All geek questions in one place

Hide content based on user role?

I am currently developing a web application in Grails, and I am looking for a way to hide the menu based on the current user registered in the solution.

To give you some background, this is what I set

  • Web application with user model model and roles displayed
  • A login feature that restricts certain controllers based on user access.
  • I have menus that appear on every page.

I know how to restrict the controller to only allow users who have access to view it, but I want to restrict the menu as shown below, if the correct user is not registered, how can I do this? Does it have anything to do with rendering this element from the controller?

<div class="nav"> <ul class"nav"> <li> <g:link class="Tester" controller="Testing" action="test"> <g:message code="Tester" args"[entityName]" /> </g:link> </li> <li> <g:link class="Tester2" controller="Testing" action="test2"> <g:message code="Tester2" args"[entityName]" /> </g:link> </li> </ul> </div>
+4
source share
3 answers

The spring-security-core plugin provides a taglib that can help you here

 <sec:ifAnyGranted roles="ROLE_TESTER"> <div class="nav"> ... </div> </sec:ifAnyGranted>
+10
source

Ian answered your question well, but we have to add here to protect the server controller / actions, for example:

 // At the controller level @Secured(["hasRole('User')"]) class Testing // action specific @Secured(["hasAnyRole('SuperUser', 'Support', 'InternalUser')"]) def test() { ... }

Otherwise, the links are simply hidden from view, but can still be executed by anyone.

NTN

+4
source

If you are not using the spring-security-core plugin, the following can be implemented

 <g:if test="${userHaveRightRole}"> <div class="nav"> ... </div> </g:if>
0
source

Source: https://habr.com/ru/post/1436145/

More articles:


All Articles