Grails with SpringSecurity, check if the current user can access controller / action

Question

I\'m currently developing a menu for my application that should be able to display only the controllers that the current user can access (requestmap defined in the database).

Answer 1

As far as I can tell, there doesn't look like there's an easy way to do it.

You can inject an instance of the grails AuthenticatedVetoableDecisionManager which is a concrete class of spring's AbstractAccessDecisionManager by doing this:

def accessDecisionManager

This has a "decide" method on it that takes 3 parameters

decide(Authentication authentication, Object object, ConfigAttributeDefinition config)

This is probably the method that you'd need to call and pass in the right things to figure out if the user with the auth creds can access that "object" (which looks like it's normally a request/response). Some additional digging around might prove out something workable here.

Short term, it's probably easier to use the ifAnyGranted taglib as another poster mentions.