Spring Security UI Grails only搜索/创建/编辑管理员用户?
我目前正在Grails中开发一个解决方案,并安装了以下安全插件:Spring Security UI Grails only搜索/创建/编辑管理员用户?,grails,user-interface,spring-security,admin,Grails,User Interface,Spring Security,Admin,我目前正在Grails中开发一个解决方案,并安装了以下安全插件: Spring安全内核 Spring安全用户界面 我基本上会有一个具有以下安全结构的解决方案: 超级用户 管理员(针对不同的业务领域) 用户(不同业务领域内) 因此,基本上我安装了Spring Security UI,以允许各个业务区域管理员管理他们自己的区域,他们应该能够使用该UI,以便只允许他们在自己的区域中搜索用户,在自己的区域中创建用户,并只在自己的区域中编辑用户。然而,SpringSecurityUI允许有访问权限
- Spring安全内核
- Spring安全用户界面
- 超级用户
- 管理员(针对不同的业务领域)
- 用户(不同业务领域内)
def userSearch = {
boolean useOffset = params.containsKey('offset')
setIfMissing 'max', 10, 100
setIfMissing 'offset', 0
def hql = new StringBuilder('FROM ').append(lookupUserClassName()).append(' u WHERE 1=1 ')
def queryParams = [:]
def userLookup = SpringSecurityUtils.securityConfig.userLookup
String usernameFieldName = userLookup.usernamePropertyName
for (name in [username: usernameFieldName]) {
if (params[name.key]) {
hql.append " AND LOWER(u.${name.value}) LIKE :${name.key}"
queryParams[name.key] = params[name.key].toLowerCase() + '%'
}
}
String enabledPropertyName = userLookup.enabledPropertyName
String accountExpiredPropertyName = userLookup.accountExpiredPropertyName
String accountLockedPropertyName = userLookup.accountLockedPropertyName
String passwordExpiredPropertyName = userLookup.passwordExpiredPropertyName
for (name in [enabled: enabledPropertyName,
accountExpired: accountExpiredPropertyName,
accountLocked: accountLockedPropertyName,
passwordExpired: passwordExpiredPropertyName]) {
Integer value = params.int(name.key)
if (value) {
hql.append " AND u.${name.value}=:${name.key}"
queryParams[name.key] = value == 1
}
}
int totalCount = lookupUserClass().executeQuery("SELECT COUNT(DISTINCT u) $hql", queryParams)[0]
Integer max = params.int('max')
Integer offset = params.int('offset')
String orderBy = ''
if (params.sort) {
orderBy = " ORDER BY u.$params.sort ${params.order ?: 'ASC'}"
}
def results = lookupUserClass().executeQuery(
"SELECT DISTINCT u $hql $orderBy",
queryParams, [max: max, offset: offset])
def model = [results: results, totalCount: totalCount, searched: true]
// add query params to model for paging
for (name in ['username', 'enabled', 'accountExpired', 'accountLocked',
'passwordExpired', 'sort', 'order']) {
model[name] = params[name]
}
render view: 'search', model: model
}
def results = lookupUserClass().executeQuery(
"SELECT DISTINCT u $hql $orderBy",
queryParams, [max: max, offset: offset])
我想我只需要修改这个语句,以便它查找当前登录的用户“区域”与用户相同的用户列表。有人能帮我吗 编辑2 我现在已经研究了这个问题,并且已经能够获得用户区域,现在我需要做的就是修改对数据库的查询,以查找与管理员搜索具有相同区域的用户。我尝试了以下方法,但运气不好,有人能帮我吗?因为我知道这一定很简单,只是似乎无法达到目的
def user = springSecurityService.currentUser
def userArea = user.area
def hql = new StringBuilder('FROM ').append(lookupUserClassName()).append(' u WHERE 1=1 AND u.area = userArea')
String username = params.term
String usernameFieldName = SpringSecurityUtils.securityConfig.userLookup.usernamePropertyName
def user = springSecurityService.currentUser
setIfMissing 'max', 10, 100
def results = lookupUserClass().executeQuery(
"SELECT DISTINCT u.$usernameFieldName " +
"FROM ${lookupUserClassName()} u " +
"WHERE LOWER(u.$usernameFieldName) LIKE :name AND LOWER(u.area) = :area " +
"ORDER BY u.$usernameFieldName",
[name: "${username.toLowerCase()}%"],
[area: "user.area"],
[max: params.max])
[area: user.area]
控制器正在构建一个HQL查询,因此您不能只说“
WHERE u.area=userAreaqueryParams def user = springSecurityService.currentUser
def hql = new StringBuilder('FROM ').append(lookupUserClassName()).append(
' u WHERE u.area = :userArea ')
def queryParams = [userArea:user.area]
LOWER区域下限(u.area)=:区域 [name: "${username.toLowerCase()}%", area:user.area.toLowerCase()],
有人能帮我吗?我只需要一种方法来找出哪个区域(这在spring安全域模型中以字符串形式存在)当前登录的用户已登录,然后修改MYSQL命令以仅查找同一区域的用户??非常感谢,似乎已解决了问题的第一部分:-)我现在只需修改Ajax元素以基于相同参数进行更新。有关详细信息,请参阅我文章中的编辑,我非常感谢您的帮助:-)
[name: "${username.toLowerCase()}%", area:user.area.toLowerCase()],