Checking Permissions on Ajax Requests

Question

Grails 1.3.1 spring-security-core 0.4 jQuery 1.4.x

I need to figure out how to check security permissions on ajax requests. For example, I have a calendar displayed in a tab using the FullCalendar jQuery plugin. When I double click a day I display a New Event screen in a new tab. This is done like so:

$(tabId).load(contextPath + '/event/create', {tabId:tabId}, function() {
     setupEvent(tabId, date, now);
});

So right now, if the user who is trying to create a new event doesn't have the correct permissions, the new tab shows a permission denied message. I'd rather not display a new tab at all and probably would prefer to show a dialog with the error message. Anyone have any awesome ideas on how to address this?

Answer 1

You'll need to upgrade from the jQuery.load function to jQuery.ajax. Your controller action could return status code 401 for unauthorized. I think the jQuery.ajax error will get called back then, and you can respond appropriately.

i.e.

$.ajax({
  url: contextPath + '/event/create',
  data: {tabId:tabId},
  success: function(data) {
    $j(tabId).html(data);
    setupEvent(tabId, date, now);
  },
  error: function(xhr, textStatus) {
    if (xhr.status == 401) {
      alert("Unauthorized.");
    }
  }
});