Question

我创建了全新的Grails项目，然后使用 grails s2-quickstart 命令获取LoginController和User / UserRole类。一切正常，我有一个登录页面。然后，我通过选择＆＃34;生成控制器和视图＆＃34;在GTS中创建了用户控制器。生成的UserController如下所示：

import static org.springframework.http.HttpStatus.*
import grails.transaction.Transactional

@Transactional(readOnly = true)
class UserController {

static allowedMethods = [save: "POST", update: "PUT", delete: "DELETE"]

def index(Integer max) {
    params.max = Math.min(max ?: 10, 100)
    respond User.list(params), model:[userInstanceCount: User.count()]
}

def show(User userInstance) {
    respond userInstance
}

def create() {
    respond new User(params)
}

@Transactional
def save(User userInstance) {
    if (userInstance == null) {
        notFound()
        return
    }

    if (userInstance.hasErrors()) {
        respond userInstance.errors, view:'create'
        return
    }

    userInstance.save flush:true

    request.withFormat {
        form multipartForm {
            flash.message = message(code: 'default.created.message', args: [message(code: 'user.label', default: 'User'), userInstance.id])
            redirect userInstance
        }
        '*' { respond userInstance, [status: CREATED] }
    }
}

def edit(User userInstance) {
    respond userInstance
}

@Transactional
def update(User userInstance) {
    if (userInstance == null) {
        notFound()
        return
    }

    if (userInstance.hasErrors()) {
        respond userInstance.errors, view:'edit'
        return
    }

    userInstance.save flush:true

    request.withFormat {
        form multipartForm {
            flash.message = message(code: 'default.updated.message', args: [message(code: 'User.label', default: 'User'), userInstance.id])
            redirect userInstance
        }
        '*'{ respond userInstance, [status: OK] }
    }
}

@Transactional
def delete(User userInstance) {

    if (userInstance == null) {
        notFound()
        return
    }

    userInstance.delete flush:true

    request.withFormat {
        form multipartForm {
            flash.message = message(code: 'default.deleted.message', args: [message(code: 'User.label', default: 'User'), userInstance.id])
            redirect action:"index", method:"GET"
        }
        '*'{ render status: NO_CONTENT }
    }
}

protected void notFound() {
    request.withFormat {
        form multipartForm {
            flash.message = message(code: 'default.not.found.message', args: [message(code: 'user.label', default: 'User'), params.id])
            redirect action: "index", method: "GET"
        }
        '*'{ render status: NOT_FOUND }
    }
}

}

现在，当我想转到/ user / index页面时，它会将我转发到登录页面... 怎么改变？我对Grails来说是全新的，如果这个问题很简单，我很抱歉。

Answer 1

您需要通过在配置文件中指定spring security controller批注静态规则或在控制器上使用安全注释来提供对特定Role的用户/索引的访问权限。

参考：http://grails-plugins.github.io/grails-spring-security-core/v3/index.html#secured-annotation

http://grails-plugins.github.io/grails-spring-security-core/v3/index.html#pessimistic-lockdown

Grails简单注册/登录表单

1 个答案: