Permalink
Browse files

Merge pull request #487 from joemccall86/add-attributes-taglib

Support all link attributes for sec:access tag
  • Loading branch information...
graemerocher committed Aug 17, 2017
2 parents 2cc84c9 + ced5a3a commit e926c63ca7eceef5112d2b13bded5a574f69dfb3
Showing with 7 additions and 15 deletions.
  1. +7 −15 grails-app/taglib/grails/plugin/springsecurity/SecurityTagLib.groovy
@@ -14,6 +14,7 @@
*/
package grails.plugin.springsecurity
import grails.web.mapping.LinkGenerator
import org.springframework.expression.EvaluationContext
import org.springframework.expression.Expression
import org.springframework.security.access.expression.ExpressionUtils
@@ -233,23 +234,14 @@ class SecurityTagLib {
return ExpressionUtils.evaluateAsBoolean(expression, ctx)
}
String url = attrs.remove('url')
if (!url) {
String controller = attrs.remove('controller')
String mapping = attrs.remove('mapping')
if (!controller && !mapping) {
throwTagError "Tag [$tagName] requires an expression, a URL, or controller/action/mapping attributes to create a URL"
}
if (mapping) {
url = g.createLink(mapping: mapping)
}
else {
String action = attrs.remove('action')
url = g.createLink(controller: controller, action: action, base: '/')
}
Map urlAttributes = attrs.subMap(LinkGenerator.LINK_ATTRIBUTES)
if (!urlAttributes) {
throwTagError "Tag [$tagName] requires an expression, a URL, or controller/action/mapping attributes to create a URL"
}
String url = g.createLink(urlAttributes)
String method = attrs.remove('method') ?: 'GET'
String method = urlAttributes.remove('method') ?: 'GET'
return webInvocationPrivilegeEvaluator.isAllowed(request.contextPath, url, method, auth)
}

0 comments on commit e926c63

Please sign in to comment.