grails 3; Seeing your own data with Spring Security

Question

Grails : 3.3.0 Spring Security : 3.2.0.M1

I have done some research on this and I have found out that answer from (Seeing only your own data in Grails) post might be the answer I am looking for, but somehow it doesn't work.

This is how I capture the logged-in user and try to filter out and just to let logged-in user to view his own data. (This is my Task controller) By the way what is the use of [tasks:tasks]

def index(Integer max) {

    def authenticated = getAuthenticatedUser().username
    def tasks = User.findAllByUsername(authenticated)
    [tasks: tasks]
    params.max = Math.min(max ?: 10, 100)
    respond Task.list(params), model:[tasks: Task.count()]
}

This is my Task domain

class Task {

    transient springSecurityService
    
    String task
    Project project
    Pic picName
   
    static hasMany = [subTask:Subtask]
    static belongsTo =[Project,Pic,User]
    }
    

Please give me some suggestion or please let me know where did I make mistake! Thanks in advance! Best Regards, Hee

Answer 1

I have done by calling out "tasks" at gsp. It's working for me

 def     authenticated = getAuthenticatedUser().username
        
        def     tasks = Task.findAllByLogginUser(authenticated)
        
        params.max = Math.min(max ?: 10, 100)
        respond Task.list(params), model:[tasks:tasks] // [tasks:tasks] is to passing tasks into my domain

Then I just call out from my domain class ${tasks}

Answer 2

I Don't think your requirement is not related to Spring Security.

Regarding the "By the way what is the use of [tasks:tasks]" - it looks like you have two return point in the code so you need to fix it - in groovy you can omit the "return" if you are in the last line - so I assume this line is a return of model that includes task list - but the code continues after it...

1. if any Task belongs to User then you shuld use:

   User user = getAuthenticatedUser() // method for getting the curren user
   params.max = Math.min(max ?: 10, 100) // any query params you want to add
   def tasks = Task.findAllByUser(user, params) //get the user Tasks using the query params
   

then return the data + any other data like count etc.

2. you can consider not to use the multiple belongsTo it make your model too complicated without need:

   static belongsTo =[Project,Pic,User]
   

   in the case of Task belongs to user you can keep user id or username for each task and then query by this property - for example:

   class Task {
   
   transient springSecurityService 
   
   String username  // not unique
   String task
   Project project
   Pic picName
   
   static hasMany = [subTask:Subtask]
   static belongsTo =[Project,Pic]
   }
   
   def username = getAuthenticatedUser().username // method for getting the current username.
   params.max = Math.min(max ?: 10, 100) // any query params you want to add.
   def tasks = Task.findAllByUsername(username, params) get the user Tasks using the query params.
   

3. BTW keeping a service in a domain model is not a good practice - use the service by injecting it in your controller / Service

   transient springSecurityService