Restrict access to data to grails

Asked Feb 08 '18 at 10:21

Active Feb 10 '18 at 18:22

Viewed 78 times

There is a large table with data.

On the site, each user is given access only to a certain set of data from the table (a selection is made according to certain criteria).

But in the URL line, he can change the number to get access to any data from the table.

How can I restrict access to data from the URL string?

For example: there is a table of goods. 1 and 3 are available to the user. URL: shop.com/goods/show/1 or shop.com/goods/show/3 but he can also go and see the goods under the numbers 2 - shop.com/goods/show/2.

How can this be avoided?

I created a domain class, based on it I created a table. The controller was created automatically with the basic methods of index, show, edit, etc. I make a selection using the createCriteria() in the index method

grails v3.3.0

edited Feb 10 '18 at 18:22

asked Feb 08 '18 at 10:21

cat1244

1

Does the URL go through a controller? If not, think you're going to have a add one, and check the auth in there – tim_yates Feb 08 '18 at 10:30
How is the user presented with their limited options? use the same logic when accessing the table – Mike W Feb 08 '18 at 10:48

Restrict access to data to grails

0 Answers0