Using both CRUD and Secure module in Play Framework

Question

I'm wondering how to use CRUD with Secure module without securing the entire controller.

I have a BlogPost model with a controller named BlogPosts. Since I want the administrators to be able to use the CRUD back-office to create, update and delete posts, the controller extends CRUD and uses Secure :

@With(Secure.class)
public class BlogPosts extends CRUD {

}

But now I want to list the blog posts on the home page. I cannot use this controller since it is restricted to authenticated users. And I do not want to create another controller.

So what is the best way to do it?

Answer 1

Just get the BlogPost items via JPA in your other controller:

public static void listBlogs() {
    render(BlogPost.findAll());
}

Answer 2

You can write your own @Before method that calls the Security check for all methods except list. Something like:

   @Before(unless="list")
   public static void before() {
      // Do security check
   }

It won't be as handy as the annotation but it will work.

See the documentation

EDIT ON COMMENT TO CLARIFY

I see the answer was slightly ambiguous. The idea is to remove the @With() annotation and create your own local @Before method that will be executed on all methods except list. That method can then delegate the processing to Secure.before (as it is a static method with no params)

Now that I think about it, you could just add the unless restriction to the method in Secure class, it should work for this scenario although it means mixing some concepts (so I would not do it in my project).