Grails-仅对象所有者的访问权限 [英] Grails - access only for object's owner
问题描述
我仍在开发第一个Grails应用程序.这次,我的问题是限制特定用户对某些操作的访问.
I'm still working on my first Grails application. This time, my problem is to limit access to some actions for particular users.
假设用户添加了一些对象,例如图书.我想授予仅编辑管理员和添加书的用户的权限.我目前正在使用Acegi插件.我知道该插件有较新的版本,但是我不确定它是否可以解决我的问题.
Assume users add some object, e.g. books. I would like to give access to edit a book only to admin and the user that added the book. I'm currently using Acegi plugin. I know there is newer version of that plugin, but I'm not sure if it changes anything in my problem.
第二件事是相似的.我有一个侧边栏,并且有"Hello $ {currentUser.username}.currentUser是一种返回当前登录用户实例的方法.但是问题是我不知道该将消息放在哪里.可以在任何地方使用它?我应该将它放在某个服务中并包含在所有地方吗?我试图创建一个由所有其他控制器扩展的ApplicationController,但是似乎不起作用.您有任何想法吗?
The second thing is some kind similar. I have a sidebar and there is "Hello ${currentUser.username}. currentUser is a method that returns an instance of currently logged user. But the problem is that I don't have any idea where can I put this message to be able to use it everywhere. Should I put it in some service and include it everywhere? I tried to create an ApplicationController that is extended by all other controllers, but that doesn't seem to work. Have you got any ideas?
谢谢!格热哥兹
推荐答案
您应该使用较新的Spring Security Core插件,因为它具有ACL插件,可以完全满足您的需求.有关详细信息,请参见 http://grails.org/plugin/spring-security-acl .
You should use the newer Spring Security Core plugin since it has an ACL add-on plugin that does exactly what you're looking for. See http://grails.org/plugin/spring-security-acl for details.
对于第二个问题,有一个taglib.在Acegi插件中使用以下代码:
For the second question, there's a taglib for that. In the Acegi plugin use this:
你好< g:loggedInUserInfo field ="username"/>
(请参阅 http://www.grails.org/AcegiSecurity+Plugin+-+Artifacts ),并在Spring Security Core插件中使用以下代码:
(see http://www.grails.org/AcegiSecurity+Plugin+-+Artifacts) and in the Spring Security Core plugin use this:
你好< sec:用户名/>
(请参见 http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/)
这篇关于Grails-仅对象所有者的访问权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!