update actix-web-grants to v4

2023-12-02 21:16:44 +01:00 · 2023-12-02 21:16:44 +01:00 · f1e8797528
commit f1e8797528
parent 0330ad6168
5 changed files with 111 additions and 119 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -42,17 +42,6 @@ dependencies = [
 "pin-project-lite",
 ]

-[[package]]
-name = "actix-grants-proc-macro"
-version = "2.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c278a8d315dd00c434ad65ec14d3416cacb26d16961af8a1d7a19568071e4f32"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 1.0.109",
-]
-
 [[package]]
 name = "actix-http"
 version = "3.4.0"
@ -255,12 +244,12 @@ dependencies = [

 [[package]]
 name = "actix-web-grants"
-version = "3.0.2"
+version = "4.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e03865e96db7fc34438d3f4aa330f81f537652f58f8b3728ddc623038055274"
+checksum = "45ac7af52ea0b1ae7b9381ae82a0831614b42cd8ccd1e7e45c5fc5eac355fffc"
 dependencies = [
- "actix-grants-proc-macro",
 "actix-web",
+ "protect-endpoints-proc-macro",
 ]

 [[package]]
@ -481,11 +470,11 @@ version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "17ae5ebefcc48e7452b4987947920dac9450be1110cadf34d1b8c116bdbaf97c"
 dependencies = [
- "async-lock 3.1.2",
+ "async-lock 3.2.0",
 "async-task",
 "concurrent-queue",
 "fastrand 2.0.1",
- "futures-lite 2.0.1",
+ "futures-lite 2.1.0",
 "slab",
 ]

@ -498,9 +487,9 @@ dependencies = [
 "async-channel 2.1.1",
 "async-executor",
 "async-io 2.2.1",
- "async-lock 3.1.2",
+ "async-lock 3.2.0",
 "blocking",
- "futures-lite 2.0.1",
+ "futures-lite 2.1.0",
 "once_cell",
 ]

@ -530,14 +519,14 @@ version = "2.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d6d3b15875ba253d1110c740755e246537483f152fa334f91abd7fe84c88b3ff"
 dependencies = [
- "async-lock 3.1.2",
+ "async-lock 3.2.0",
 "cfg-if",
 "concurrent-queue",
 "futures-io",
- "futures-lite 2.0.1",
+ "futures-lite 2.1.0",
 "parking",
 "polling 3.3.1",
- "rustix 0.38.25",
+ "rustix 0.38.26",
 "slab",
 "tracing",
 "windows-sys 0.52.0",
@ -554,9 +543,9 @@ dependencies = [

 [[package]]
 name = "async-lock"
-version = "3.1.2"
+version = "3.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dea8b3453dd7cc96711834b75400d671b73e3656975fa68d9f277163b7f7e316"
+checksum = "7125e42787d53db9dd54261812ef17e937c95a51e4d291373b670342fa44310c"
 dependencies = [
 "event-listener 4.0.0",
 "event-listener-strategy",
@ -637,9 +626,9 @@ checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"

 [[package]]
 name = "atomic-write-file"
-version = "0.1.0"
+version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c232177ba50b16fe7a4588495bd474a62a9e45a8e4ca6fd7d0b7ac29d164631e"
+checksum = "edcdbedc2236483ab103a53415653d6b4442ea6141baf1ffa85df29635e88436"
 dependencies = [
 "nix",
 "rand",
@ -718,11 +707,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6a37913e8dc4ddcc604f0c6d3bf2887c995153af3611de9e23c352b44c1b9118"
 dependencies = [
 "async-channel 2.1.1",
- "async-lock 3.1.2",
+ "async-lock 3.2.0",
 "async-task",
 "fastrand 2.0.1",
 "futures-io",
- "futures-lite 2.0.1",
+ "futures-lite 2.1.0",
 "piper",
 "tracing",
 ]
@ -834,9 +823,9 @@ checksum = "6e4de3bc4ea267985becf712dc6d9eed8b04c953b3fcfb339ebc87acd9804901"

