Say I am creating an web application mypets and I have two entities User and Pet. A User can ha开发者_开发技巧ve many Pets. When I scaffold the Pet entity the menu.jspx allows updates and deletes Pets of other users.
Is there a way to restrict access to Pet entities to Users who create them?
Yes, you can use Spring Security addon for this. There will be a little bit of tinkering you will have to do.
First you will need to have a field for each Pet to contain the User who created it. Use a method with @PrePersist
to set the logged in user details to store this information.
Then you will have to create a finder to list all the Pets that were created by the User.
Modify the Roo generated controller to list elements using the new finder you created, and pass the User argument taking from the logged in User.
That will do.
Cheers and all the best with Roo.
精彩评论