Login as normal user and as support

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Login as normal user and as support

manuzi1
Hi guys,

I have a problem and I am not able to handle it.

I have a DB (ok now its only the BootStrap) with a support user and many normal users. Here the BootStrap:

    def init = { servletContext ->
                //Testaccount für LOGIN
                new Login(fragebogenID:"test", password:"test1").save()
                //Support
                new Login(fragebogenID:"support", password:"support1").save()
    }

Ok now what should happen:

The normal user (here test) should be able to fill out a form and send it to the server respectively to the DB and save it.

The support. should be only be able to read the Data and can be able to add a comment.

How am I realizing this? I cannot realize it in the LoginController am I right? Because wether a normal user or the support is logging in, I need to redirecet to the same controller and action?

So I have to do it in the view? Furthermore I will have more than one user, so would it be smart first to redirect the support to a list where he can click ona user to watch the form?

Regards
Greetings from Austria,
Manuel
Reply | Threaded
Open this post in threaded view
|

Re: Login as normal user and as support

marcopas
I would suggest you to use the Spring Security Core plugin this will
give you user roles which you can use in your application.
Based on the user role you could build the screen and corresponding controllers.

2012/12/12 manuzi1 <[hidden email]>:

> Hi guys,
>
> I have a problem and I am not able to handle it.
>
> I have a DB (ok now its only the BootStrap) with a support user and many
> normal users. Here the BootStrap:
>
>     def init = { servletContext ->
>                 //Testaccount für LOGIN
>                 new Login(fragebogenID:"test", password:"test1").save()
>                 //Support
>                 new Login(fragebogenID:"support", password:"support1").save()
>     }
>
> Ok now what should happen:
>
> The normal user (here test) should be able to fill out a form and send it to
> the server respectively to the DB and save it.
>
> The support. should be only be able to read the Data and can be able to add
> a comment.
>
> How am I realizing this? I cannot realize it in the LoginController am I
> right? Because wether a normal user or the support is logging in, I need to
> redirecet to the same controller and action?
>
> So I have to do it in the view? Furthermore I will have more than one user,
> so would it be smart first to redirect the support to a list where he can
> click ona user to watch the form?
>
> Regards
>
>
>
> -----
> Greetings from Austria,
> Manuel
> --
> View this message in context: http://grails.1312388.n4.nabble.com/Login-as-normal-user-and-as-support-tp4638913.html
> Sent from the Grails - user mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>     http://xircles.codehaus.org/manage_email
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Login as normal user and as support

manuzi1
Hy marcopas,

OK I read in and tried that plugin and I have the roles and now?

How do I say to the project that when the support is logging in, that he is only allowed to read the form in the index.gsp and the user is allowed to change something in the form in the index.gsp?
Greetings from Austria,
Manuel
Reply | Threaded
Open this post in threaded view
|

Re: Login as normal user and as support

Schlogen
You need to read the documentation of the spring security core plugin.

Spring Security Core User Guide.
Reply | Threaded
Open this post in threaded view
|

Re: Login as normal user and as support

manuzi1
I did.... I mean not all, I have not the time for this.
Greetings from Austria,
Manuel
Reply | Threaded
Open this post in threaded view
|

Re: Login as normal user and as support

Nicholas Wittstruck
You should take the time since security is something that should be done right.. But to give you a pointer:

This part will show you how to use the SecurityTagLib to render different parts of a gsp depending on the role.

In your case this would be:
<sec:ifAllGranted roles="ROLE_SUPPORT">display form</sec:ifAllGranted>
<sec:ifAllGranted roles="ROLE_USER">allow to edit form</sec:ifAllGranted>


On 12.12.2012, at 15:43, manuzi1 <[hidden email]> wrote:

I did.... I mean not all, I have not the time for this.



-----
Greetings from Austria,
Manuel
--
View this message in context: http://grails.1312388.n4.nabble.com/Login-as-normal-user-and-as-support-tp4638913p4638935.html
Sent from the Grails - user mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email



Reply | Threaded
Open this post in threaded view
|

Re: Login as normal user and as support

manuzi1
ty nicholas for your answear.

it works, so when i decide what a role is allowed to see than i always make it over the views and nothing over the controller?

and how can i use this plugin with the database? how has the DB to look like? with these roles?
Greetings from Austria,
Manuel
Reply | Threaded
Open this post in threaded view
|

Re: Login as normal user and as support

manuzi1
noone who can help? :)
Greetings from Austria,
Manuel
Reply | Threaded
Open this post in threaded view
|

Re: Login as normal user and as support

honiewelle
Hi,

You might need to go through this tutorial to better understand on
setting up grails spring security:

http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/single.html#23%20Tutorials


On Mon, Dec 17, 2012 at 3:54 PM, manuzi1 [via Grails]
<[hidden email]> wrote:
> noone who can help? :)


regards
Reply | Threaded
Open this post in threaded view
|

Re: Login as normal user and as support

Nicholas Wittstruck
In reply to this post by manuzi1
You should still check in the controller that the user has the permission to execute an action. If you have a actions that should only be accessible by a certain role, you can use the annotations (see the docs.)

I am not sure if I am getting your second question. The plugin uses ordinary domain objects for the role, so they will be generated as every other domain class.

Cheers,

Nicholas

On 13.12.2012, at 19:05, manuzi1 <[hidden email]> wrote:

> ty nicholas for your answear.
>
> it works, so when i decide what a role is allowed to see than i always make
> it over the views and nothing over the controller?
>
> and how can i use this plugin with the database? how has the DB to look
> like? with these roles?
>
>
>
> -----
> Greetings from Austria,
> Manuel
> --
> View this message in context: http://grails.1312388.n4.nabble.com/Login-as-normal-user-and-as-support-tp4638913p4639024.html
> Sent from the Grails - user mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email