 [[package]]
 name = "clap"
-version = "4.4.9"
+version = "4.4.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46ca43acc1b21c6cc2d1d3129c19e323a613935b5bc28fb3b33b5b2e5fb00030"
+checksum = "41fffed7514f420abec6d183b1d3acfd9099c79c3a10a06ade4f8203f1411272"
 dependencies = [
 "clap_builder",
 "clap_derive",
@ -880,9 +869,9 @@ checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7"

 [[package]]
 name = "concurrent-queue"
-version = "2.3.0"
+version = "2.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f057a694a54f12365049b0958a1685bb52d567f5593b355fbf685838e873d400"
+checksum = "d16048cd947b08fa32c24458a22f5dc5e835264f689f4f5653210c69fd107363"
 dependencies = [
 "crossbeam-utils",
 ]
@ -912,9 +901,9 @@ dependencies = [

 [[package]]
 name = "core-foundation"
-version = "0.9.3"
+version = "0.9.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "194a7a9e6de53fa55116934067c844d9d749312f75c6f6d0980e8c252f8c2146"
+checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f"
 dependencies = [
 "core-foundation-sys",
 "libc",
@ -922,9 +911,9 @@ dependencies = [

 [[package]]
 name = "core-foundation-sys"
-version = "0.8.4"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa"
+checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f"

 [[package]]
 name = "cpufeatures"
@ -989,7 +978,7 @@ dependencies = [
 "autocfg",
 "cfg-if",
 "crossbeam-utils",
- "memoffset 0.9.0",
+ "memoffset",
 "scopeguard",
 ]

@ -1163,12 +1152,12 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"

 [[package]]
 name = "errno"
-version = "0.3.7"
+version = "0.3.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f258a7194e7f7c2a7837a8913aeab7fd8c383457034fa20ce4dd3dcb813e8eb8"
+checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245"
 dependencies = [
 "libc",
- "windows-sys 0.48.0",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@ -1490,14 +1479,13 @@ dependencies = [

 [[package]]
 name = "futures-lite"
-version = "2.0.1"
+version = "2.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3831c2651acb5177cbd83943f3d9c8912c5ad03c76afcc0e9511ba568ec5ebb"
+checksum = "aeee267a1883f7ebef3700f262d2d54de95dfaf38189015a74fdc4e0c7ad8143"
 dependencies = [
 "fastrand 2.0.1",
 "futures-core",
 "futures-io",
- "memchr",
 "parking",
 "pin-project-lite",
 ]
@ -1560,8 +1548,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f"
 dependencies = [
 "cfg-if",
+ "js-sys",
 "libc",
 "wasi",
+ "wasm-bindgen",
 ]

 [[package]]
@ -1891,11 +1881,12 @@ dependencies = [

 [[package]]
 name = "jsonwebtoken"
-version = "9.1.0"
+version = "9.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "155c4d7e39ad04c172c5e3a99c434ea3b4a7ba7960b38ecd562b270b097cce09"
+checksum = "5c7ea04a7c5c055c175f189b6dc6ba036fd62306b58c66c9f6389036c503a3f4"
 dependencies = [
 "base64",
+ "js-sys",
 "pem",
 "ring",
 "serde",
@ -2012,9 +2003,9 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519"

 [[package]]
 name = "linux-raw-sys"
-version = "0.4.11"
+version = "0.4.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "969488b55f8ac402214f3f5fd243ebb7206cf82de60d3172994707a4bcc2b829"
+checksum = "c4cd1a83af159aa67994778be9070f0ae1bd732942279cabb14f86f986a21456"

 [[package]]
 name = "local-channel"
@ -2080,15 +2071,6 @@ version = "2.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167"

-[[package]]
-name = "memoffset"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4"
-dependencies = [
- "autocfg",
-]
-
 [[package]]
 name = "memoffset"
 version = "0.9.0"
@ -2168,15 +2150,13 @@ dependencies = [

