Closed bglamadrid closed 3 years ago
Hi @bglamadrid ,
I'm interested in this feature. Could you please assign this to me?
Okay @trangntt-016 I'm assigning to you. Have fun! And don't hesitate to ask any questions you may have.
Hi @bglamadrid
Thanks for giving me a chance. To solve this issue, I think Im going to add a Principal to the delete public void delete(Principal principal, @PathVariable String name)
and then check if name is the current user. However, adding Principal will affect delete () in other classes such as Seller. I wonder if there are any better approach to make fewer changes.
Also, I see there are some getters and setters, do you mind if I replace them with @Data?
@trangntt-016
However, adding Principal will affect delete () in other classes such as Seller. I wonder if there are any better approach to make fewer changes.
In the DataUsersController, you can try creating that method as-new, let it do its checks and then call the former method when all checks are passed. You'll also have to move relevant annotations to the new method, so that the REST API is mapped and restricted accordingly.
Also, I see there are some getters and setters, do you mind if I replace them with @DaTa?
I'm not sure which ones are you referring to, can you elaborate please?
@bglamadrid
In the DataUsersController, you can try creating that method as-new, let it do its checks and then call the former method when all checks are passed. You'll also have to move relevant annotations to the new method, so that the REST API is mapped and restricted accordingly.
Thank you for your instruction. I think it's a good solution 😄 . However, one question came into my mind is that is it still okay to throw an exception (User cannot delete herself) in the controller (because we cannot modify the crudService.delete(String name), right?)
I'm not sure which ones are you referring to, can you elaborate please?
public class UserRole
implements Serializable {
private static final long serialVersionUID = 1L;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Basic(optional = false)
@Column(name = "user_role_id")
private Long id;
@Basic(optional = false)
@Size(min = 1, max = 50)
@Column(name = "user_role_name")
private String name;
public UserRole(UserRole source) {
this.id = source.id;
this.name = source.name;
}
public UserRole() { }
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
Not sure but I think all those getters() and setters() can be done with @Data 💭 🤔 ❔
@bglamadrid
In the DataUsersController, you can try creating that method as-new, let it do its checks and then call the former method when all checks are passed. You'll also have to move relevant annotations to the new method, so that the REST API is mapped and restricted accordingly.
Thank you for your instruction. I think it's a good solution 😄 . However, one question came into my mind is that is it still okay to throw an exception (User cannot delete herself) in the controller (because we cannot modify the crudService.delete(String name), right?) Yeah, the idea is to cancel the action AND warn the user. Raising some exceptions will in turn make the API respond with proper status codes an message to the consumer. There's a
@ControllerAdvice
class around that maps these exceptions to said status codes and messages.public class UserRole implements Serializable { private static final long serialVersionUID = 1L; @Id @GeneratedValue(strategy = GenerationType.IDENTITY) @Basic(optional = false) @Column(name = "user_role_id") private Long id; @Basic(optional = false) @Size(min = 1, max = 50) @Column(name = "user_role_name") private String name; public UserRole(UserRole source) { this.id = source.id; this.name = source.name; } public UserRole() { } public Long getId() { return id; } public void setId(Long id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; }
Not sure but I think all those getters() and setters() can be done with @DaTa 💭 🤔 ❔
Oh I see what you mean by @Data
now; the lombok project's annotation-based code generation. I had forgotten it existed!
While it does help a lot to reduce lines of code, I'm not sure it's a good moment to add it since the API, and for instance, this backend, are subject to change in the foreseeable future. And it will include changes in some of these classes. Plus, I'm not sure how lombok abides when it comes to navigating method calls for one of those getters/setters.
While it does help a lot to reduce lines of code, I'm not sure it's a good moment to add it since the API, and for instance, this backend, are subject to change in the foreseeable future. And it will include changes in some of these classes. Plus, I'm not sure how lombok abides when it comes to navigating method calls for one of those getters/setters.
Yeah thanks for your insight @bglamadrid, I need to think about this before using @Data in the future
When a user tries to delete any account using the Data API, if the target account is their own, the action should be denied.