Closed nickdos closed 10 years ago
It turns out this was caused by a line in the external config file, which was:
security.cas.bypass=false
It turns out grails doesn't coerce "false" into a bool from an external config file, it comes out as a string. Then in the auth service the isUserInRole doesn't check that the security.cas.bypass value is a bool and just accepts its truthy value (the truthy value of the String "false" being true).
Something snarky about dynamic typing.
You have to do a toBoolean()
on any config vars that you are expecting to be a Boolean (where apps use an external properties file)...
E.g. from biocache-hubs - ${grailsApplication.config.skin.useAlaBie?.toBoolean()}
The alternative is we move away from external properties files and use external groovy files (where types are preserved)...
IMO the alternative is to use Scala... ;)
Admin drop-down menu and edit/example/copy buttons are visible when user is not logged in. These should only be displayed if user is logged in and user has appropriate role.