 [[package]]
 name = "nix"
-version = "0.26.4"
+version = "0.27.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "598beaf3cc6fdd9a5dfb1630c2800c7acd31df7aaf0f565796fba2b53ca1af1b"
+checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053"
 dependencies = [
- "bitflags 1.3.2",
+ "bitflags 2.4.1",
 "cfg-if",
 "libc",
- "memoffset 0.7.1",
- "pin-utils",
 ]

 [[package]]
@ -2502,7 +2482,7 @@ dependencies = [
 "cfg-if",
 "concurrent-queue",
 "pin-project-lite",
- "rustix 0.38.25",
+ "rustix 0.38.26",
 "tracing",
 "windows-sys 0.52.0",
 ]
@ -2528,6 +2508,18 @@ dependencies = [
 "unicode-ident",
 ]

+[[package]]
+name = "protect-endpoints-proc-macro"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "58bdc4e4341d7f37ab1c1fdbfb266060734a832695d0ef5306f5a3f9a19fac26"
+dependencies = [
+ "darling",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.39",
+]
+
 [[package]]
 name = "psm"
 version = "0.1.21"
@ -2697,9 +2689,9 @@ dependencies = [

 [[package]]
 name = "ring"
-version = "0.17.5"
+version = "0.17.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b"
+checksum = "684d5e6e18f669ccebf64a92236bb7db9a34f07be010e3627368182027180866"
 dependencies = [
 "cc",
 "getrandom",
@ -2722,9 +2714,9 @@ dependencies = [

 [[package]]
 name = "rsa"
-version = "0.9.4"
+version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a3211b01eea83d80687da9eef70e39d65144a3894866a5153a2723e425a157f"
+checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc"
 dependencies = [
 "const-oid",
 "digest",
@ -2781,15 +2773,15 @@ dependencies = [

 [[package]]
 name = "rustix"
-version = "0.38.25"
+version = "0.38.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc99bc2d4f1fed22595588a013687477aedf3cdcfb26558c559edb67b4d9b22e"
+checksum = "9470c4bf8246c8daf25f9598dca807fb6510347b1e1cfa55749113850c79d88a"
 dependencies = [
 "bitflags 2.4.1",
 "errno",
 "libc",
- "linux-raw-sys 0.4.11",
- "windows-sys 0.48.0",
+ "linux-raw-sys 0.4.12",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@ -3089,9 +3081,9 @@ dependencies = [

 [[package]]
 name = "spki"
-version = "0.7.2"
+version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a"
+checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
 dependencies = [
 "base64ct",
 "der",
@ -3418,7 +3410,7 @@ dependencies = [
 "cfg-if",
 "fastrand 2.0.1",
 "redox_syscall 0.4.1",
- "rustix 0.38.25",
+ "rustix 0.38.26",
 "windows-sys 0.48.0",
 ]

@ -3852,9 +3844,9 @@ checksum = "7ab9b36309365056cd639da3134bf87fa8f3d86008abf99e612384a6eecd459f"

 [[package]]
 name = "web-sys"
-version = "0.3.65"
+version = "0.3.66"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5db499c5f66323272151db0e666cd34f78617522fb0c1604d31a27c50c206a85"
+checksum = "50c24a44ec86bb68fbecd1b3efed7e85ea5621b39b35ef2766b66cd984f8010f"
 dependencies = [
 "js-sys",
 "wasm-bindgen",
@ -4056,18 +4048,18 @@ dependencies = [

 [[package]]
 name = "zerocopy"
-version = "0.7.26"
+version = "0.7.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e97e415490559a91254a2979b4829267a57d2fcd741a98eee8b722fb57289aa0"
+checksum = "7d6f15f7ade05d2a4935e34a457b936c23dc70a05cc1d97133dc99e7a3fe0f0e"
 dependencies = [
 "zerocopy-derive",
 ]

