CODEWITHSUNDEEP
grailsspring-securitygrails-2.0gsp
Free-Minded
Free-Minded

Reputation: 5430

How to get current_user by using Spring Security Grails plugin in GSP

I am newbie in Grails. I am using Spring Security Grails plugin for Authentication purpose. I want to get current user in my view gsp file.

I am trying like this ... 

<g:if test="${post.author == Person.get(springSecurityService.principal.id).id }">
      <g:link controller="post" action="edit" id="${post.id}">
            Edit this post
      </g:link>
</g:if>

Here I want to show Edit this post link to only those posts who created by signed_in user. But It showing ERROR -

Error 500: Internal Server Error

 URI
    /groovypublish/post/list
 Class
   java.lang.NullPointerException
 Message
   Cannot get property 'principal' on null object

Here is my Post.groovy --

class Post {

static hasMany = [comments:Comment]

String title
String teaser
String content
Date lastUpdated
Boolean published = false
SortedSet comments
Person author

....... more code ....

Here is my Person.groovy Domain Class File --

class Person {

transient springSecurityService

String realName
String username
String password
boolean enabled
boolean accountExpired
boolean accountLocked
boolean passwordExpired
byte[] avatar
String avatarType

static hasMany = [followed:Person, posts:Post]
static searchable = [only: 'realName']
    ........ more code ......

Please help.

Upvotes: 6

Views: 17419

Answers (4)

Tom Metz
Tom Metz

Reputation: 919

It looks like the existing tags, which are part of Spring Security plugin, are not sufficient for you, correct? See documentation

My advice is to add a new method to the Person entity, which takes a Post as an argument and returns true/false, if it can be edited (or vise versa add new method to Post entity, which takes Person as an argument, this is up to your decision).

You can then create your own tag, which utilizes this method, makes your GPS nicer, even if it is not a mandatory step.

Upvotes: 0

ikumen
ikumen

Reputation: 11663

You can use the Spring Security Taglibs. For what you want to do, check if logged in user is owner of post, you can do the following:

<sec:isLoggedIn>
<g:if test="${post.author.id == sec.loggedInUserInfo(field: 'id')}">
      <g:link controller="post" action="edit" id="${post.id}">
            Edit this post
      </g:link>
</g:if>
</sec:isLoggedIn>

If you find you need to do this check a lot, I would suggest putting it into a custom taglib

class AuthTagLib {

  def springSecurityService

  def isOwner = { attrs, body ->
    def loggedInUser = springSecurityService.currentUser
    def owner = attrs?.owner

    if(loggedInUser?.id == owner?.id) {
      out << body()
    }
  }
}

Then use it like so

<g:isOwner owner="${post?.author}">
  <g:link controller="post" action="edit" id="${post.id}">
    Edit this post
  </g:link>
</g:isOwner>

Upvotes: 15

Brad Lee
Brad Lee

Reputation: 649

Another way would be to create a Filter and put the User in the request scope as part of the filter, like this:

class SetCurrentUserFilters {
    def springSecurityService
    def filters = {
        all(controller: '*', action: '*') {
            before = {
                if (springSecurityService.isLoggedIn()){
                    request.setAttribute("current_user", springSecurityService.currentUser);
                }
            }
            after = { Map model ->

            }
            afterView = { Exception e ->

            }
        }
    }
}

Then your GSP just needs to look for the 'current_user' attribute, like this:

<g:if test="${current_user.property}"> ... </g:if>

Upvotes: 0

Saurabh Dixit
Saurabh Dixit

Reputation: 633

Try tags provided by springSecurity plugin, something like:

<sec:isLoggedIn>

  <g:link controller="post" action="edit" id="${post.id}">
            Edit this post
      </g:link>

</sec:isLoggedIn>

Actually you are trying to inject a service on your GSP page, you can do it with some import statement on the page, but I would say it will not be good programming practice, I think you should send current logged In user's instance from the controller to the GSP page, and then perform a check on it:

let say you have the controller method:

def showPostPage(){
Person currentLoggedInUser = springSecurityService.getCurrentUser();
[currentLoggedInUser:currentLoggedInUser]
}

and on your GSP page: 

<g:if test="${post.author == currentLoggedInUser }">
      <g:link controller="post" action="edit" id="${post.id}">
            Edit this post
      </g:link>
</g:if>

Upvotes: 7

Related Questions