {
mavenCentral()
// Or snapshots
maven("https://s01.oss.sonatype.org/content/repositories/snapshots/")
}
dependencies {
implementation("org.drewcarlson:ktor-permissions:$KTOR_PERMISSIONS_VERSION")
}