Hide Content based on User Role?

Question

I am currently developing a web app in Grails and I am looking for a way to hide a menu based on the current user logged into the solution.

To give you a bit of background this is what I have setup

1. A web app with a User Model and Roles model that are mapped
2. Login functionality that restricts certain controllers based on the users access.
3. I have menus that are display on each of the pages.

I know how to restrict a controller to only allow users with access to view it but I want to now restrict a menu like the one below from being seen unless the right user is logged in, how can I do this? Does it have something to do with rendering that element from the controller??

<div class="nav">
  <ul class"nav">
    <li>
      <g:link class="Tester" controller="Testing" action="test">
        <g:message code="Tester" args"[entityName]" />
      </g:link>
    </li>
    <li>
      <g:link class="Tester2" controller="Testing" action="test2">
        <g:message code="Tester2" args"[entityName]" />
      </g:link>
    </li>
  </ul>
</div>

Answer 1

Ian answered your question well but we should add here to secure the server side controller/actions as well such as:

// At the controller level
@Secured(["hasRole('User')"])
class Testing

  // action specific
  @Secured(["hasAnyRole('SuperUser', 'Support', 'InternalUser')"])
  def test() {
      ...
  }

Otherwise the links are just hidden from view but could still be executed by anyone.

HTH

Answer 2

If you are not using spring-security-core plugin following can be implemented

<g:if test="${userHaveRightRole}">
 <div class="nav">
    ...
  </div>
</g:if>

Answer 3

The spring-security-core plugin provides a taglib that may help you here

<sec:ifAnyGranted roles="ROLE_TESTER">
  <div class="nav">
    ...
  </div>
</sec:ifAnyGranted>