Raging Goblin

18 March 2013

Spring Roo 3: Show only items belonging to logged in user

Filed under: Java,Spring Roo — Raging Goblin @ 11:57
Tags: ,

In post 1 we created a simple log application that is capable of storing messages in a database. In post 2 we gained a little privacy with the introduction of Spring Security. However, every post is visible for every logged in user, no matter if you are the creator of that message or not. In this post we are going to remedy that.

In order to show only the posts for the user that is actually logged in, we need 2 things. First we need access to the user that is currently logged in, and second, we need the possibility to search for items belonging to a particular user. To start with the latter, we need finder methods. The command

finder list

will show you the available finder methods. Perform the following commands to add the appropriate finder methods:

focus --class ~.domain.LogUser
finder add findLogUsersByUsernameEquals
focus --class ~.domain.LogItem
finder add findLogItemsByLogUser

If you look into LogUser.java and LogItem.java you will see the finder methods added.

In order to filter for the displayed LogItems we have to move some functionality from the LogItemController_Roo_Controller aspect (LogItemController_Roo_Controller.aj) to the LogItemController_Roo_Controller (LogItemController_Roo_Controller.java). Copy the entire method LogItemController.list from the aspect file to the controller file and rename it to list. Spring Roo will notice this and remove the method from the aspect. We can get the username of the logged in user from the apllication context and use this as starting point to get only the logitems from the logged in user:

@RequestMapping(produces = "text/html")
public String list(@RequestParam(value = "page", required = false) Integer page, @RequestParam(value = "size", required = false) Integer size, Model uiModel) {
   String username = SecurityContextHolder.getContext().getAuthentication().getName();
   List<LogUser> logUserList = LogUser.findLogUsersByUsernameEquals(username).getResultList();
   if(!logUserList.isEmpty()) {
      LogUser user = logUserList.get(0);
      List<LogItem> resultList = LogItem.findLogItemsByLogUser(user).getResultList();
      uiModel.addAttribute("logitems",resultList);
   }
   addDateTimeFormatPatterns(uiModel);
   return "logitems/list";
}

You can now add items till kingdom come but they will never show up in the list because they do not belong to the logged in user. We fix this by moving the method LogItemController.create from the aspect to the controller and changing it to:

@RequestMapping(method = RequestMethod.POST, produces = "text/html")
public String create(@Valid LogItem logItem, BindingResult bindingResult, Model uiModel, HttpServletRequest httpServletRequest) {
    if (bindingResult.hasErrors()) {
        populateEditForm(uiModel, logItem);
        return "logitems/create";
    }
        
    String username = SecurityContextHolder.getContext().getAuthentication().getName();
    List<LogUser> logUserList = LogUser.findLogUsersByUsernameEquals(username).getResultList();
    if(!logUserList.isEmpty()) {
    	LogUser user = logUserList.get(0);
    	logItem.setLogUser(user);
    }
    uiModel.asMap().clear();
    logItem.persist();
    return "redirect:/logitems/" + encodeUrlPathSegment(logItem.getId().toString(), httpServletRequest);
}
Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: