Permalink
Browse files

When using short links, ask user to sign in when trying to view a non…

…-public study
  • Loading branch information...
ferryjagers committed Oct 12, 2018
1 parent 0bb54ed commit 65d234ce6d75a13814f2a03fde779d3ff93d64cb
@@ -115,19 +115,23 @@ grails.plugin.springsecurity.securityConfigType = grails.plugin.springsecurity.S
grails.plugin.springsecurity.interceptUrlMap = [
'/*': ['permitAll'],
'/home/gotoStudy/*': ['IS_AUTHENTICATED_REMEMBERED'],
'/home/**': ['permitAll'],
'/study/**': ['permitAll'],
'/study/**': ['permitAll'],
'/publication/list': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/login/**': ['permitAll'],
'/logout/**': ['permitAll'],
'/downloads/**': ['permitAll'],
'/error/**': ['permitAll'],
'/info': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/login/**': ['permitAll'],
'/logout/**': ['permitAll'],
'/downloads/**': ['permitAll'],
'/error/**': ['permitAll'],
'/info': ['permitAll'],
// Registration and confirming new accounts
'/register/forgotPassword': ['permitAll'],
@@ -168,7 +172,7 @@ grails.plugin.springsecurity.interceptUrlMap = [
'/userRegistration/confirmAdmin': ['ROLE_ADMIN', 'isFullyAuthenticated()'],
// All other urls are allowed for logged in users
'/**': ['IS_AUTHENTICATED_REMEMBERED']
'/**': ['IS_AUTHENTICATED_REMEMBERED'],
]
@@ -186,6 +186,11 @@ class HomeController {
}
}
def gotoStudy = {
redirect(controller: "study", action: "show", id: params.id)
return
}
// /**
// * Log the user in as admin and jump to the setup wizard
// */
@@ -20,7 +20,6 @@ class ErrorController {
def notFound = {
// substract shortCode from original request uri
def studyId
def shortCode = request.forwardURI.replace("${request.contextPath}/", "")
if ( shortCode ) {
@@ -29,23 +28,29 @@ class ErrorController {
if ( study ) {
def studyId
if ( study.publicstudy ) {
studyId = study.id
}
else {
SecUser user = authenticationService.getLoggedInUser()
if ( user ) {
if (study.canRead(user) ) {
studyId = study.id
}
// User will see study or get 'unauthorized' message
studyId = study.id
}
else {
// User will be asked to sign in
redirect(controller: "home", action: "gotoStudy", id: study.id )
return
}
}
}
if (studyId) {
redirect(controller: "study", action: "show", id: studyId)
return
if ( studyId ) {
redirect(controller: "study", action: "show", id: studyId)
return
}
}
}

0 comments on commit 65d234c

Please sign in to comment.