1

My question is that I have a java spring application using input and output DTO with several fields, besides I have an api to update my data models using this DTO. My input DTO is something like this:

@Getter
@Setter
public class UpdateUser extends AbstractPortable {

@NotNull
@Size(min = 5, max = 255)
private String address;

@Size(min = 1, max = 10)
@Pattern(regexp = "^[0-9]*$")
private String birthCertificateNumber;

@Size(min = 1, max = 2)
@Pattern(regexp = "^[0-9]*$")
private String birthCertificateSeriesNumber;

@Past
@Schema(description = "{\"validators\":[\"age > 18\"]}")
private LocalDateTime birthDate;

@Size(min = 3, max = 50)
private String englishCompanyName;

@Size(min = 3, max = 255)
private String description;

@NotNull
@Pattern(regexp = "^(.+)@(\\S+)$")
private String emailAddress;

@Size(min = 3, max = 50)
private String englishFatherName;

@Pattern(regexp = "^[1-9][0-9]{3,7}$")
private String faxNumber;

@Size(min = 3, max = 50)
private String englishFirstName;

@Size(min = 3, max = 50)
private String englishLastName;

@NationalCode
private String nationalCode;

@Future
@Schema(description = "{\"validators\":[\"passportExpireDate < now\"]}")
private LocalDateTime passportExpireDate;

@NotNull
@Pattern(regexp = "^(?!^0+$)[a-zA-Z0-9]{3,20}$\n")
private String passportNumber;

@PastOrPresent
private LocalDateTime registerDate;

@Pattern(regexp = "^[1-9][0-9]{3,7}$")
private String telephoneNumber;

private Reference<Long> residenceCity;

private Reference<Long> birthCountry;

}

The problem is that I want to limit updating on this DTO's based on my access controls... I just want user not to see some fileds based on their access level. I dont want to tell the UI team not to show some fields to the user and I want to pass this limitation to UI from my business side. The final point is that I check user token to control access control. How can I create a dynamic DTO based on access control? What is the best practice to implement this?

Nahid Bandi
  • 428
  • 1
  • 4
  • 23
  • maybe this contains something you can use https://stackoverflow.com/questions/35558218/jackson-jsonignore-fields-based-on-spring-security-roles – Amir Schnell Dec 16 '20 at 10:13
  • You are already using annotations, so why not continue down that path? Create field level annotation that takes the access control as a value, and using reflection get the applicable fields based on what the access level is. – jokarl Dec 16 '20 at 10:15
  • @jokarl can you provide me with an example how I can include my access level in annotation. I check token to control access level. I will be really thankful for your help, – Nahid Bandi Dec 16 '20 at 10:33
  • @NahidBandi if the answer above mine is of no help I can write a quick example. Could you updated your question with code on how you handle the access control? Is it an enum? String value? I'm not too familiar with Spring – jokarl Dec 16 '20 at 10:35
  • @AmirSchnell the problem with this solution is that we cannot apply multiple view for the same controller. I want the same controller to have different behaviors based on access controls.... I will appreciate any suggestion or help. – Nahid Bandi Dec 16 '20 at 10:38

0 Answers0