I'm trying to set a hiddenField in a "create" view, where the field is set to the id of the currently logged in user. Which you get from the "springSecurityService.principal.id" property.
I was wondering if it was possible to do this exclusively from the template instead of passing the value from a controller. e.g.
<%@ page import="grails.plugins.springsecurity.SpringSecurityService" %>
<% def springSecurityService %>
<html>
...
...
<g:hiddenField name="user.id" value="${springSecurityService.principal.id}"/>
...
I tried this code, but ended up getting a NullPointer exception with reference to the "principal" property.
Is there any way to do this or do I have to explicitly pass the id of the currently logged in user from the "create" method?
NOTE: Yes I know that it's trivial for anyone to construct a POST request with a doctored hidden field. There are checks in the controller code to ensure that the currently logged in user can only create, edit, delete their own posts. My question is more to do with not having to type out the code to pass the currently logged in user to three different views.
try using following syntax
<g:hiddenField name="user.id" value="${sec.loggedInUserInfo(field:"id")}"/>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With