在 Grails 中仅查看您自己的数据 [英] Seeing only your own data in Grails
问题描述
这似乎是一个基本问题,但我还没有找到明确的答案.我在 Grails 中使用 spring-security-core 插件,我有 S2Users 有很多投资组合,投资组合有很多交易.
This seems like a fundamental question, but I haven't found a clear answer. I'm using the spring-security-core plugin with Grails, and I have S2Users who have many Portfolios, and Portfolios have many Transactions.
当我转到脚手架视图检查交易时,我怎么知道每个用户只看到他自己的交易?相反,我如何创建一个可以看到所有用户的所有交易的用户?
When I go to a scaffolded view to examine Transactions, how do I know that each user is only seeing his own Transactions? Conversely, how can I create a user that can see all Transactions of all users?
我不清楚默认行为是什么,以及 Grails/Spring-Security 如何知道特定域类是否应该对所有人可见,还是只对相关用户可见.
It's not clear to me what the default behavior is, and how Grails/Spring-Security knows whether a particular domain class should be visible to everyone versus ones that are only for the associated user.
推荐答案
当我去脚手架视图检查交易时,我怎么知道每个用户只能看到自己的交易?
When I go to a scaffolded view to examine Transactions, how do I know that each user is only seeing his own Transactions?
您将不得不修改脚手架视图以使其正常工作:
You're going to have to modify the scaffolded views for it to work correctly:
@Secured(['ROLE_USER'])
def list() {
def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
def transactions = Transaction.findAllByUser(authenticatedUser)
[transactions: transactions]
}
以上将只允许经过身份验证的用户访问 list() 方法,并将获取登录用户的所有交易.
The above will only allowed authenticated users to access the list() method and will get all Transactions for the logged in user.
相反,我如何创建一个可以看到所有交易的用户所有用户?
Conversely, how can I create a user that can see all Transactions of all users?
您不会创建一个可以查看所有内容的用户,而是在您的控制器中创建一个允许特定用户查看所有内容的方法,例如:
You don't create a user that can see them all, you create a method in your controller that allows a particular user to see them all, for example:
@Secured(['ROLE_USER', 'ROLE_ADMIN'])
def list() {
def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
def transactions = []
if (SpringSecurityUtils.ifAnyGranted('ROLE_ADMIN')) {
transactions = Transaction.list()
}else{
transactions = Transaction.findAllByUser(authenticatedUser)
}
[transactions: transactions]
}
反正就是这样.根据需要进行调整.
Something like that, anyway. Tweak as needed.
这篇关于在 Grails 中仅查看您自己的数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!