Page 1 of 1

Custom entity and limiting visibility of it and related entities to regular users

Posted: Thu Feb 16, 2017 8:59 am
by labedzkim
Hi All,
please guide me on how to solve my issue which I'll try to describe as short as possible below.

In my admin application there are two groups of users, each having a role defined: admins and regular users. I'got a custom entity that represents an access-right for paricular product granted to a parcirular regular user. That grant is implemented as an associative table for a user, product and order.

My current state is that being a customer I can select an order, customer and product, then I can add a new grant. Now I'm going to restrict a regular user so that he/she can choose (look up) only from a limited set. Then I'll need to restrict the user to see only those grants that he/she has created.

How should I do it?

Maciej

Code: Select all

@Entity
@Table(name = "FOOD_PRODUCT_GRANT")
@AdminPresentationClass(friendlyName = "Product Grant")
public class FoodieProductGrant implements Serializable {

    @Id
    @GeneratedValue(generator = "FoodieProductGrantId")
    @GenericGenerator(
            name = "FoodieProductGrantId",
            strategy = "org.broadleafcommerce.common.persistence.IdOverrideTableGenerator",
            parameters = {
                    @Parameter(name = "segment_value", value = "FoodieProductGrant"), @Parameter(name = "entity_name",
                    value = "eu.foodieproject.core.catalog.domain.FoodieProductGrant")
            })
    @Column(name = "PRODUCT_GRANT_ID")
    private Long id;

    @ManyToOne(targetEntity = FoodieProduct.class, optional = false)
    @JoinColumn(name = "FOODIE_PRODUCT_ID", nullable = false)
    @AdminPresentation(friendlyName = "ProductImpl_baseProduct", group = "Details",
            order= 3, groupOrder = 1000, prominent = true)
    @AdminPresentationToOneLookup
    private FoodieProduct foodieProduct;

    @ManyToOne(targetEntity = CustomerImpl.class, optional=false)
    @JoinColumn(name = "CUSTOMER_ID", nullable = false)
    @AdminPresentation(friendlyName = "OrderImpl_Customer", group = "Details",
            order= 2, groupOrder = 1000, prominent = true)
    @AdminPresentationToOneLookup()
    protected Customer customer;


    @Where(clause = "WHERE ORDER_STATUS = 'SUBMITTED'")
    @ManyToOne(targetEntity = OrderImpl.class, optional=false)
    @JoinColumn(name = "ORDER_ID", nullable = false)
    @AdminPresentation(friendlyName = "OrderImpl_baseOrder", group = "Details",
            order= 1, groupOrder = 1000, prominent = true)
    @AdminPresentationToOneLookup()
    protected Order order;
}

Re: Custom entity and limiting visibility of it and related entities to regular users

Posted: Tue Jul 25, 2017 2:59 pm
by phillipuniverse
It looks like that you want to customize row-level security. We have a well-defined hook point for that at https://www.broadleafcommerce.com/docs/ ... l-security.

If you associate the admin user that created the entity (e.g. add an @EntityListener({AdminAuditable.class} along with an @Embedded property for an AdminAuditable) then it will automatically populate the properties on it for you whenever modifications happen in the admin.

The Broadleaf forums are being retired as a readonly archive of questions. For active discussions and questions, check out the broadleaf-commerce tag on Stack Overflow which is actively monitored by the Broadleaf team.