Spring Boot REST: Filter results depending on user role

Question

I am building a rest backend with authentication and different roles. Now the problem is, that I like to filter, the result depending on the user role.

I don't have implemented the controller myself, instead, I am using the PagingAndSortingRepository Inferface, this is working pretty well. What I am looking for is something similar to this python-django method.

The solution must conform to the REST pattern.

To make this clearer, here is an example:

Let’s say I have two users, user A is a normal user with the role "user". User B is an admin with the role "admin".

There is a Database table, in which the userData are stored. The table looks like the following.

| ID | username | name | email |

Both of them are sending a simple authenticated GET request to /userData.

Now my backend detects based on the authentication header the users and add the roles.

Now depending on the role, the user A should only get an answer which contains his personal data, user B should get all data which are accessible through /userData.

Response for user A:

{
   "res":[
      {
         "id":1,
         "username":"userA",
         "name":"A",
         "email":"userA@mail.com"
      }
   ]
}

Response for user B:

{
   "res":[
      {
         "id":1,
         "username":"userA",
         "name":"A",
         "email":"userA@mail.com"
      },
      {
         "id":2,
         "username":"userB",
         "name":"B",
         "email":"userB@mail.com"
      },
      {
         "id":3,
         "username":"userC",
         "name":"C",
         "email":"userC@mail.com"
      }
   ]
}

Spring Boot REST: Filter results depending on user role

Answers (1)

Related Questions