Spring Data REST根据用户过滤数据 [英] Spring Data REST filtering data based on the user
问题描述
如果我使用Spring Data REST进行了如下所示的存储库设置,则可以访问/receipts上的数据并查看所有数据.但是,我只想为用户返回数据.我有一个自定义查找程序"findByStorer",它将执行此操作.我该如何让Spring Data REST使用它并从用户那里获取存储器值,而不是指定查询参数?
If I have a repository setup like the following, making use of Spring Data REST, I can access the data at /receipts and see all data. However, I want to only return data for the user. I have a custom finder "findByStorer" which would do this. How would I get Spring Data REST to use this and get the storer value from the user rather than specifying a query parameter?
@RepositoryRestResource(collectionResourceRel = "receipts", path = "receipts")
public interface ReceiptRepository extends PagingAndSortingRepository<Receipt, BigDecimal> {
@Query
public Page<Receipt> findByStorer(String storer, Pageable pageable);
}
我还没有实现任何安全性,所以这个问题目前比理论上更多.
I haven't implemented any security yet, so this question is more theory at the moment than practice.
谢谢.
推荐答案
以@rpr的答案为基础:
Building on @rpr's answer:
您应该能够引用联接实体(存储者)的属性.在您的示例中,如果您具有回执->商店->用户,则可以查询回执,其中Storer.user具有从安全上下文中注入的值.
You should be able to reference properties of the joined entity (Storer). In your example if you have Receipt -> Storer -> User you can query the Receipts where Storer.user has a value injected from the Security Context.
@PreAuthorize("isFullyAuthenticated && (#userName==principal.username)")
Page<Receipt> findByStorer_User(@Param("userName") String userName)
这篇关于Spring Data REST根据用户过滤数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!