Check authority for every field in an update requestORM Entity with many similar relationshipsClass naming...

Grade 10 Analytic Geometry Question 23- Incredibly hard

Dilemma of explaining to interviewer that he is the reason for declining second interview

Why does a metal block make a shrill sound but not a wooden block upon hammering?

Should I write a companion book/blog?

Can you earn endless XP using a Flameskull and its self-revival feature?

Why are the books in the Game of Thrones citadel library shelved spine inwards?

Lick explanation

Strange Sign on Lab Door

The effects of magnetism in radio transmissions

What flying insects could re-enter the Earth's atmosphere from space without burning up?

Why doesn't "auto ch = unsigned char{'p'}" compile under C++ 17?

Are there neural networks with very few nodes that decently solve non-trivial problems?

Slow moving projectiles from a hand-held weapon - how do they reach the target?

How would a Dictatorship make a country more successful?

A minimum of two personnel "are" or "is"?

A starship is travelling at 0.9c and collides with a small rock. Will it leave a clean hole through, or will more happen?

How to acknowledge an embarrassing job interview, now that I work directly with the interviewer?

Can we use the stored gravitational potential energy of a building to produce power?

Parsing a string of key-value pairs as a dictionary

Why does String.replaceAll() work differently in Java 8 from Java 9?

Does fast page mode apply to ROM?

Does Windows 10's telemetry include sending *.doc files if Word crashed?

If I sold a PS4 game I owned the disc for, can I reinstall it digitally?

A universal method for left-hand alignment of a sequence of equalities



Check authority for every field in an update request


ORM Entity with many similar relationshipsClass naming conventionsSingle MySQLI query to check for admin privilegesHandling Java instant Ajax request/respond with AngularUsing a Boolean method that never returns “false” to check user permissionsSecurity check using an SQL callDon't Update Every AI Every TickTic Tac Toe in Java: Runner Class Design, Using Helper Methods, and Instance VariablesIterating through every permutation of every subsetJPA method to update roles for users













0












$begingroup$


Depending on whether the caller has the right STUDENT or TEACHER (or ADMIN), I want to allow the caller to update different fields. For now, I have created the following contraption, which is kind of offensive to the eyes.



It iss also necessary to check if the caller even wants to update a field, which further complicates the code.



Any idea how I could improve this?



For some context: This is Java 8+ using Spring Security in the background.



public void update(@NonNull String uuid, @Valid @NonNull UserUpdateRequest uur) {

  UserEntity ue = userRepository.getOne(uuid);



  if (uur.getPassword() != null) {

    enforceAtLeastStudent();

    ue.setHashedAndSaltedPassword(passwordHasher.hashAndSalt(uur.getPassword()));

  }

  if (uur.getEmail() != null) {

    enforceAtLeastStudent();

    ue.setEmail(uur.getEmail());

  }



  if (uur.getBirthday() != null) {

    enforceAdminOrTeacher();

    ue.setBirthday(uur.getBirthday());

  }

  if (uur.getFamilyName() != null) {

    enforceAdminOrTeacher();

    ue.setFamilyName(uur.getFamilyName());

  }

  if (uur.getFirstName() != null) {

    enforceAdminOrTeacher();

    ue.setFirstName(uur.getFirstName());

  }

}



private void enforceAtLeastStudent() {

  authHelper.hasAnyRoleOrThrow("STUDENT", "TEACHER", "ADMIN");

}



private void enforceAdminOrTeacher() {

  authHelper.hasAnyRoleOrThrow("TEACHER", "ADMIN");

}





java spring authorization







share|improve this question











$endgroup$

















    0












    $begingroup$


    Depending on whether the caller has the right STUDENT or TEACHER (or ADMIN), I want to allow the caller to update different fields. For now, I have created the following contraption, which is kind of offensive to the eyes.



    It iss also necessary to check if the caller even wants to update a field, which further complicates the code.



    Any idea how I could improve this?



    For some context: This is Java 8+ using Spring Security in the background.



    public void update(@NonNull String uuid, @Valid @NonNull UserUpdateRequest uur) {
    
  UserEntity ue = userRepository.getOne(uuid);
    

    
  if (uur.getPassword() != null) {
    
    enforceAtLeastStudent();
    
    ue.setHashedAndSaltedPassword(passwordHasher.hashAndSalt(uur.getPassword()));
    
  }
    
  if (uur.getEmail() != null) {
    
    enforceAtLeastStudent();
    
    ue.setEmail(uur.getEmail());
    
  }
    

    
  if (uur.getBirthday() != null) {
    
    enforceAdminOrTeacher();
    
    ue.setBirthday(uur.getBirthday());
    
