Closed. This question needs to be more . This question needs to be more focused . It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 3 years ago. Improve this question

There is a web app that uses the following stack on the server: akka-persistence/service-layer/akka-http (for REST)

The question is : how can I - in the most elegant, most dry way - make sure that only those users can execute a function in the service layer who are authorized to do so (under the given input parameters).

So for example let's take the simple example:

getEntity(userID:UserID, ref:EntityID):Entity = ???

how should I modifiy getEntity such that only those users are allowed to execute it where the userID of the caller is the same as the userID in the parameters?

What is the most elegant, composable, dry way to do this in general ?

Using custom monads?

Using continuation monads?

Using akka-http style directives?

Using implicits?

Using Free-Monads?

Using Arrows?

Using Kleiesly ?

I cannot really imagine.