Home/ Questions/Q 4624648
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T03:09:33+00:00

This question has some code to add to the controller closure, which is fine,

  • 0

This question has some code to add to the controller closure, which is fine, but what if I want to use the grails default scaffolding views but only have the edit/update buttons appear if the user is a manager, or the domain object is owned by the user? Reading the documentation, I’ve tried:

<sec:access expression="hasRole('ROLE_MANAGER') || (projectInstance.owner == springSecurityService.currentUser)">
   <span class="button"><g:actionSubmit class="save" action="update" value="${message(code: 'default.button.update.label', default: 'Update')}" /></span>
</sec:access>

But the access class doesn’t seem to allow ORs:

Error processing GroovyPageView: Error executing tag <g:form>: Error executing tag <sec:access>: Cannot handle (124) '|'

Anyone done something similar?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’ve decided that would be stupid. A better approach is to do it in the controller as:

     def edit = {
    def projectInstance = Project.get(params.id)
    def managerOrAdmin = SpringSecurityUtils.ifAnyGranted('ROLE_ADMIN,ROLE_MANAGER')
    def editable = (projectInstance.owner == springSecurityService.currentUser
                   || managerOrAdmin)
    if (!projectInstance) {
        flash.message = "${message(code: 'default.not.found.message', args: [message(code: 'project.label', default: 'Project'), params.id])}"
        redirect(action: "list")
    }
    else {
        return [projectInstance: projectInstance, editable:editable]
    }
}

    and then in the gsp do 

    <g:if test="${editable}">
  <span class="button"><g:actionSubmit class="save" action="update" value="${message(code: 'default.button.update.label', default: 'Update')}" /></span>
</g:if>

    which makes sense, if we follow the good programming mantra of “views should do as little processing logic as possible in MVC”

    • 0