  }
    
  if (uur.getFamilyName() != null) {
    
    enforceAdminOrTeacher();
    
    ue.setFamilyName(uur.getFamilyName());
    
  }
    
  if (uur.getFirstName() != null) {
    
    enforceAdminOrTeacher();
    
    ue.setFirstName(uur.getFirstName());
    
  }
    
}
    

    
private void enforceAtLeastStudent() {
    
  authHelper.hasAnyRoleOrThrow("STUDENT", "TEACHER", "ADMIN");
    
}
    

    
private void enforceAdminOrTeacher() {
    
  authHelper.hasAnyRoleOrThrow("TEACHER", "ADMIN");
    
}





    java spring authorization







    share|improve this question











    $endgroup$















      0












      0








      0





      $begingroup$


      Depending on whether the caller has the right STUDENT or TEACHER (or ADMIN), I want to allow the caller to update different fields. For now, I have created the following contraption, which is kind of offensive to the eyes.



      It iss also necessary to check if the caller even wants to update a field, which further complicates the code.



      Any idea how I could improve this?



      For some context: This is Java 8+ using Spring Security in the background.



      public void update(@NonNull String uuid, @Valid @NonNull UserUpdateRequest uur) {
      
  UserEntity ue = userRepository.getOne(uuid);
      

      
  if (uur.getPassword() != null) {
      
    enforceAtLeastStudent();
      
    ue.setHashedAndSaltedPassword(passwordHasher.hashAndSalt(uur.getPassword()));
      
  }
      
  if (uur.getEmail() != null) {
      
    enforceAtLeastStudent();
      
    ue.setEmail(uur.getEmail());
      
  }
      

      
  if (uur.getBirthday() != null) {
      
    enforceAdminOrTeacher();
      
    ue.setBirthday(uur.getBirthday());
      
  }
      
  if (uur.getFamilyName() != null) {
      
    enforceAdminOrTeacher();
      
    ue.setFamilyName(uur.getFamilyName());
      
  }
      
  if (uur.getFirstName() != null) {
      
    enforceAdminOrTeacher();
      
    ue.setFirstName(uur.getFirstName());
      
  }
      
}
      

      
private void enforceAtLeastStudent() {
      
  authHelper.hasAnyRoleOrThrow("STUDENT", "TEACHER", "ADMIN");
      
}
      

      
private void enforceAdminOrTeacher() {
      
  authHelper.hasAnyRoleOrThrow("TEACHER", "ADMIN");
      
}





      java spring authorization







      share|improve this question











      $endgroup$




      Depending on whether the caller has the right STUDENT or TEACHER (or ADMIN), I want to allow the caller to update different fields. For now, I have created the following contraption, which is kind of offensive to the eyes.



      It iss also necessary to check if the caller even wants to update a field, which further complicates the code.



      Any idea how I could improve this?



      For some context: This is Java 8+ using Spring Security in the background.



      public void update(@NonNull String uuid, @Valid @NonNull UserUpdateRequest uur) {
      
  UserEntity ue = userRepository.getOne(uuid);
      

      
  if (uur.getPassword() != null) {
      
    enforceAtLeastStudent();
      
    ue.setHashedAndSaltedPassword(passwordHasher.hashAndSalt(uur.getPassword()));
      
  }
      
  if (uur.getEmail() != null) {
      
    enforceAtLeastStudent();
      
    ue.setEmail(uur.getEmail());
      
  }
      

      
  if (uur.getBirthday() != null) {
      
    enforceAdminOrTeacher();
      
    ue.setBirthday(uur.getBirthday());
      
  }
      
  if (uur.getFamilyName() != null) {
      
    enforceAdminOrTeacher();
      
    ue.setFamilyName(uur.getFamilyName());
      
  }
      
  if (uur.getFirstName() != null) {
      
    enforceAdminOrTeacher();
      
    ue.setFirstName(uur.getFirstName());
      
  }
      
}
      

      
private void enforceAtLeastStudent() {
      
  authHelper.hasAnyRoleOrThrow("STUDENT", "TEACHER", "ADMIN");
      
}
      

      
private void enforceAdminOrTeacher() {
      
  authHelper.hasAnyRoleOrThrow("TEACHER", "ADMIN");
      
}





      java spring authorization




      java spring authorization






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 13 hours ago









      200_success

      130k16153417




      130k16153417










      asked 16 hours ago









      TraubenfuchsTraubenfuchs

      41829




      41829






















          0






          active

          oldest

          votes











          Your Answer





          StackExchange.ifUsing("editor", function () {
          return StackExchange.using("mathjaxEditing", function () {
          StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
          StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
          });
          });
          }, "mathjax-editing");

          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "196"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f214539%2fcheck-authority-for-every-field-in-an-update-request%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Code Review Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          Use MathJax to format equations. MathJax reference.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f214539%2fcheck-authority-for-every-field-in-an-update-request%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Fairchild Swearingen Metro Inhaltsverzeichnis Geschichte | Innenausstattung | Nutzung | Zwischenfälle...

