...
For example, this Groovy expression tests users for the "Cities" access grant in the "store city" field in the "store" table:
| Code Block | ||
|---|---|---|
| ||
<filterExpression>store.store_city in (groovy('authentication. |
...
getPrincipal ().getAttributes().find{ it.attrName == "Cities" }.attrValue.split(",").collect {"''" |
...
+ it + "''" }.join(",").replaceFirst("^''","").replaceFirst("''\$","")')) |
...
</filterExpression > |
Using profile attributes enables you to obtain similar results with simpler expressions. The example below uses a principal expression to find all users with the "Cities" profile attribute, then it uses a filter expression to grant access only to the users among them whose "Cities" profile attribute is San Francisco:
| Code Block | ||
|---|---|---|
| ||
<resourceAccessGrant id="Jointree_1_row_access_grant_2" |
...
> <principalExpression> <![CDATA[authentication.getPrincipal().getAttributes().any{it.getAttrName() in ['Cities'] |
...
&&it.getAttrValue() in ['San Francisco'] }]] |
...
> </principalExpression> <filterExpression>store.store_city in ('San Francisco')</ |
...
filterExpression> </resourceAccessGrant> |