In Grails, you can restrict url access depending on role of user.
1. In Controller:
In controller, you can you can restrict access to methods (i.e. pages) by using @secured annotation as shown below:
import grails.plugin.springsecurity.annotation.Secured
@Secured(["ROLE_ADMIN"])
def index(Integer max) {
…
}
In above example, only user having ROLE_ADMIN will be able to access index page.Likewise, you can give multiple roles also as shown below:
@Secured(["ROLE_ADMIN","ROLE_ORG_ADMIN"])
2. In View:
You can restrict access on view using SecurityTagLib as shown below:
<sec:ifAnyGranted roles=”ROLE_ADMIN,ROLE_ORG_ADMIN”>
<a href=”${createLink(controller:’leave’ ,action: ‘teamLeaveCalendar’)}”>Team Leave calender</a>
</sec:ifAnyGranted>
Like <sec:ifAnyGranted></sec:ifAnyGranted>, you can use <sec:ifAllGranted></sec:ifAllGranted>, <sec:ifNotGranted></sec:ifNotGranted>
ProsperaSoft offers Grails development solutions. You can email at info@prosperasoft.com to get in touch with ProsperaSoft Grails experts and consultants.