在 Grails 中仅查看您自己的数据 [英] Seeing only your own data in Grails

问题描述

这似乎是一个基本问题，但我还没有找到明确的答案.我在 Grails 中使用 spring-security-core 插件，我有 S2Users 有很多投资组合，投资组合有很多交易.

This seems like a fundamental question, but I haven't found a clear answer. I'm using the spring-security-core plugin with Grails, and I have S2Users who have many Portfolios, and Portfolios have many Transactions.

当我转到脚手架视图检查交易时，我怎么知道每个用户只看到他自己的交易?相反，我如何创建一个可以看到所有用户的所有交易的用户?

When I go to a scaffolded view to examine Transactions, how do I know that each user is only seeing his own Transactions? Conversely, how can I create a user that can see all Transactions of all users?

我不清楚默认行为是什么，以及 Grails/Spring-Security 如何知道特定域类是否应该对所有人可见，还是只对相关用户可见.

It's not clear to me what the default behavior is, and how Grails/Spring-Security knows whether a particular domain class should be visible to everyone versus ones that are only for the associated user.

推荐答案

当我去脚手架视图检查交易时，我怎么知道每个用户只能看到自己的交易?

When I go to a scaffolded view to examine Transactions, how do I know that each user is only seeing his own Transactions?

您将不得不修改脚手架视图以使其正常工作:

You're going to have to modify the scaffolded views for it to work correctly:

@Secured(['ROLE_USER'])
def list() {
   def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
   def transactions = Transaction.findAllByUser(authenticatedUser)
   [transactions: transactions]
}

以上将只允许经过身份验证的用户访问 list() 方法，并将获取登录用户的所有交易.

The above will only allowed authenticated users to access the list() method and will get all Transactions for the logged in user.

相反，我如何创建一个可以看到所有交易的用户所有用户?

Conversely, how can I create a user that can see all Transactions of all users?

您不会创建一个可以查看所有内容的用户，而是在您的控制器中创建一个允许特定用户查看所有内容的方法，例如:

You don't create a user that can see them all, you create a method in your controller that allows a particular user to see them all, for example:

@Secured(['ROLE_USER', 'ROLE_ADMIN'])
def list() {

   def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
   def transactions = []
   if (SpringSecurityUtils.ifAnyGranted('ROLE_ADMIN')) {
       transactions = Transaction.list()
   }else{
       transactions = Transaction.findAllByUser(authenticatedUser)
   }
   [transactions: transactions]
}

反正就是这样.根据需要进行调整.

Something like that, anyway. Tweak as needed.

这篇关于在 Grails 中仅查看您自己的数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！