I have one DocumentEntityProxy with the following methods :
String getAttribute1();
void setAttribute1(String s);
String getAttribute2();
void setAttribute2(String s);
String getAttribute3();
void setAttribute3(String s);
What I want to achieve is that if you are a standard user you can only use getAttribute1() and setAttribute1() if you are an admin user you can use all methods. In this example I have only three attributes and 2 different kind of users but in a real project there are a lot more of course.
What is the best way to achieve that ?
Thanks in advance for your help.
You could work with inhertance:
class UserEntity {
String getAttribute1() { }
void setAttribute1(String s) { }
}
class AdminEntity extends UserEntity {
String getAttribute2() { }
void setAttribute2(String s) { }
}
And the proxies:
@ProxyFor(UserEntity.class)
interface UserEntityProxy extends EntityProxy {
String getAttribute1();
void setAttribute1(String s);
}
@ProxyFor(AdminEntity.class)
interface AdminEntityProxy extends UserEntityProxy {
String getAttribute2();
void setAttribute2(String s);
}
To secure access to the entity types you can have two finder methods (returning userEntity or adminEntity) and limit access to the methods in back-end, e.g. with SpringSecurity's @Secured annotation.