英文:
role based creation of users in Spring boot
问题
我有三个实体:User(用户)、Institution(机构)和Role(角色)。
1) User与Institution之间是一对多关系。
2) User与Role之间是多对多关系。
-------User-------
@Entity
@Table(name = "user")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name="user_Id")
private int userId;
@Column(name="name")
private String name;
@Column(name="lastname")
private String lastname;
@Column(name="email")
private String email;
@Column(name="password")
private String password;
@Column(name="isActive")
private boolean isActive;
@Column(name="lastActive")
private String lastActive;
@Column(name="createdDate")
private String createdDate;
@Column(name="isBlocked")
private boolean isBlocked;
@ManyToOne(fetch = FetchType.LAZY, optional = false)
@JoinColumn(name = "institution_id", nullable = false)
@JsonIgnoreProperties(value = {"user"})
private Institution institution;
@ManyToMany(fetch = FetchType.LAZY)
@JoinTable(name = "user_has_role",
joinColumns = {
@JoinColumn(name = "user_id", referencedColumnName = "user_id",
nullable = false, updatable = true)},
inverseJoinColumns = {
@JoinColumn(name = "role_id", referencedColumnName = "role_id",
nullable = false, updatable = true)})
@JsonIgnoreProperties(value = {"users"})
private Set<Role> roles = new HashSet<>();
}
-------Institution-------
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@ToString
@Entity
@Table(name = "institution")
public class Institution {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name="institution_Id")
private int institutionId;
@Column(name="name")
private String name;
@Column(name="type")
private String type;
@Column(name="location")
private String location;
@OneToMany(mappedBy = "institution", fetch = FetchType.LAZY)
@JsonIgnoreProperties(value = {"institution" , "user"})
private Set<User> user;
}
-------Role-------
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@ToString
@Entity
@Table(name = "role")
public class Role {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name="role_Id")
private int roleId;
@Column(name="name")
private String name;
@Column(name="description")
private String description;
@ManyToMany(mappedBy = "roles", fetch = FetchType.LAZY)
@JsonIgnoreProperties(value = {"roles"})
private Set<User> users = new HashSet<>();
}
这些是我的三个实体和MySQL中的表格。
我有7个角色:
• Super-User(超级用户)
• Bank-Admin(银行管理员)
• Bank-Support(银行支持)
• Bank-Service(银行服务)
• Merchant-Admin(商家管理员)
• Merchant-Support(商家支持)
• Merchant-service(商家服务)
超级用户可以创建任何角色的用户。
@PostMapping("/addUser")
public String addUser(@RequestBody User user) {
String rawpassword = user.getPassword();
String encodedpasswrod = passwordencoder.encode(rawpassword);
user.setPassword(encodedpasswrod);
userrepository.save(user);
return "user saved with name: " + user.getName();
}
此API可以正常工作,并且我可以在API的JSON请求体中设置用户的角色。
但是,我希望如果用户是银行管理员(Bank-Admin),则只能创建Bank-Support和Bank-Service角色的用户。
我尝试创建一个新的API,该API只能创建具有这两个特定角色的用户,
并限制银行管理员访问另一个可以创建任何类型用户的API。
有其他方法可以实现吗?如果没有,我应该如何做到这一点...
英文:
i have Three entities User, Institution and Role.
1)one to many between user and institution
2)and many to many between User and Role
-------user-------
@Entity
@Table(name = "user")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name="user_Id")
private int userId;
@Column(name="name")
private String name;
@Column(name="lastname")
private String lastname;
@Column(name="email")
private String email;
@Column(name="password")
private String password;
@Column(name="isActive")
private boolean isActive;
@Column(name="lastActive")
private String lastActive;
@Column(name="createdDate")
private String createdDate;
@Column(name="isBlocked")
private boolean isBlocked;
@ManyToOne(fetch = FetchType.LAZY, optional = false)
@JoinColumn(name = "institution_id", nullable = false)
@JsonIgnoreProperties(value = {"user"})
private Institution institution;
@ManyToMany(fetch = FetchType.LAZY)
@JoinTable(name = "user_has_role",
joinColumns = {
@JoinColumn(name = "user_id", referencedColumnName = "user_id",
nullable = false, updatable = true)},
inverseJoinColumns = {
@JoinColumn(name = "role_id", referencedColumnName = "role_id",
nullable = false, updatable = true)})
@JsonIgnoreProperties(value = {"users"})
private Set<Role> roles = new HashSet<>();
}
-------institution-------
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@ToString
@Entity
@Table(name = "institution")
public class Institution {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name="institution_Id")
private int institutionId;
@Column(name="name")
private String name;
@Column(name="type")
private String type;
@Column(name="location")
private String location;
@OneToMany(mappedBy = "institution", fetch = FetchType.LAZY)
@JsonIgnoreProperties(value = {"institution" , "user"})
private Set<User> user;
}
-------role-------
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@ToString
@Entity
@Table(name = "role")
public class Role {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name="role_Id")
private int roleId;
@Column(name="name")
private String name;
@Column(name="description")
private String description;
@ManyToMany(mappedBy = "roles", fetch = FetchType.LAZY)
@JsonIgnoreProperties(value = {"roles"})
private Set<User> users = new HashSet<>();
}
Those are my 3 entities and tables in MySql
i have 7 roles
• Super-User
• Bank-Admin
• Bank-Support
• Bank-Service
• Merchant-Admin
• Merchant-Support
• Merchant-service
The super-User can create a user of any role
@PostMapping("/addUser")
public String addUser(@RequestBody User user) {
String rawpassword = user.getPassword();
String encodedpasswrod = passwordencoder.encode(rawpassword);
user.setPassword(encodedpasswrod);
userrepository.save(user);
return "user saved with name: " + user.getName();
}
this api works and i can set the role to anything in my api json body
But want that if the User is Bank-Admin he can only create Bank-Support and Bank-Service
im trying to create a new API which can only create a user with those 2 specific roles.
and then restrict the bank admin to access the other API that can create users of any kind.
is there any other way to do it and if no how can i do that...
答案1
得分: 1
你必须实现自定义的用户权限管理功能。
例如,根据登录人员,您将获得该登录人员的角色,然后根据您的标准进行验证,比如检查他正在尝试添加的实体是否有资格创建它。
Map<String, List<String>> roleUserAccessMap = new HashMap<>();
roleUserAccessMap.put("Bank-Admin", Arrays.asList("Bank-Support", "Bank-Service"));
只需像下面这样进行检查:
String loginPersonRole = "Bank-Admin"; //此值应从已登录人员的上下文中获取
if (roleUserAccessMap.containsKey(loginPersonRole) && roleUserAccessMap.get(loginPersonRole).contains(newuserrole)) {
//继续进行 Add API 操作
} else {
System.out.println("您没有足够的权限来创建用户");
}
这将对您有所帮助。
英文:
You have to implement your custom implementation of User Entitlement.
Like according to login person, you will get that login person role, and according to your criteria just put validation like check that entity he is trying to add is he eligible to create it.
Map<String, List<String>> roleUserAccessMap = new HashMap<>();
roleUserAccessMap.put("Bank-Admin", Arrays.asList("Bank-Support", "Bank-Service"));
Just check like below
String loginPersonRole="Bank-Admin"; //This value should get from logged-in person context
if(roleUserAccessMap.containsKey(loginPersonRole) && roleUserAccessMap.get(loginPersonRole).contains(newuserrole) ){
//proceed ahead with Add api
}else{
System.out.println("You do not have enough privileage to create Use");
}
This will help you.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论