Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow unrestricted actions that populate 'user' if signed in #23

Closed
bnahas opened this issue Jan 22, 2012 · 4 comments
Closed

Allow unrestricted actions that populate 'user' if signed in #23

bnahas opened this issue Jan 22, 2012 · 4 comments

Comments

@bnahas
Copy link

bnahas commented Jan 22, 2012

SecureSocial is all or nothing when it comes to restricting access. This is a bit limiting. I'd like to have the ability to have an action that is unrestricted but still has access to the 'user' renderArg if the user is signed in.

For example, say I want to have an index page that anyone can go to, but if a user is signed in then they are shown additional content and/or buttons. Right now I cannot do that with SecureSocial. The 'user' renderArg is only populated when the checkAccess interceptor method is called but that method forces login if the user is not logged in.

I'd like the interceptor method to have an option (based on an annotation?) to populate the 'user' renderArg if the user is logged in or simply do nothing.

I can sort of set this up myself now by calling getCurrentUser() in my own interceptor, but that is hackish and furthermore that method does not populate the .serviceInfo property on the user (which might be considered a bug in getCurrentUser() too).
@bnahas bnahas mentioned this issue Jan 22, 2012
Closed
@jaliss
Copy link
Owner

jaliss commented Jan 23, 2012

The fact that the getCurrentUser() does not populate the .serviceInfo property is a bug. Thanks for pointing that out. I just fixed it and will provide a new version with it.

SecureSocial.getCurrentUser() is the way to get the current user in non secured controllers (that is, not annoteted with @with(SecureSocial.class). If you need the 'user' in the template from non secured controllers you can create your own interceptor and annotate the controller with it or just add a method with a @before annotation that sets it. As you mentioned above.

Why is that hackish? If SecureSocial had that built in the implementation would not be that different. I mean, I'd have to provide a controller that just sets the user and you'd have to annotate your controllers with it.

@jaliss jaliss closed this as completed in 7030d21 Jan 23, 2012
@jaliss
Copy link
Owner

jaliss commented Jan 23, 2012

I fixed the SecureSocial.getCurrentUser() bug and also added a new controller: SecureSocialPublic. You can annotate your public controllers with it and it will set the user in rengerArgs.

@bnahas
Copy link
Author

bnahas commented Jan 23, 2012

Ok, fantastic. This provides a more all-encompassing solution rather than having to role my own interceptor. Thanks for the prompt response!

@jaliss
Copy link
Owner

jaliss commented Jan 23, 2012

You're welcome. Please give it a shot and let me know if all is ok.

vmunier pushed a commit to vmunier/securesocial that referenced this issue Oct 8, 2013
@jaliss
- Fixes jaliss#22: CSS typo in main.html
63515fc 
- Fixes jaliss#23: getCurrentUser() was not setting the .serviceInfo property
- Added new SecureSocialPublic controller that sets the current user in renderArgs. This is meant to be used in controllers that are public but still need the user object in the template.
- Minor doc changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jaliss @bnahas