Why The API Pattern is Broken and How We Can Fix It - Code Sample - Controller Code 1
@Secured(['ROLE_ADMIN', 'ROLE_USER'])
def show(){
// data checks required
// role checks required
if(params.id){
List authorities = springSecurityService.getPrincipal().getAuthorities()
Widget widget
if(authorities.contains(‘ROLE_ADMIN’)){
widget = Widget.get(params.id.toLong())
}else if(authorities.contains(‘ROLE_USER’)){
widget = Widget.getByUsername(params.username)
}
…
}else{
return null
}
}