Added
check_with_custom_deny for custom deny handlers:
403 with empty body is returned by default for failed permission checks. You may want to toggle between Unauthorized and Forbidden, maybe even customize return messages.
Example:
pub enum Role {Administrator, Moderator, User}
fn custom_deny_handler(req: &HttpRequest, _payload: &mut Payload) -> HttpResponse {
let role_exists = req.extensions().get::<Role>().is_some();
if !role_exists {
return HttpResponse::Unauthorized().body("You don't have access rights!");
} else {
return HttpResponse::Forbidden().body("Forbidden!");
}
}
pub fn check<F, Args>(route: Route, builder: Builder, handler: F) -> Route
where
F: Handler<Args>,
Args: FromRequest + 'static,
F::Output: Responder,
{
check_with_custom_deny(route, builder, handler, custom_deny_handler)
}