Deprecated: Function get_magic_quotes_gpc() is deprecated in /home/styllloz/public_html/qa-include/qa-base.php on line 1175

Warning: session_start(): Cannot start session when headers already sent in /home/styllloz/public_html/qa-include/app/users.php on line 162

Warning: Cannot modify header information - headers already sent by (output started at /home/styllloz/public_html/qa-include/qa-base.php:1175) in /home/styllloz/public_html/qa-include/app/users.php on line 1267

Warning: Cannot modify header information - headers already sent by (output started at /home/styllloz/public_html/qa-include/qa-base.php:1175) in /home/styllloz/public_html/qa-include/app/page.php on line 356
How to distinguish between the functionality of the page depending on user role? - code-flow.club | Q&A

How to distinguish between the functionality of the page depending on user role?


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/public_html/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
97 views
When you create a web application based on spring fraemwork using spring security creates a form of authentication. There are 2 user - admin and user. Depending on the user role, after the successful login to load index.html with different content? So there are page icons A and B, which lead to other pages of the website. You need to make for the administrator was available as both icons and user icon A.
by | 97 views

1 Answer

0 like 0 dislike
You can restrict the functionality at different levels.
For example, you can restrict the functionality on the template level. If you are using the thymeleaf templating engine, it is likely you will need to add to Gradle || Maven
implementation group: 'org.thymeleaf.extras', name: 'thymeleaf-extras-springsecurity5', version: '3.0.4.RELEASE'

And then in template paste - sec:authorize="hasAuthority('ADMIN')"
For example,
\r<!-- Увидит только админ-->\r


It is also possible at the controller level to limit access:
@PreAuthorize("hasAuthority('ADMIN')")

Depending on the user role, after the successful login to load index.html with different content?

I usually do the following:
After login get the current authenticated user
@AuthenticationPrincipal UserDetails currentUser
Find the user and check his rights:
User user = (User) userService.findUserByEmail(currentUser.getUsername());

Using if() {} else {} give a particular content.
For example,
@GetMapping("/dashboard") public String dashboard( @AuthenticationPrincipal UserDetails currentUser, Model model ) { model.addAttribute("pageTitle","control Panel"); User user = (User) userService.findUserByEmail(currentUser.getUsername()); if(user.isAdmin()) { model.addAttribute("posts", posts.getAdminPosts()); } else { model.addAttribute("posts", posts.getUserPosts()); } return "backend/dashboard"; }
by

Related questions

110,608 questions
257,186 answers
0 comments
35,179 users