...
| Code Block | ||
|---|---|---|
| ||
public class EnrollmentService {
private static final AuthEvaluator SELF_ADMIN_OR_STUDY_RESEARCHER =
AuthUtils.canAccessStudy().inRole(RESEARCHER).or()
.inAnyRole(ADMIN, SUPERADMIN).or()
isSelf();
public PagedResourceList<EnrollmentDetail> getEnrollments(...) {
SELF_ADMIN_OR_STUDY_RESEARCHER.checkAndThrow("studyId", studyId, "userId", userId);
}
public Enrollment enroll(...) {
SELF_ADMIN_OR_STUDY_RESEARCHER.checkAndThrow("studyId", studyId, "userId", userId);
}
public void updateEnrollment(...) {
SELF_ADMIN_OR_STUDY_RESEARCHER.checkAndThrow("studyId", studyId, "userId", userId);
}
public Enrollment unenroll(...) {
SELF_ADMIN_OR_STUDY_RESEARCHER.checkAndThrow("studyId", studyId, "userId", userId);
}
} |
Pros:
Easier to implement and understand at this point, when compared with overriding Spring Security’s implementation classes
Arguably, easier to understand because it’ll only contain what it necessary for our application (as opposed to Spring which is always more complicated because it can handle anything, including future requirements).
...