Search code examples
grailsspring-securitygsp

Variable not working in a GSP Tag, but working in normal Text

I want to give the logged in User the Possibility to edit his User account with a Quick Link.

For this I created a Link using the correct GSP Tag, and I want to pass the User Id from the Spring Security UserDetails Object, using the correct Helper.

The Problem is that this works, when I am in the GSP Tag, like after Edit my User, but not where I really need it, in the id attribute. 

<g:link controller="user" action="show" id="${sec.loggedInUserInfo(field: "id")}">
    Edit my User ${sec.loggedInUserInfo(field: "id")}
</g:link>

Expected:

<a href="/Backoffice/user/show/1"> Edit my User 1 </a>

Wrong Result:

<a href="/Backoffice/user/show"> Edit my User 1 </a>

The UserDetails Class the Security Tag Lib is accessing is here:

   import org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser
   import org.springframework.security.core.GrantedAuthority

   class UserDetails extends GrailsUser {
       final String displayName
       final String email
       final String gravatarImage

   ...

The id is defined as Object in the GrailsUser Base Class.

class GrailsUser extends User {

private final Object _id

    ...

}

And will be encoded as HTML here:

/**
 * Renders a property (specified by the 'field' attribute) from the principal.
 *
 * @attr field REQUIRED the field name
 */
def loggedInUserInfo = { attrs, body ->

    // TODO support 'var' and 'scope' and set the result instead of writing it

    String field = assertAttribute('field', attrs, 'loggedInUserInfo')

    def source
    if (springSecurityService.isLoggedIn()) {
        source = determineSource()
        for (pathElement in field.split('\\.')) {
            source = source."$pathElement"
            if (source == null) {
                break
            }
        }
    }

    if (source) {
        out << source.encodeAsHTML()
    }
    else {
        out << body()
    }
}

Funny thing is: This works. But I really would like to use consistent gsp Syntax for Links, and I would like to understand why the Code posted on top does not work.

<a href="${createLink( controller : "user", action : "show", id : sec.loggedInUserInfo(field: "id"))}">Edit my User</a>
Solution

  • Looks like wrong quoting - you need to escape " inside of id="...". To keep it simple, try using field: 'id' instead of field: "id".