I'm trying to secure a method with the following logic:
The object being saved has a collection of Moderators, with an Account object. I'm trying to match the id of the Account with the logged in user (I have a custom UserDetails User object with id field).
@PreAuthorize("hasRole('admin') or #object.moderators.?[#this.account.id == principal.id].size() == 1")
public void updateObject(Object object)
However when trying to access the method I see the follow error in the log:
org.springframework.expression.spel.SpelEvaluation Exception: EL1008Epos 15): Field or property 'principal' cannot be found on object of type 'com.test.schema.entities.Moderator'
It's trying to evaluate principal as a property of the collection object? Is there a correct way of writing this logic?