Mar 12th, 2012, 07:17 AM
Is Roo really for real world applications?
Is Roo really used for real world applications or its just for PoC's??
I am asking this because I have been wondering how do I build a production ready application. To start with I too the pet clinic sample application added spring security to it to have different roles. Now I can log in as pet owner and admin.
But the problem is all pet owners see all pets. I don't want this. I want to show owners the pet that belong to them and not other owners. How do I achieve this?
Can someone help me on this please..
Mar 12th, 2012, 04:19 PM
Asking if Roo real world ready, and can it do row level security are two separate questions... I'll avoid answering the first one, but give you a suggestion for the second :-)
Spring Security has the ability to do row level security by using expressions, so you can add an expression to check for example 'was this record created by this user?' - the docs here describe how:
Feature was added here: https://jira.springsource.org/browse/SEC-999
Docs describe Expression based access here: http://static.springsource.org/sprin...el-access.html