Grails with SpringSecurity, check if the current user can access controller / action

Question

I\'m currently developing a menu for my application that should be able to display only the controllers that the current user can access (requestmap defined in the database).

Answer 1

When dealing with permissions in views and taglibs, you can use the AuthorizeTagLib that's provided by the plugin.

For example, if you don't want a menu item to appear in your list for unauthenticated users, you might use:

  
Restricted Link

If you have more specific roles defined and those roles are tied to your controller/action request mapping, you can use other tags, such as:

  
Administrator Link

In my experience, there's not yet a good way to tie the request mapping to your markup - I think you're going to have to use some of the above tags to limit access to content within a particular GSP.

I think that Burt Beckwith has a future modification (and is currently providing a beta version) to the plugin that integrates some ACL stuff that might solve this problem better in the future, but for now, I think the best approach is a hybrid request map + GSP tags one.