luminus

nick 2020-07-20T12:19:46.042300Z

@jonathanj you may need to use from buddy.auth.accessrules for this.

;; File: src/some_app/middleware.clj  
  (defn open-gates [request]
       true)

  (def rules [{:pattern #"^/admin.*"
         :handler admin-access
         :redirect "/notauthorized"},
        {:pattern #"^\/vclass.*"
         :handler user-access
         :redirect "/notauthorized"},
        {:pattern #"^\/api.*"
         :handler open-gates
         :redirect "/notauthorized"},
        {:pattern #"^/user.*"
         :handler authenticated?}])

(defn wrap-base [handler]
  (-> ((:middleware defaults) handler)
  wrap-auth
  (wrap-access-rules {:rules rules :on-error on-error})
  (wrap-authentication (session-backend))
   wrap-flash
  (wrap-defaults
    (-> site-defaults
        (assoc-in [:security :anti-forgery] false)
        (assoc-in  [:session :store] (ttl-memory-store (* 60 30)))))
  wrap-internal-error))

2020-07-20T12:30:18.046900Z

@nfedyashev Thanks, I did eventually find that and managed to implement a middleware for this. Then I started on the rabbit hole of “why just check roles on the edges of my application” and now I have a couple of tabs about object capability open, so any more recommended reading would be appreciated.