因此,让我们假设我们有一家销售保险单的公司。 许多代理可以看到一个策略,但是每个代理在每个策略上都有自己的角色,因此他应该只能看到有限的数据。
@FilterableResource(fieldWithRole = "role") //my annotation @JsonFilter("filterable") inside
public class Policy {
private String number;
@FilterByRole(role = "MAIN_AGENT") //only for main
private String cost;
@FilterByRole(role = "MAIN_AGENT") //only for main
private Person insurer;
private Person insured;
@JsonIgnore
private String role; // for no one
}
public class Person {
private String name;
@FilterByRole(role = "MAIN_AGENT")
private String mobile; //only for main
}
这些策略是从代理X的简单其余端点/ api / policies示例结果返回的:
[
{
"number": "123","cost": 123000,"insurer": [{"name": "John","mobile": "443456434"}],"insured": [{"name": "Jey","mobile": "13124124234"}],"role": "MAIN_AGENT"
},{
"number": "321","cost": 321000,"insurer": [{"name": "Betty","mobile": "14212442"}],"insured": [{"name": "Frank","mobile": "32523523"}],"role": "AGENT"
}
]
结果应根据我的注释过滤到:
[
{
"number": "123",},"insured": [{"name": "Frank"}],}
]
所以我发现我可以在使用jackons filter发送回来之前过滤它们(这就是为什么我使用JsonFilter的原因)。 灵感来自@JsonView(Role.class),但问题在于每个字段都不基于身份验证上下文(永远不变) 但就我而言,它是基于每个策略对象的,这就是为什么我引入了附加的FilterableResource的原因,它将为我提供每个策略的价值。
我的杰克逊滤镜看起来像:
private SimpleBeanPropertyFilter filter() {
return new SimpleBeanPropertyFilter() {
@Override
public void serializeAsField(Object pojo,JsonGenerator jgen,SerializerProvider provider,PropertyWriter writer) throws Exception {
String resourceMandatoryRole = getRoleBasedOnFilterableAnnotation(pojo);
List<String> fieldMandatoryRoles = getRoleBasedOnFilterByAnnotation(writer);
if (fieldMandatoryRoles.isEmpty() || fieldMandatoryRoles.contains(resourceMandatoryRole) ) {
super.serializeAsField(pojo,jgen,provider,writer);
}
}
};
}
它甚至可以工作,但不幸的是,它仅适用于根级别,它不能进入人类,而且这只是我的问题的预览,我有许多嵌套对象的情况要复杂得多:
- 最好不要创建另一个标有@GoInside的注释来帮助进入子类
- 我不想将这些扩展名用于JsonFilter进行字段子排除,因为它们看起来像@JsonFilter(“ Object.Object.Object.Object.field”)
有什么想法吗?