 [[package]]
 name = "zerocopy-derive"
-version = "0.7.26"
+version = "0.7.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd7e48ccf166952882ca8bd778a43502c64f33bf94c12ebe2a7f08e5a0f6689f"
+checksum = "dbbad221e3f78500350ecbd7dfa4e63ef945c05f4c61cb7f4d3f84cd0bba649b"
 dependencies = [
 "proc-macro2",
 "quote",
--- a/ffplayout-api/Cargo.toml
+++ b/ffplayout-api/Cargo.toml
@ -13,7 +13,7 @@ ffplayout-lib = { path = "../lib" }
 actix-files = "0.6"
 actix-multipart = "0.6"
 actix-web = "4"
-actix-web-grants = "3"
+actix-web-grants = "4"
 actix-web-httpauth = "0.8"
 actix-web-static-files = "4.0"
 argon2 = "0.5"
--- a/ffplayout-api/src/api/routes.rs
+++ b/ffplayout-api/src/api/routes.rs
@ -20,7 +20,7 @@ use actix_web::{
    },
    patch, post, put, web, HttpRequest, HttpResponse, Responder,
 };
-use actix_web_grants::{permissions::AuthDetails, proc_macro::has_any_role};
+use actix_web_grants::{authorities::AuthDetails, proc_macro::protect};

 use argon2::{
    password_hash::{rand_core::OsRng, PasswordHash, SaltString},
@ -218,7 +218,7 @@ pub async fn login(pool: web::Data<Pool<Sqlite>>, credentials: web::Json<User>)
 /// -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[get("/user")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 async fn get_user(
    pool: web::Data<Pool<Sqlite>>,
    user: web::ReqData<LoginUser>,
@ -239,7 +239,7 @@ async fn get_user(
 /// -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[get("/user/{name}")]
-#[has_any_role("Role::Admin", type = "Role")]
+#[protect("Role::Admin", ty = "Role")]
 async fn get_user_by_name(
    pool: web::Data<Pool<Sqlite>>,
    name: web::Path<String>,
@ -260,7 +260,7 @@ async fn get_user_by_name(
 /// -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[get("/users")]
-#[has_any_role("Role::Admin", type = "Role")]
+#[protect("Role::Admin", ty = "Role")]
 async fn get_users(pool: web::Data<Pool<Sqlite>>) -> Result<impl Responder, ServiceError> {
    match handles::select_users(&pool.into_inner()).await {
        Ok(users) => Ok(web::Json(users)),
@ -278,7 +278,7 @@ async fn get_users(pool: web::Data<Pool<Sqlite>>) -> Result<impl Responder, Serv
 /// -d '{"mail": "<MAIL>", "password": "<PASS>"}' -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[put("/user/{id}")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 async fn update_user(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -286,7 +286,7 @@ async fn update_user(
    data: web::Json<User>,
    role: AuthDetails<Role>,
 ) -> Result<impl Responder, ServiceError> {
-    if *id == user.id || role.has_role(&Role::Admin) {
+    if *id == user.id || role.has_authority(&Role::Admin) {
        let mut fields = String::new();

