Nov 20th, 2012, 08:46 PM
What is the Roo way to display all related entities of the logged in user?
I am new to Roo and trying to create an application that will display all entities related to the currently logged in user. I have a Person entity and have enabled basic spring security to allow a Person to log in. A Person can have Courses, Teams, and Messages associated with them. Is there any way for Roo to create the functionality of when a Person logs in, they see only their Teams, their Messages, and their Courses? Also, I need the ability for the admins to see all of these entities regardless of whether they are associated with that particular admin. Thanks.
Last edited by chrism87; Nov 20th, 2012 at 09:27 PM.
Nov 26th, 2012, 07:56 PM
Nov 28th, 2012, 10:06 AM
No Roo-inspired way to do it that I know of, but you can modify your controller methods to obtain the current user (simply add "Authentication auth" to the controller method's signature and Spring will load it up with the current user's Authentication object if user is logged in), and then modify your queries to restrict db retrievals to the user's own objects.
You need to push a lot of methods from your .aj files in to do it this way. Although you might be able to write a Roo plug-in to make these modifications for you.
Nov 28th, 2012, 10:14 AM
Thanks Mikej. I considered this approach but thought it would require more modifications than I wanted to make. After some research, I think I am going to create a custom permissionEvaluator, and use the @PostFilter() anno on the list methods to filter out the results. Is this a viable approach?
Nov 28th, 2012, 10:44 AM
I had issues last year getting that annotation to work with a Roo-generated app, but if you're using recent Spring releases (such as with a recent Roo) I think it should be fine. And if it works I think the approach is fine.
Of course the drawback is that on large lists your db will retrieve everything from the table or joined tables (everything!), and spring will iterate through the list to pop the bad ones and keep everything else, which might just be a few lonely records.
You might also do it on the show and delete and update methods so crafty user's can 't modify other user's objects.
Dec 6th, 2012, 07:58 PM
So I am attempting to implement the use of the @PostFilter annotation on my Roo generated findAll Service method. I am getting an UnmodifiableCollection exception because apparently Hibernate returns un-mutable collections and PostFilter wont work. Is there any fix to this besides iterating through the collection and copying it to a new modifiable collection before the PostFilter anno is applied?