What tip would you give when for example a user can not access an X object?
For example:
URL: / student / {id}
The user who is DIRECTOR of a school has access to the profile of all the students of the school that he is director The user who is a TEACHER of a school has access to the profile of all the students of the classes that he teaches
So how would I do this using SpringSecurity ?
One more thing
I have a screen where I search for students, that famous screen where there are several filters, pagination and etc. There I also wanted to do something like the above requirement (from the URL).
I would want that in the search screen when the user was a teacher, the list would appear only the students of the classes he teaches and when he directs the school he directs. I thought of an interesting way, but I do not know how to inject the correct implementation at the time of creating the MVC Controller.
Example:
public interface AlunoRepository {
public List<Aluno> getAlunoByParams(Map<String, Object> params, int offset, int size);
}
Now follow the specific implementations for each PROFILE
Teacher specific implementation profile
public class AlunoRepositoryImpl4Professor implements AlunoRepository {
public List<Aluno> getAlunoByParams(Map<String, Object> params, int offset, int size){
return // retorna uma lista somente dos alunos das turmas que ele seleciona de acordo com os parametros
}
}
Implementation Specific to Director Profile
public class AlunoRepositoryImpl4Diretor implements AlunoRepository {
public List<Aluno> getAlunoByParams(Map<String, Object> params, int offset, int size){
return // retorna uma lista somente dos alunos da escola que ele dirige de acordo com os parametros
}
}
Controller
@Controller
public class AlunoController {
@AutoWired
private AlunoRepository repository; // como injetar o AlunoRepository de acordo com o perfil que esta sendo utilizado aqui?
@GET
public List<Alunos> query(Map<String, Object> params, int offset, int size){
return repository.getAlunoByParams(params, offset, size);
}
}