-
Notifications
You must be signed in to change notification settings - Fork 513
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow unrestricted actions that populate 'user' if signed in #23
Comments
The fact that the getCurrentUser() does not populate the .serviceInfo property is a bug. Thanks for pointing that out. I just fixed it and will provide a new version with it. SecureSocial.getCurrentUser() is the way to get the current user in non secured controllers (that is, not annoteted with @with(SecureSocial.class). If you need the 'user' in the template from non secured controllers you can create your own interceptor and annotate the controller with it or just add a method with a @before annotation that sets it. As you mentioned above. Why is that hackish? If SecureSocial had that built in the implementation would not be that different. I mean, I'd have to provide a controller that just sets the user and you'd have to annotate your controllers with it. |
I fixed the SecureSocial.getCurrentUser() bug and also added a new controller: SecureSocialPublic. You can annotate your public controllers with it and it will set the user in rengerArgs. |
Ok, fantastic. This provides a more all-encompassing solution rather than having to role my own interceptor. Thanks for the prompt response! |
You're welcome. Please give it a shot and let me know if all is ok. |
- Fixes jaliss#23: getCurrentUser() was not setting the .serviceInfo property - Added new SecureSocialPublic controller that sets the current user in renderArgs. This is meant to be used in controllers that are public but still need the user object in the template. - Minor doc changes
SecureSocial is all or nothing when it comes to restricting access. This is a bit limiting. I'd like to have the ability to have an action that is unrestricted but still has access to the 'user' renderArg if the user is signed in.
For example, say I want to have an index page that anyone can go to, but if a user is signed in then they are shown additional content and/or buttons. Right now I cannot do that with SecureSocial. The 'user' renderArg is only populated when the checkAccess interceptor method is called but that method forces login if the user is not logged in.
I'd like the interceptor method to have an option (based on an annotation?) to populate the 'user' renderArg if the user is logged in or simply do nothing.
I can sort of set this up myself now by calling getCurrentUser() in my own interceptor, but that is hackish and furthermore that method does not populate the .serviceInfo property on the user (which might be considered a bug in getCurrentUser() too).
The text was updated successfully, but these errors were encountered: