grails 中基于角色的域类字段访问
我正在开发一个grails应用程序。在某些情况下,我想根据角色控制域类字段。因此,在每次调用域类的getter setter方法时,我想应用一些基于角色的过滤器(登录用户的角色) )。我假设grails将在运行时为domin类创建getter setter方法。因此,在编写grails代码时是否可以应用此逻辑。如果可能,那么如何应用?
示例:
域类:
class Book{
String name;
double price;
}
控制器:
def index={
Book book=Book.get(1);
println book.name;
println book.price;
}
在上面的代码中“println book.price;”此行应该仅适用于特定角色。对于其他角色,它应该抛出一些异常。
有可能实现吗?有没有插件可以做到这一点?
请对此提供一些帮助...谢谢
I am developing a grails application.In that some cases I want to control the domain class fields based on the role.So that in each call to getter setter method of domain class I want to apply some filter based on role(Logged in user's role).I am assuming that grails will create getter setter method at runtime for the domin classes.So while writing grails code is it possible to apply this logic.If it is possible then how to apply?
Example:
Domain Class :
class Book{
String name;
double price;
}
Controller:
def index={
Book book=Book.get(1);
println book.name;
println book.price;
}
In the above code "println book.price;" this line should work only for particular role.For some other role it should throw some exception.
Is it possible achieve?Is there any plugin to do this?
Please give some help on this....Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可以为要控制访问的属性创建 get/set 方法,并将安全逻辑放在那里。假设您已经编写了自己的安全服务或正在使用像 Spring Security (Acegi) 插件这样的安全插件,您会:
我不知道有任何插件允许对域属性进行访问控制。
You can create get/set methods for the properties you want to control access to and put your security logic there. Assuming you've written your own security service or are using a security plugin like the Spring Security (Acegi) plugin you would:
I am not aware of any plugin that allows access controls to be put on domain properties.
您还可以考虑使用自定义验证器或弹簧错误对象来捕获在保存字段之前设置字段的尝试。
编辑:这是我的想法的一个例子。您可以概括得更多,并且此处的代码尚未经过测试,因此它可能不会按原样运行。
You could also consider using a custom validator or a spring errors object to catch attempts to set a field before saving it.
EDIT: Here is an example of what I was thinking. You could generalize quite a bit more and the code here hasn't been tested so it probably won't run as is.