        if let Some(mail) = data.mail.clone() {
@ -331,7 +331,7 @@ async fn update_user(
 /// -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[post("/user/")]
-#[has_any_role("Role::Admin", type = "Role")]
+#[protect("Role::Admin", ty = "Role")]
 async fn add_user(
    pool: web::Data<Pool<Sqlite>>,
    data: web::Json<User>,
@ -352,7 +352,7 @@ async fn add_user(
 /// -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[delete("/user/{name}")]
-#[has_any_role("Role::Admin", type = "Role")]
+#[protect("Role::Admin", ty = "Role")]
 async fn remove_user(
    pool: web::Data<Pool<Sqlite>>,
    name: web::Path<String>,
@ -388,7 +388,7 @@ async fn remove_user(
 /// }
 /// ```
 #[get("/channel/{id}")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 async fn get_channel(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -406,7 +406,7 @@ async fn get_channel(
 /// curl -X GET http://127.0.0.1:8787/api/channels -H "Authorization: Bearer <TOKEN>"
 /// ```
 #[get("/channels")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 async fn get_all_channels(pool: web::Data<Pool<Sqlite>>) -> Result<impl Responder, ServiceError> {
    if let Ok(channel) = handles::select_all_channels(&pool.into_inner()).await {
        return Ok(web::Json(channel));
@ -423,7 +423,7 @@ async fn get_all_channels(pool: web::Data<Pool<Sqlite>>) -> Result<impl Responde
 /// -H "Authorization: Bearer <TOKEN>"
 /// ```
 #[patch("/channel/{id}")]
-#[has_any_role("Role::Admin", type = "Role")]
+#[protect("Role::Admin", ty = "Role")]
 async fn patch_channel(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -447,7 +447,7 @@ async fn patch_channel(
 /// -H "Authorization: Bearer <TOKEN>"
 /// ```
 #[post("/channel/")]
-#[has_any_role("Role::Admin", type = "Role")]
+#[protect("Role::Admin", ty = "Role")]
 async fn add_channel(
    pool: web::Data<Pool<Sqlite>>,
    data: web::Json<Channel>,
@ -464,7 +464,7 @@ async fn add_channel(
 /// curl -X DELETE http://127.0.0.1:8787/api/channel/2 -H "Authorization: Bearer <TOKEN>"
 /// ```
 #[delete("/channel/{id}")]
-#[has_any_role("Role::Admin", type = "Role")]
+#[protect("Role::Admin", ty = "Role")]
 async fn remove_channel(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -486,7 +486,7 @@ async fn remove_channel(
 ///
 /// Response is a JSON object from the ffplayout.yml
 #[get("/playout/config/{id}")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 async fn get_playout_config(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -508,7 +508,7 @@ async fn get_playout_config(
 /// -d { <CONFIG DATA> } -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[put("/playout/config/{id}")]
-#[has_any_role("Role::Admin", type = "Role")]
+#[protect("Role::Admin", ty = "Role")]
 async fn update_playout_config(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -542,7 +542,7 @@ async fn update_playout_config(
 /// -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[get("/presets/{id}")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 async fn get_presets(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -562,7 +562,7 @@ async fn get_presets(
 /// -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[put("/presets/{id}")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 async fn update_preset(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -586,7 +586,7 @@ async fn update_preset(
 /// -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[post("/presets/")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 async fn add_preset(
    pool: web::Data<Pool<Sqlite>>,
    data: web::Json<TextPreset>,
@ -608,7 +608,7 @@ async fn add_preset(
 /// -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[delete("/presets/{id}")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 async fn delete_preset(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -639,7 +639,7 @@ async fn delete_preset(
 /// -d '{"text": "Hello from ffplayout", "x": "(w-text_w)/2", "y": "(h-text_h)/2", fontsize": "24", "line_spacing": "4", "fontcolor": "#ffffff", "box": "1", "boxcolor": "#000000", "boxborderw": "4", "alpha": "1.0"}'
 /// ```
 #[post("/control/{id}/text/")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn send_text_message(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -662,7 +662,7 @@ pub async fn send_text_message(
 /// -d '{ "command": "reset" }' -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[post("/control/{id}/playout/")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn control_playout(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -705,7 +705,7 @@ pub async fn control_playout(
 /// }
 /// ```
 #[get("/control/{id}/media/current")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn media_current(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -722,7 +722,7 @@ pub async fn media_current(
 /// curl -X GET http://127.0.0.1:8787/api/control/1/media/next/ -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[get("/control/{id}/media/next")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn media_next(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -740,7 +740,7 @@ pub async fn media_next(
