问题
.please guide me that i have 2 methods in my Controller one is login and second is logout. and 1 role 'user' defined in my DB and i have a user with that role. now what i want to do is that person can login but could not access the logout button. how can i add permission/restrictions that would allow that user not to Logout.
回答1:
Take a look at your other question (http://stackoverflow.com/questions/5815401/how-to-implement-shiro-security-of-grails-in-my-project) and use roleUser.addToPermissions('auth:login,signIn') as permission. This adds the permissions as described in your question: only login is allowed, logout is not in the list and thus not allowed. We have to state not only login which will show the login screen, but also signIn which is the action of the actual sign in.
来源:https://stackoverflow.com/questions/5815189/how-to-restrict-action-in-grails-shiro-security