All geek questions in one place

Accessing Class Based Fields in a Graph

I am developing a grails application. In some cases, I want to manage role-based domain class fields. So in every call to the getter setter method of the domain class I want to apply some filter based on the role (Written in the user role). I assume that grails will create a set getter method at runtime for domin classes. Thus, when writing Grails code, you can apply this logic. If possible, how to apply?

Example:

Domain Class:

class Book{
   String name;
   double price;

  }

Controller:

def index={
  Book book=Book.get(1);
   println book.name;
   println book.price;
 }

In the above code, "println book.price;" this line should only work for a specific role. For some other role, this should raise some kind of exception.

Is it possible to achieve? Is there any plugin for this?

Please help with this .... Thanks

+3
2

get/set , , . , , Spring Security (Acegi), :

class Book{
    String name;
    double price;

    def authenticateService

    void setPrice(double price) {
        if(!authenticateService.ifAllGranted('ROLE_PRICE_FIXER')) {
            throw new Exception("You are not authorized to set book prices")
        }
        this.price = price
    }

    double getPrice() {
        if(!authenticateService.ifAllGranted('ROLE_PRICE_FIXER')) {
            throw new Exception("You are not authorized to get book prices")
        }
        return this.price
    }
}

- , .

+1

spring, .

EDIT: , . , , , , , .

class securedDomain {
    String securedField

    def fieldSetBy = [:]
    def previousValue = [:]
    static transients = ['fieldSetBy', 'previousValue']

    static constraints = {
        securedField(validator: { v, o ->
             def access = User.findByName(fieldSetBy['securedField']).hasAccess('securedField')
             if(!access) securedField = previousValue['securedField']
             return access
        })

    void setProperty(String name, value) {
        if(name == "securedField") {
            fieldSetBy['securedField'] = session.user
            previousValue['securedField'] = securedField
            securedField = value
        } else {
            super(name, value)
        }
    }
0

Source: https://habr.com/ru/post/1732751/

More articles:


All Articles