Package nl.datasteel.crudcraft.runtime.security.row

Class OwnerBasedRowSecurity<T>

java.lang.Object
nl.datasteel.crudcraft.runtime.security.row.OwnerBasedRowSecurity<T>
Type Parameters:
T - the entity type
All Implemented Interfaces:
RowSecurityHandler<T>
public class OwnerBasedRowSecurity<T> extends Object implements RowSecurityHandler<T>
A row-level security handler that restricts access to entities based on an ownerId field. Only entities where the owner field matches the current authenticated user's ID are visible or mutable.

  • Constructor Details

    • OwnerBasedRowSecurity

      public OwnerBasedRowSecurity(Supplier<UUID> userIdSupplier)
      Creates a handler using ownerId as the default field name.

    • OwnerBasedRowSecurity

      public OwnerBasedRowSecurity(String ownerField, Supplier<UUID> userIdSupplier)
      Creates a handler using a custom field name.
      Parameters:
      ownerField - the name of the field representing the owner

  • Method Details

    • rowFilter

      public org.springframework.data.jpa.domain.Specification<T> rowFilter()
      Builds a row-level specification that only allows access to entities where the ownerField equals the current user ID.
      Specified by:
      rowFilter in interface RowSecurityHandler<T>
      Returns:
      the row-level security filter

    • apply

      public void apply(T entity)
      Ensures that the entity's owner matches the current user, or sets it if not yet assigned.
      Specified by:
      apply in interface RowSecurityHandler<T>
      Parameters:
      entity - the entity to secure
      Throws:
      IllegalStateException - if reflection fails
      AccessDeniedException - if the current user is not allowed to mutate this entity