GuidesDiscussionsScala API
HomeGuidesAPI ReferenceChangelogDiscussions
GuidesDiscussionsScala APIGet the book!Log In
Guides
Get the book!
These docs are for v2.2. Click to read the latest docs for v2.6.3.

The domain model

Suggest Edits

Deadbolt has three domain models, all located in the be.objectify.deadbolt.core.models package - Subject, Role and Permission. Each is an interface, allowing you to implement it in your preferred style.

The examples shown here are based on examples using Ebean as a persistence layer, but can of course be adapted for whichever persistence tools you're using.

be.objectify.deadbolt.core.models.Role

A Role is a single system privilege, e.g. admin, user and so on. A subject can have zero or more roles.

package models;

import be.objectify.deadbolt.core.models.Role;
import play.db.ebean.Model;

import javax.persistence.Entity;
import javax.persistence.Id;

@Entity
public class UserRole extends Model implements Role
{
    @Id
    public Long id;

    public String name;

    public static final Finder<Long, UserRole> find = new Finder<>(Long.class,
                                                                   UserRole.class);

    public String getName()
    {
        return name;
    }

    public static UserRole findByName(String name)
    {
        return find.where()
                   .eq("name",
                       name)
                   .findUnique();
    }
}

be.objectify.deadbolt.core.models.Permission

A Permission is a can be used with regular expression matching, e.g. a subject with a permission of printers.admin can access a resource constrained to printers., .admin, etc. A subject can have zero or more permissions.

package models;

import be.objectify.deadbolt.core.models.Permission;
import play.db.ebean.Model;

import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;

@Entity
public class UserPermission extends Model implements Permission
{
    @Id
    public Long id;

    @Column(name = "permission_value")
    public String value;

    public static final Model.Finder<Long, UserPermission> find = new Model.Finder<>(Long.class,
                                                                                     UserPermission.class);

    public String getValue()
    {
        return value;
    }

    public static UserPermission findByValue(String value)
    {
        return find.where()
                   .eq("value",
                       value)
                   .findUnique();
    }
}

be.objectify.deadbolt.core.models.Subject

A Subject represents, typically, a user. Static constraints such as Restrict and the equality and regex types of Pattern obtain the roles and permissions to test via the subject.

package models;

import be.objectify.deadbolt.core.models.Permission;
import be.objectify.deadbolt.core.models.Role;
import be.objectify.deadbolt.core.models.Subject;
import play.db.ebean.Model;

import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.ManyToMany;
import java.util.List;

@Entity
public class User extends Model implements Subject
{
    @Id
    public Long id;

    public String userName;

    @ManyToMany
    public List<UserRole> roles;

    @ManyToMany
    public List<UserPermission> permissions;

    public static final Finder<Long, User> find = new Finder<>(Long.class,
                                                               User.class);

    @Override
    public List<? extends Role> getRoles()
    {
        return roles;
    }

    @Override
    public List<? extends Permission> getPermissions()
    {
        return permissions;
    }

    @Override
    public String getIdentifier()
    {
        return userName;
    }

    public static User findByUserName(String userName)
    {
        return find.where()
                   .eq("userName",
                       userName)
                   .findUnique();
    }
}

Updated less than a minute ago