I am looking for a spring based solution for this problem. I have solved this in crude way but looking for better solution.
I have a client server architecture application. Based on user permission, I am able to : get list of fields for loggedin user which he is not permitted to write. get list of fields for loggedin user which he is not permitted to read.
Now, how can I verify that the object to be written into database is as per user permission in an efficient way. I can iterate over fields, check if its value is different from that stored in db and reject accordingly. Is there any effecient way ?
Example:
One domain entity "Account" which is stored in MongoDB.
class Account {
String name;
String email;
String mobile;
}
Corresponding DTO Object to be returned to client
class AccountDto {
String name;
String email;
String mobile;
}
Two User -> User A, User B
Scenario: User A can edit [ name ] but not email, mobile. User A can view [name, email] but not mobile.
How can I design to return only those field which he is permitted to view. I donot want to create numerous DTO based on every user permission.
How can I write a code to check that the Object to be written to database is valid as per permission assigned to loggedin user. I dont want to iterate over fields and check field permission and then discard. Expensive operation.
My solution: Whenever user is going to write to db, I can fetch the existing record , compare with the record he is going to write and reject if field value is changed if he has not that permission. But this adds DB read cost and is not that generic solution.