 /// -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[get("/control/{id}/media/last")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn media_last(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -765,7 +765,7 @@ pub async fn media_last(
 /// -d '{"command": "start"}'
 /// ```
 #[post("/control/{id}/process/")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn process_control(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -784,7 +784,7 @@ pub async fn process_control(
 /// -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[get("/playlist/{id}")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn get_playlist(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -804,7 +804,7 @@ pub async fn get_playlist(
 /// --data "{<JSON playlist data>}"
 /// ```
 #[post("/playlist/{id}/")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn save_playlist(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -835,7 +835,7 @@ pub async fn save_playlist(
 ///            {"start": "10:00:00", "duration": "14:00:00", "shuffle": false, "paths": ["path/3", "path/4"]}]}}'
 /// ```
 #[post("/playlist/{id}/generate/{date}")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn gen_playlist(
    pool: web::Data<Pool<Sqlite>>,
    params: web::Path<(i32, String)>,
@ -873,7 +873,7 @@ pub async fn gen_playlist(
 /// -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[delete("/playlist/{id}/{date}")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn del_playlist(
    pool: web::Data<Pool<Sqlite>>,
    params: web::Path<(i32, String)>,
@ -893,7 +893,7 @@ pub async fn del_playlist(
 /// -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[get("/log/{id}")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn get_log(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -911,7 +911,7 @@ pub async fn get_log(
 /// -d '{ "source": "/" }' -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[post("/file/{id}/browse/")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn file_browser(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -930,7 +930,7 @@ pub async fn file_browser(
 /// -d '{"source": "<FOLDER PATH>"}' -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[post("/file/{id}/create-folder/")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn add_dir(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -946,7 +946,7 @@ pub async fn add_dir(
 /// -d '{"source": "<SOURCE>", "target": "<TARGET>"}' -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[post("/file/{id}/rename/")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn move_rename(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -965,7 +965,7 @@ pub async fn move_rename(
 /// -d '{"source": "<SOURCE>"}' -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[post("/file/{id}/remove/")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn remove(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -984,7 +984,7 @@ pub async fn remove(
 /// -F "file=@file.mp4"
 /// ```
 #[put("/file/{id}/upload/")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 async fn save_file(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -1060,7 +1060,7 @@ async fn get_public(public: web::Path<String>) -> Result<actix_files::NamedFile,
 /// -F "file=@list.m3u"
 /// ```
 #[put("/file/{id}/import/")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 async fn import_playlist(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -1103,7 +1103,7 @@ async fn import_playlist(
 /// -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[get("/program/{id}/")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 async fn get_program(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
@ -1189,7 +1189,7 @@ async fn get_program(
 /// -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>'
 /// ```
 #[get("/system/{id}")]
-#[has_any_role("Role::Admin", "Role::User", type = "Role")]
+#[protect("Role::Admin", "Role::User", ty = "Role")]
 pub async fn get_system_stat(
    pool: web::Data<Pool<Sqlite>>,
    id: web::Path<i32>,
--- a/ffplayout-api/src/main.rs
+++ b/ffplayout-api/src/main.rs
@ -8,7 +8,7 @@ use actix_files::Files;
 use actix_web::{
    dev::ServiceRequest, middleware::Logger, web, App, Error, HttpMessage, HttpServer,
 };
-use actix_web_grants::permissions::AttachPermissions;
+use actix_web_grants::authorities::AttachAuthorities;
 use actix_web_httpauth::{extractors::bearer::BearerAuth, middleware::HttpAuthentication};

 #[cfg(not(debug_assertions))]
--- a/ffplayout-api/src/utils/mod.rs
+++ b/ffplayout-api/src/utils/mod.rs
@ -35,7 +35,7 @@ use crate::db::{
 use crate::utils::errors::ServiceError;
 use ffplayout_lib::utils::{time_to_sec, PlayoutConfig};

-#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
+#[derive(Clone, Debug, Eq, Hash, PartialEq, Serialize, Deserialize)]
 pub enum Role {
    Admin,
    User,