发表新帖
发表新帖

Spring Data REST filtering data based on the user

前端 未结
关注
4 1944
無奈伤痛
無奈伤痛 2020-12-15 11:25

If I have a repository setup like the following, making use of Spring Data REST, I can access the data at /receipts and see all data. However, I want to only return data fo

相关标签:
4条回答
  • 花落未央
    2020-12-15 11:58

    Building on @rpr's answer:

    You should be able to reference properties of the joined entity (Storer). In your example if you have Receipt -> Storer -> User you can query the Receipts where Storer.user has a value injected from the Security Context.

    @PreAuthorize("isFullyAuthenticated && (#userName==principal.username)")
Page<Receipt> findByStorer_User(@Param("userName") String userName)
    0 讨论(0)
  • 被撕碎了的回忆
    2020-12-15 12:08

    This issue is a tipical cross-cutting concern so I tried apply AOP. Define Advice and update the args (String storer), as explain at: https://stackoverflow.com/a/46353783/1203628

    @Aspect
@Transactional
@Component
public class FilterProjectsAspect {

@Pointcut("execution(*  com.xxx.ReceiptRepository.findByStorer(..))")
    public void projectFindAll() {
    }

    @Around("projectFindAll()")
    public Object  filterProjectsByUser(final ProceedingJoinPoint pjp) throws Throwable {

        Object[] args = pjp.getArgs();
        for (int i = 0; i < args.length; i++) {
            if (args[i] instanceof String) {
                String storer=(String) args[i];
                // Find storer by user 
                args[i]=storer;  //Update args
            }
        return pjp.proceed(args);
    }

}
    0 讨论(0)
  • 北海茫月
    2020-12-15 12:10

    If you use Spring Security you can use this approach:

    @PreAuthorize("isFullyAuthenticated() && (#userName == principal.username)")
public List<User> findByUserName(@Param("userName")String userName);
    0 讨论(0)
  • 半阙折子戏
    2020-12-15 12:11

    For example, given a Repositoryfor SomeEntity you could override findAll method with a custom @Query filtering by attribute ownerwith value of`#{principal.username}

    @RepositoryRestResource(path = "some-entities", collectionResourceRel = "some-entities", itemResourceRel = "some-entity")
interface SomeEntityRepository extends PagingAndSortingRepository<SomeEntity, String> {
  @Override
  @RestResource(exported = true)
  @Query("select someEntity from SomeEntity someEntity where someEntity.owner = ?#{principal.username}")
  Iterable<SomeResource> findAll();
}
    0 讨论(0)
 看不清?
提交回复
热议问题