Seeing only your own data in Grails

后端未结

关注

 3  1717

天涯浪人 2020-12-19 18:11

This seems like a fundamental question, but I haven\'t found a clear answer. I\'m using the spring-security-core plugin with Grails, and I have S2Users who have many Portfo

3条回答

鱼传尺愫 (楼主)

2020-12-19 18:45
When I go to a scaffolded view to examine Transactions, how do I know that each user is only seeing his own Transactions?

You're going to have to modify the scaffolded views for it to work correctly:
```
@Secured(['ROLE_USER'])
def list() {
   def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
   def transactions = Transaction.findAllByUser(authenticatedUser)
   [transactions: transactions]
}
```
The above will only allowed authenticated users to access the list() method and will get all Transactions for the logged in user.

Conversely, how can I create a user that can see all Transactions of all users?

You don't create a user that can see them all, you create a method in your controller that allows a particular user to see them all, for example:
```
@Secured(['ROLE_USER', 'ROLE_ADMIN'])
def list() {

   def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
   def transactions = []
   if (SpringSecurityUtils.ifAnyGranted('ROLE_ADMIN')) {
       transactions = Transaction.list()
   }else{
       transactions = Transaction.findAllByUser(authenticatedUser)
   }
   [transactions: transactions]
}
```
Something like that, anyway. Tweak as needed.
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...