i want create custom permission handler using grails spring security plugin.
imagine have user class , company class many-to-many association.
i want allow users call method called "delete company" when belong company. example:
class user { static hasmany= [companies:company] static belongsto = [company] } class company { static hasmany = [users:user] } the controller action looks following:
def deletecompany(long id) { } i want allow users call method part of company. when
assert company.get(id}.users.find { == currentuser } this simplified example. actual structure more complex. that's why want use power of spring security this.
i played around spring security acl seems can use custom permissions in services not in controllers
you use beforeinterceptor in controller:
def springsecurityservice def beforeinterceptor=[action:this.&auth] private auth = { def tobecheckedid=params.id if(tobecheckedid && company.get(tobecheckedid}.users.find { == springsecurityservice.currentuser }){ redirect action:somehandlingaction return false } } } 
Comments
Post a Comment