Abstract Security Filter on Controllers
What i wanted to achieve was a generic way of determining if a user in my system was suppose to have access to a certain part of the system. I’m sure there are some really nice plugins or stuff that achieves this, but the way i achieved this functionality was to implement a controller based access filter. This way i can limit all actions in that controller simply by defining action: ‘*’
def filters = {
all(controller: '*', action: '*') {
before = {
def privileged = ......//in what ever way we get ahold of this value (e.g database or session)
def controllerArtefact = grailsApplication.getArtefactByLogicalPropertyName("Controller", "$controllerName")
def controllerClass = controllerArtefact.getClazz()
try {
if(controllerClass?.ENTITY_CLASS.equals("LIMITED-ACCESS")) {
if(!privileged) {
redirect(controller: "unauthorized", action:"unauthorized")
}
}
}
catch(MissingPropertyException e) {
//something appropriate
}
}
}
}
The only thing left to do is to add the property ENTITY_CLASS (or what ever you want to name it) to your controller which you want to limit access to.
static final ENTITY_CLASS = ‘LIMITED-ACCESS’
Written on May 23, 2014