Defining endpoint security through JDL

[SpiralUp]

Overview of the feature request

When creating an application through JHipster, it is necessary to manually adjust the security on the generated endpoints. This could be avoided if security was defined through JDL and then generated. An example of a possible definition in JDL:

  secure _Entity_ with roles {
       ROLE_ADMIN allows (GET, PUT, POST, DELETE)
       ROLE_USER allows (GET)
  }

This should be reflected in the generation of EntityResource and EntityResourceIT.

I already have an implementation for this, so I can share it ...

Motivation for or Use Case

Now, security has to be added manually on endpoints that are generated and unit tests have to be refined manually. It seems to me that this is the most common refinement over the generated code.

Related issues or PR

• [X] Checking this box is mandatory (this is just to show you read everything)

[gmarziou]

Interesting, were you able to reflect this into the API documentation?

[SpiralUp]

I just added a comment to the source code:

  // Security is enabled on this entity

  // Security type = roles

  // GET:    "ROLE_ADMIN", "ROLE_USER"

  // PUT:    "ROLE_ADMIN"

  // POST:   "ROLE_ADMIN"

  // DELETE: "ROLE_ADMIN"

but it's a good suggestion to make it visible in the API documentation as well - it shouldn't be hard ...

[DanielFran]

@SpiralUp Are you available to contribute with a PR?

[SpiralUp]

I'm available to contribute with a PR...

[github-actions[bot]]

This issue is stale because it has been open for too long without any activity. Due to the moving nature of jhipster generated application, bugs can become invalid. If this issue still applies please comment otherwise it will be closed in 7 days

[github-actions[bot]]

This issue is stale because it has been open for too long without any activity. Due to the moving nature of jhipster generated application, bugs can become invalid. If this issue still applies please comment otherwise it will be closed in 7 days