grails domain object null check not working - grails 2.3.7

Question

I am working on grails application, where I have a Profile domain for every User. There are two ways to view and edit profile of a user -

1. The user clicks on the header link called Profile, so he can view his profile and edit it if needed.
2. The admin can view profile of any user by clicking a user link from the list of all users.

So in the first case if a user himself is checking his profile then on the controller side I am checking the user using spring security method "springSecurityService.currentUser". While in second case, if the admin is checking the profile of a user then userInstance is passed to the controller action.

Problem arises when I am using it for the first case, ie User himself is checking his profile. Here when I check for null of userInstance parameter using if/else condition, the userInstance passes null check even though it is null. And when I print it on console it gives me a null pointer exception.

Code is-

def show(User userInstance){
    println("Inside show action of profileController")

    println("userInstance: " + userInstance)            //Output- userInstance: null

    if(userInstance != null){
        println("userInstance: " + userInstance)        //Output- userInstance: null
    }else{
        println("userInstance is null")                 //It never prints even though userInstance is null

        userInstance = springSecurityService.currentUser
    }

    //More functionality to come
}

So basically its very basic thing but I am not able to figure it out, why is it not checking for null but sill printing as null.

Answer 1

Use this approach : Forget about isNull function but , and also forget about userIntance == null statement and try this !userInstance ,it works as follow!!!

Example

var user = User.get(10);

According to you :

def show(User userInstance){
    println("Inside show action of profileController")

    println("userInstance: " + userInstance)            //Output- userInstance: null

    if(!userInstance){
        println("userInstance: " + userInstance)        //Output- userInstance: null
    }else{
        println("userInstance is null")                 //It never prints even though userInstance is null

        userInstance = springSecurityService.currentUser
    }

    //More functionality to come
}

Check this groovy script example on groovy Console Here

Answer 2

when I check for null of userInstance parameter using if/else condition, the userInstance passes null check even though it is null.

This implies a pretty fundamental bug in the Groovy compiler, which I doubt. Try this instead:

def show(User userInstance){
    userInstance = userInstance ?: springSecurityService.currentUser
}

Presumably when an admin is viewing a user's profile, the ID of the user is passed as a request parameter? If so, what's to stop a malicious user who knows (or guesses) the ID of another user, from accessing their profile?