Page 1 of 1

Custom entity and limiting visibility of it and related entities to regular users

Posted: Thu Feb 16, 2017 8:59 am
by labedzkim
Hi All,
please guide me on how to solve my issue which I'll try to describe as short as possible below.

In my admin application there are two groups of users, each having a role defined: admins and regular users. I'got a custom entity that represents an access-right for paricular product granted to a parcirular regular user. That grant is implemented as an associative table for a user, product and order.

My current state is that being a customer I can select an order, customer and product, then I can add a new grant. Now I'm going to restrict a regular user so that he/she can choose (look up) only from a limited set. Then I'll need to restrict the user to see only those grants that he/she has created.

How should I do it?


Code: Select all

@Table(name = "FOOD_PRODUCT_GRANT")
@AdminPresentationClass(friendlyName = "Product Grant")
public class FoodieProductGrant implements Serializable {

    @GeneratedValue(generator = "FoodieProductGrantId")
            name = "FoodieProductGrantId",
            strategy = "org.broadleafcommerce.common.persistence.IdOverrideTableGenerator",
            parameters = {
                    @Parameter(name = "segment_value", value = "FoodieProductGrant"), @Parameter(name = "entity_name",
                    value = "eu.foodieproject.core.catalog.domain.FoodieProductGrant")
    @Column(name = "PRODUCT_GRANT_ID")
    private Long id;

    @ManyToOne(targetEntity = FoodieProduct.class, optional = false)
    @JoinColumn(name = "FOODIE_PRODUCT_ID", nullable = false)
    @AdminPresentation(friendlyName = "ProductImpl_baseProduct", group = "Details",
            order= 3, groupOrder = 1000, prominent = true)
    private FoodieProduct foodieProduct;

    @ManyToOne(targetEntity = CustomerImpl.class, optional=false)
    @JoinColumn(name = "CUSTOMER_ID", nullable = false)
    @AdminPresentation(friendlyName = "OrderImpl_Customer", group = "Details",
            order= 2, groupOrder = 1000, prominent = true)
    protected Customer customer;

    @Where(clause = "WHERE ORDER_STATUS = 'SUBMITTED'")
    @ManyToOne(targetEntity = OrderImpl.class, optional=false)
    @JoinColumn(name = "ORDER_ID", nullable = false)
    @AdminPresentation(friendlyName = "OrderImpl_baseOrder", group = "Details",
            order= 1, groupOrder = 1000, prominent = true)
    protected Order order;