# Object Permission Control
# Basic Permission Control
For permission control logic without complex logic, unrelated to operating object data, and only related to its type, the interface configuration method can be used. If you need to determine whether a user can operate an object based on the values in the object, such as the values of certain fields combined with the current user's role, you need to use customized development to implement it.
TIP
The following content is only for explaining how the system works. In the current version of the system, for object creation and modification operations, there is no need to directly configure RequestMap to control permissions. You only need to configure the enable roles field in the object form to implement permission control.
The following reference content is for troubleshooting when problems occur.
By default, object permission control is set according to whether the API port created by the object is exposed to a certain role. This setting is set in Request Map. In the following document, taking the object DomainObject as an example, the relevant permission configuration for this type of object is explained.
# View Permission
If you want to grant a certain role ROLE_A the viewing permission for this object, you need to insert the following records in Request Map
HttpMethod, Config Attribute, Url
GET,"ROLE_A",/
GET,"ROLE_A",/DomainObject/**
GET,"ROLE_A",/domain/DomainObject
GET,"ROLE_A",/DomainObject/**
2
3
4
5
# Create Permission
If you need to grant its creation permission to a certain role ROLE_A, you need to create the following related records in the Request Map object:
HttpMethod: POST
Config Attribute: ROLE_A
Url: /DomainObject
2
3
# Edit Permission
If you need to grant its editing permission to a certain role ROLE_A, you need to create the following related records in the Request Map object:
HttpMethod: PUT
Config Attribute: ROLE_A
# For old deprecated Grails GORM defined Domain Class, its Url
Url: /DomainObject/**
2
3
4
# Delete Permission
If you need to grant its deletion permission to a certain role ROLE_A, you need to create the following related records in the Request Map object:
HttpMethod: DELETE
Config Attribute: ROLE_A
Url: /DomainObject/**
2
3
# Dynamic Permissions
The system can dynamically judge whether a user has the right to create, modify, or delete an object at runtime based on the attribute values of the object, the current user's role, and other information. The customization method is detailed as follows.
# Dynamic Create Permission
For dynamic creation permission judgment of objects, you need to create the following Dynamic Object Hook object
Hook Type: Select Object create ability
Object Type: Select the object type to which this customized logic applies
Core Logic: Select the specific judgment implementation logic
2
3
# Injected Variables
The injected variables that can be used are shown in the following table:
| Variable Name | Variable Type | Description |
|---|---|---|
objectType | Class<?> | The current operating object type |
userContext | grails.plugin.springsecurity.userdetails.GrailsUser | The current operating user information |
application | grails.core.GrailsApplication | The current grails application context |
log | Closure<?> | The log closure for printing execution logs |
# Return Result
The customized code needs to return a Map<String, Boolean> object, which contains an element with the key create, as shown in the following example:
// ๆฌ่กไปฃ็ ่ฟๅๅ
่ฎธ็จๆทๅๅปบ่ฏฅๅฏน่ฑก
// Allow user to create this object
return ['create': true] 2
# Dynamic Modify and Delete Permissions
For dynamic modification and deletion permission judgment of objects, you need to create the following Dynamic Object Hook object
Hook Type: Select Update/delete ability
Object Type: Select the object type to which this customized logic applies
Core Logic: Select the specific judgment implementation logic
2
3
and the corresponding Dynamic Object Hook object
# Injected Variables
The injected variables that can be used in the customized code are shown in the following table:
| Variable Name | Variable Type | Description |
|---|---|---|
objectType | Class<?> | The current operating object type |
userContext | grails.plugin.springsecurity.userdetails.GrailsUser | The current operating user information |
objectValue | grails.core.GrailsDomainClass | Please use the object parameter Deprecated |
object | grails.core.GrailsDomainClass | The current operating object, the type is the current operating object type |
application | grails.core.GrailsApplication | The current grails application context |
log | Closure<?> | The log closure for printing execution logs |
# Return Result
The customized code needs to return a Map<String, Boolean> object, which contains elements with keys update and delete, as shown in the following example:
//่ฟๅๅ
่ฎธ็จๆทๆดๆฐ่ฏฅๅฏน่ฑก๏ผไฝไธๅ
่ฎธ็จๆทๅ ้ค่ฏฅๅฏน่ฑก
//Allow user to update this object, but not allow user to delete this object
return [
result: [
'update': true,
'delete': false
]
] 2
3
4
5
6
7