Consider the following object:
class user {long user id string email address; Boolean lock; } If I apply a endpoint to the user resource, then it is as follows: @controller public Class UserController {@RequestMapping (Value = "/ user / {userId}", method = RequestMethod.PUT) public void updateUser (@PathVariable ("userId") Long userId, User updatedUser) {user dbUser = userRepository.find (userId) // map updatedUser DbUser userRepository.save (dbUser); }} Is currently a standard way of exposing the end code to / user / {userId} , but specific areas updates based on user privileges To limit? With the example ROLE_ADMIN , users may want to restrict updates to the isLocked property, while still updating their email address to the user. Can allow. Note - This question is not strictly related to Spring Haetos - I am interested in any spring standard solution to this problem. "post-text" itemprop = "text">
Two possibilities come into my mind:
- Verification (
@Valid - Binder Configuration (
@InitBinder ) You can validate incoming objects and check such changes . Or you can set up WebDataBinder # setAllowedFields within your @initbinder method, depending on the user's rights, the latter will probably be the easiest way, but instead of returning the verification error your application Completely ignore the field
No comments:
Post a Comment