// *************************************************************************** // // Delphi MVC Framework // // Copyright (c) 2010-2017 Daniele Teti and the DMVCFramework Team // // https://github.com/danieleteti/delphimvcframework // // Contributer on this file: Janidan - https://github.com/janidan // // *************************************************************************** // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // // *************************************************************************** } unit PrivateControllerU; interface uses MVCFramework, MVCFramework.Commons, MVCFramework.Middleware.Authentication.RoleBasedAuthHandler; type [MVCPath('/private')] TPrivateController = class(TMVCController) public [MVCPath('/')] [MVCHTTPMethod([httpGET])] procedure Index; [MVCPath('/public/action')] [MVCHTTPMethod([httpGET])] procedure PublicAction; [MVCPath('/authenticatedOnly')] [MVCHTTPMethod([httpGET])] [MVCRequiresAuthentication] procedure AuthenticatedAction; [MVCPath('/role1')] [MVCHTTPMethod([httpGET])] [MVCRequiresRole('role1')] procedure OnlyRole1; [MVCPath('/role2')] [MVCHTTPMethod([httpGET])] [MVCRequiresRole('role2')] procedure OnlyRole2; [MVCPath('/role1and2')] [MVCHTTPMethod([httpGET])] [MVCRequiresRole('role1')] [MVCRequiresRole('role2')] // The following is the same as above (redundancy for the example) [MVCRequiresRole('role1;role2', MVCRoleEval.reAND)] procedure OnlyRole1And2; [MVCPath('/role1or2')] [MVCHTTPMethod([httpGET])] [MVCRequiresRole('role1;role2', MVCRoleEval.reOR)] procedure OnlyRole1or2; [MVCPath('/role/($role)')] [MVCHTTPMethod([httpGET])] [MVCRequiresRole('($role)')] procedure AccessThisByRole(const role: string); end; implementation procedure TPrivateController.AccessThisByRole(const role: string); begin Render('OK This ressource was accessed by role: ' + role); end; procedure TPrivateController.AuthenticatedAction; begin Render('OK from a Authenticated Action'); end; procedure TPrivateController.Index; begin // use Context property to access to the HTTP request and response Render('Hello World'); end; procedure TPrivateController.OnlyRole1; begin Render('OK from a "role1" action'); end; procedure TPrivateController.OnlyRole1And2; begin Render('OK from a "role1 and role2" action'); end; procedure TPrivateController.OnlyRole1or2; begin Render('OK from a "role1 or role2" action'); end; procedure TPrivateController.OnlyRole2; begin Render('OK from a "role2" action'); end; procedure TPrivateController.PublicAction; begin Render('OK from a public action (no login required)'); end; end.