Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I must have missed this somehow…
In my app user “x” owns posts 1, 4, 8. He should only be able to view/edit those.
If I open localhost:9000/post/1 in the browser I expect it to sow details with the ability to edit.
When I open localhost:9000/post/99 – he should not be able to view or edit this post. How can I restrict that in Play Framework?
I am aware of the @Check concept but is that the right way to do it?
Either way you need to hit the database to see whether a user is allowed to see a Post.
You can put this code in the @Before interceptor for that controller or in the relevant show method which pulls the Post record – and if not authorized, call forbidden() method.