仅在Grails中查看您自己的数据 [英] Seeing only your own data in Grails
问题描述
当我去脚手架查看交易,我怎么知道每个用户只看到他自己的交易?相反,我如何创建一个可以看到所有用户交易的用户?
我不清楚默认行为是什么,以及Grails / Spring-Security知道一个特定的域类是否应该对每个人都可见,而不是只对相关用户可见。
当我使用脚手架查看交易时,我怎么知道每个用户只能看到他自己的交易?
您必须修改scaffolded视图才能正常工作:
@Secured([ 'ROLE_USER'])
def list(){
def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
def transactions = Transaction.findAllByUser(authenticatedUser)
[transactions :transactions]
}
以上只会允许经过身份验证的用户访问list()方法,并将获得登录用户的所有事务。
相反,如何创建一个可以查看所有事务的用户
所有用户?
您不会创建一个可以看到它们的用户,您可以在您的控制器,允许特定用户看到他们,例如:
@Secured(['ROLE_USER','ROLE_ADMIN'] )
def list(){
def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
def transactions = []
if(SpringSecurityUtils.ifAnyGranted( ')$ {
transactions = Transaction.list()
} else {
transactions = Transaction.findAllByUser(authenticatedUser)
}
[transactions:transactions]
}
反正就是这样。根据需要调整。
This seems like a fundamental question, but I haven't found a clear answer. I'm using the spring-security-core plugin with Grails, and I have S2Users who have many Portfolios, and Portfolios have many Transactions.
When I go to a scaffolded view to examine Transactions, how do I know that each user is only seeing his own Transactions? Conversely, how can I create a user that can see all Transactions of all users?
It's not clear to me what the default behavior is, and how Grails/Spring-Security knows whether a particular domain class should be visible to everyone versus ones that are only for the associated user.
When I go to a scaffolded view to examine Transactions, how do I know that each user is only seeing his own Transactions?
You're going to have to modify the scaffolded views for it to work correctly:
@Secured(['ROLE_USER'])
def list() {
def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
def transactions = Transaction.findAllByUser(authenticatedUser)
[transactions: transactions]
}
The above will only allowed authenticated users to access the list() method and will get all Transactions for the logged in user.
Conversely, how can I create a user that can see all Transactions of all users?
You don't create a user that can see them all, you create a method in your controller that allows a particular user to see them all, for example:
@Secured(['ROLE_USER', 'ROLE_ADMIN'])
def list() {
def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
def transactions = []
if (SpringSecurityUtils.ifAnyGranted('ROLE_ADMIN')) {
transactions = Transaction.list()
}else{
transactions = Transaction.findAllByUser(authenticatedUser)
}
[transactions: transactions]
}
Something like that, anyway. Tweak as needed.
这篇关于仅在Grails中查看您自己的数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!