          Image
          ZubringerflugzeugTransportflugzeugZweimotoriges FlugzeugFairchildMilitärluftfahrzeug (Belgien)Militärluftfahrzeug (Schweden)Militärluftfahrzeug (Südafrika)Erstflug 1965 Vereinigte StaatenIATA-CodeTurbopropflugzeugUS-amerikanischenFlugzeugherstellersSwearingenFairchildSan AntonioEd SwearingenGeschäftsreiseflugzeugsSwearingen Merlin IIFairchildUSASkywest AirlinesAir WisconsinHorizon AirlinesComairWings WestAmerican Eagle AirlinesFairchild DornierAerocondeutschsprachigen LändernC-1C-2VC-3VC-4C-5C-6C-7C-8C-9KC-10C-11C-12YC-14YC-15C-17C-18C-19C-20C-21C-22C-23C-24VC-25C-26C-27C-28C-29C-31C-32C-33UC-35C-37C-38C-39C-40C-41KC-45KC-46C-143HC-144C-145C-146KC-767UC-880 Fairchild Swearingen Metro Swearingen Metroliner der Ostfriesische Lufttransport auf dem Flughafen Bremen Typ: Turbopropflugzeug Entwurfsland: Vereinigte Staaten  Vereinigte Staaten Hersteller: Fairchild/Swearingen Erstflug: 1965 Indienststellung: 1971 Produktionszeit:
          Read more

          Pilgersdorf Inhaltsverzeichnis Geografie | Geschichte | Bevölkerungsentwicklung | Politik | Kultur...

          Image
          Gemeinde im BurgenlandOrt im Bezirk OberpullendorfPilgersdorfErsterwähnung 1225 ungarischkroatischBurgenlandBezirk OberpullendorfÖsterreichZöbernbachKirchschlag in der Buckligen WeltLockenhausKatastralgemeindenNoricumkeltischen Höhensiedlung BurgBurgbergPannoniaLudwigs des DeutschenDominicusRatpotsRihherisMagyarenGüssinger FehdeAlbrechtFranziskanernKanizsayKirchschlagKrumbachTürkenProtestantenSteinbachHaidukenAugustiner-EremitenKuruzenPestVolkszählungGemeinderatBürgermeisterdirektwahlErstenZweiten WeltkriegsDeutschkreutzDraßmarktFrankenau-UnterpullendorfGroßwarasdorfHoritschonKaisersdorfKobersdorfLackenbachLackendorfLockenhausLutzmannsburgMannersdorf an der RabnitzMarkt Sankt MartinNeckenmarktNeutalNikitschOberloisdorfOberpullendorfPilgersdorfPiringsdorfRaidingRitzingSteinberg-DörflStoobUnterfrauenhaidUnterrabnitz-SchwendgrabenWeingrabenWeppersdorf Dieser Artikel erläutert die burgenländische Gemeinde. Siehe auch Pilgersdorf (Gemeinde Lasberg), Oberösterreich bzw. Pilgersdorf,
          Read more

          Marineschifffahrtleitung Inhaltsverzeichnis Geschichte | Heutige Organisation der NATO | Nationale und...

          Image
          MarineMinenkriegsführung (See)Geleit (Schifffahrt)NATO-Organisation SeestreitkräftenHandelsschifffahrtHandelsschiffenZweiten WeltkriegKalten KriegesGeleitKriegsschiffeU-BootenErsten Weltkrieguneingeschränkten U-Boot-Kriegerhebliche Anstrengungenweit reichenden SchutzmaßnahmenSowjetunionNATOAllied Maritime Command Headquarters NorthwoodLondonOfficer in Tactical CommandKapitänePartnerschaft für den FriedenReedereienFischereiKonvoisMinenbedrohungMinenabwehrfahrzeugenReserveoffizierenautische PatenteKonvoisInternationale Seeschifffahrts-Organisationengl.SonderorganisationVereinten NationenLondonInternational Ship and Port Facility Security CodeInternationalen HandelskammerLondonPiraterieKuala LumpurOperation AtalantaAustralienNeuseelandBundesmarineEmdenFlottenkommandoBefehlshaber der Seestreitkräfte der NordseeMarinekommandoRostockHandelsschiffsoffizierenReserveoffizierePiraterie vor der Küste SomaliasOperation Allied ProtectorOperation Ocean ShieldGolfs von AdenInternational Recommended
          Read more