Spring Data REST根据用户过滤数据 [英] Spring Data REST filtering data based on the user

问题描述

如果我使用Spring Data REST进行了如下所示的存储库设置，则可以访问/receipts上的数据并查看所有数据.但是，我只想为用户返回数据.我有一个自定义查找程序"findByStorer"，它将执行此操作.我该如何让Spring Data REST使用它并从用户那里获取存储器值，而不是指定查询参数?

If I have a repository setup like the following, making use of Spring Data REST, I can access the data at /receipts and see all data. However, I want to only return data for the user. I have a custom finder "findByStorer" which would do this. How would I get Spring Data REST to use this and get the storer value from the user rather than specifying a query parameter?

@RepositoryRestResource(collectionResourceRel = "receipts", path = "receipts")
public interface ReceiptRepository extends PagingAndSortingRepository<Receipt, BigDecimal> {

    @Query
    public Page<Receipt> findByStorer(String storer, Pageable pageable);
}

我还没有实现任何安全性，所以这个问题目前比理论上更多.

I haven't implemented any security yet, so this question is more theory at the moment than practice.

谢谢.

推荐答案

以@rpr的答案为基础:

Building on @rpr's answer:

您应该能够引用联接实体(存储者)的属性.在您的示例中，如果您具有回执->商店->用户，则可以查询回执，其中Storer.user具有从安全上下文中注入的值.

You should be able to reference properties of the joined entity (Storer). In your example if you have Receipt -> Storer -> User you can query the Receipts where Storer.user has a value injected from the Security Context.

@PreAuthorize("isFullyAuthenticated && (#userName==principal.username)")
Page<Receipt> findByStorer_User(@Param("userName") String userName)

这篇关于Spring Data REST根据用户过滤数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！