grails 中基于角色的域类字段访问

发布于 2024-08-21 16:07:22 字数 518 浏览 4 评论 0原文

我正在开发一个grails应用程序。在某些情况下，我想根据角色控制域类字段。因此，在每次调用域类的getter setter方法时，我想应用一些基于角色的过滤器（登录用户的角色））。我假设grails将在运行时为domin类创建getter setter方法。因此，在编写grails代码时是否可以应用此逻辑。如果可能，那么如何应用？

示例：

域类：

class Book{
   String name;
   double price;

  }

控制器：

def index={
  Book book=Book.get(1);
   println book.name;
   println book.price;
 }

在上面的代码中“println book.price;”此行应该仅适用于特定角色。对于其他角色，它应该抛出一些异常。

有可能实现吗？有没有插件可以做到这一点？

请对此提供一些帮助...谢谢

原文

I am developing a grails application.In that some cases I want to control the domain class fields based on the role.So that in each call to getter setter method of domain class I want to apply some filter based on role(Logged in user's role).I am assuming that grails will create getter setter method at runtime for the domin classes.So while writing grails code is it possible to apply this logic.If it is possible then how to apply?

Example:

Domain Class :

class Book{
   String name;
   double price;

  }

Controller:

def index={
  Book book=Book.get(1);
   println book.name;
   println book.price;
 }

In the above code "println book.price;" this line should work only for particular role.For some other role it should throw some exception.

Is it possible achieve?Is there any plugin to do this?

Please give some help on this....Thanks

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

栖竹 2024-08-28 16:07:22

您可以为要控制访问的属性创建 get/set 方法，并将安全逻辑放在那里。假设您已经编写了自己的安全服务或正在使用像 Spring Security (Acegi) 插件这样的安全插件，您会：

class Book{
    String name;
    double price;

    def authenticateService

    void setPrice(double price) {
        if(!authenticateService.ifAllGranted('ROLE_PRICE_FIXER')) {
            throw new Exception("You are not authorized to set book prices")
        }
        this.price = price
    }

    double getPrice() {
        if(!authenticateService.ifAllGranted('ROLE_PRICE_FIXER')) {
            throw new Exception("You are not authorized to get book prices")
        }
        return this.price
    }
}

我不知道有任何插件允许对域属性进行访问控制。

You can create get/set methods for the properties you want to control access to and put your security logic there. Assuming you've written your own security service or are using a security plugin like the Spring Security (Acegi) plugin you would:

class Book{
    String name;
    double price;

    def authenticateService

    void setPrice(double price) {
        if(!authenticateService.ifAllGranted('ROLE_PRICE_FIXER')) {
            throw new Exception("You are not authorized to set book prices")
        }
        this.price = price
    }

    double getPrice() {
        if(!authenticateService.ifAllGranted('ROLE_PRICE_FIXER')) {
            throw new Exception("You are not authorized to get book prices")
        }
        return this.price
    }
}

I am not aware of any plugin that allows access controls to be put on domain properties.

回复收藏 0 原文

能怎样 2024-08-28 16:07:22

您还可以考虑使用自定义验证器或弹簧错误对象来捕获在保存字段之前设置字段的尝试。

编辑：这是我的想法的一个例子。您可以概括得更多，并且此处的代码尚未经过测试，因此它可能不会按原样运行。

class securedDomain {
    String securedField

    def fieldSetBy = [:]
    def previousValue = [:]
    static transients = ['fieldSetBy', 'previousValue']

    static constraints = {
        securedField(validator: { v, o ->
             def access = User.findByName(fieldSetBy['securedField']).hasAccess('securedField')
             if(!access) securedField = previousValue['securedField']
             return access
        })

    void setProperty(String name, value) {
        if(name == "securedField") {
            fieldSetBy['securedField'] = session.user
            previousValue['securedField'] = securedField
            securedField = value
        } else {
            super(name, value)
        }
    }

You could also consider using a custom validator or a spring errors object to catch attempts to set a field before saving it.

EDIT: Here is an example of what I was thinking. You could generalize quite a bit more and the code here hasn't been tested so it probably won't run as is.

class securedDomain {
    String securedField

    def fieldSetBy = [:]
    def previousValue = [:]
    static transients = ['fieldSetBy', 'previousValue']

    static constraints = {
        securedField(validator: { v, o ->
             def access = User.findByName(fieldSetBy['securedField']).hasAccess('securedField')
             if(!access) securedField = previousValue['securedField']
             return access
        })

    void setProperty(String name, value) {
        if(name == "securedField") {
            fieldSetBy['securedField'] = session.user
            previousValue['securedField'] = securedField
            securedField = value
        } else {
            super(name, value)
        }
    }

回复收藏 0 原文

~没有更多了~