Closed feroult closed 8 years ago
@luanpotter, I think yours is nice approach and should be used where needed.
Following your code, I've thought something like:
@Override
public void create(List<Entity> entities) {
for (Entity e : entities) {
e.shield(this);
// or
e.allow(this);
}
denyWith(403);
}
But I don't know... Your approach seems better at a first glance.
You're going to stay with HttpException
;)
Currently one could simply throw a HttpException; I often do the following:
Where the validate method throws a
422
with proper errors when the validation fails.I think one other possibility would be to have a
disallowWithError(int, String)
method in theShieldBase
(analogous toHttpException
's constructor). But I'm not sure that is really necessary. Also, it would be confusing if it were to be called twice with different status code. Or with2xx
codes. Though I guess you can throw a 200 HttpException anyway.What do you have in mind, @feroult?