Check authority for every field in an update requestORM Entity with many similar relationshipsClass naming...

Grade 10 Analytic Geometry Question 23- Incredibly hard

Dilemma of explaining to interviewer that he is the reason for declining second interview

Why does a metal block make a shrill sound but not a wooden block upon hammering?

Should I write a companion book/blog?

Can you earn endless XP using a Flameskull and its self-revival feature?

Why are the books in the Game of Thrones citadel library shelved spine inwards?

Lick explanation

Strange Sign on Lab Door

The effects of magnetism in radio transmissions

What flying insects could re-enter the Earth's atmosphere from space without burning up?

Why doesn't "auto ch = unsigned char{'p'}" compile under C++ 17?

Are there neural networks with very few nodes that decently solve non-trivial problems?

Slow moving projectiles from a hand-held weapon - how do they reach the target?

How would a Dictatorship make a country more successful?

A minimum of two personnel "are" or "is"?

A starship is travelling at 0.9c and collides with a small rock. Will it leave a clean hole through, or will more happen?

How to acknowledge an embarrassing job interview, now that I work directly with the interviewer?

Can we use the stored gravitational potential energy of a building to produce power?

Parsing a string of key-value pairs as a dictionary

Why does String.replaceAll() work differently in Java 8 from Java 9?

Does fast page mode apply to ROM?

Does Windows 10's telemetry include sending *.doc files if Word crashed?

If I sold a PS4 game I owned the disc for, can I reinstall it digitally?

A universal method for left-hand alignment of a sequence of equalities



Check authority for every field in an update request


ORM Entity with many similar relationshipsClass naming conventionsSingle MySQLI query to check for admin privilegesHandling Java instant Ajax request/respond with AngularUsing a Boolean method that never returns “false” to check user permissionsSecurity check using an SQL callDon't Update Every AI Every TickTic Tac Toe in Java: Runner Class Design, Using Helper Methods, and Instance VariablesIterating through every permutation of every subsetJPA method to update roles for users













0












$begingroup$


Depending on whether the caller has the right STUDENT or TEACHER (or ADMIN), I want to allow the caller to update different fields. For now, I have created the following contraption, which is kind of offensive to the eyes.



It iss also necessary to check if the caller even wants to update a field, which further complicates the code.



Any idea how I could improve this?



For some context: This is Java 8+ using Spring Security in the background.



public void update(@NonNull String uuid, @Valid @NonNull UserUpdateRequest uur) {

  UserEntity ue = userRepository.getOne(uuid);



  if (uur.getPassword() != null) {

    enforceAtLeastStudent();

    ue.setHashedAndSaltedPassword(passwordHasher.hashAndSalt(uur.getPassword()));

  }

  if (uur.getEmail() != null) {

    enforceAtLeastStudent();

    ue.setEmail(uur.getEmail());

  }



  if (uur.getBirthday() != null) {

    enforceAdminOrTeacher();

    ue.setBirthday(uur.getBirthday());

  }

  if (uur.getFamilyName() != null) {

    enforceAdminOrTeacher();

    ue.setFamilyName(uur.getFamilyName());

  }

  if (uur.getFirstName() != null) {

    enforceAdminOrTeacher();

    ue.setFirstName(uur.getFirstName());

  }

}



private void enforceAtLeastStudent() {

  authHelper.hasAnyRoleOrThrow("STUDENT", "TEACHER", "ADMIN");

}



private void enforceAdminOrTeacher() {

  authHelper.hasAnyRoleOrThrow("TEACHER", "ADMIN");

}





java spring authorization







share|improve this question











$endgroup$

















    0












    $begingroup$


    Depending on whether the caller has the right STUDENT or TEACHER (or ADMIN), I want to allow the caller to update different fields. For now, I have created the following contraption, which is kind of offensive to the eyes.



    It iss also necessary to check if the caller even wants to update a field, which further complicates the code.



    Any idea how I could improve this?



    For some context: This is Java 8+ using Spring Security in the background.



    public void update(@NonNull String uuid, @Valid @NonNull UserUpdateRequest uur) {
    
  UserEntity ue = userRepository.getOne(uuid);
    

    
  if (uur.getPassword() != null) {
    
    enforceAtLeastStudent();
    
    ue.setHashedAndSaltedPassword(passwordHasher.hashAndSalt(uur.getPassword()));
    
  }
    
  if (uur.getEmail() != null) {
    
    enforceAtLeastStudent();
    
    ue.setEmail(uur.getEmail());
    
  }
    

    
  if (uur.getBirthday() != null) {
    
    enforceAdminOrTeacher();
    
    ue.setBirthday(uur.getBirthday());
    
  }
    
  if (uur.getFamilyName() != null) {
    
    enforceAdminOrTeacher();
    
    ue.setFamilyName(uur.getFamilyName());
    
  }
    
  if (uur.getFirstName() != null) {
    
    enforceAdminOrTeacher();
    
    ue.setFirstName(uur.getFirstName());
    
  }
    
}
    

    
private void enforceAtLeastStudent() {
    
  authHelper.hasAnyRoleOrThrow("STUDENT", "TEACHER", "ADMIN");
    
}
    

    
private void enforceAdminOrTeacher() {
    
  authHelper.hasAnyRoleOrThrow("TEACHER", "ADMIN");
    
}





    java spring authorization







    share|improve this question











    $endgroup$















      0












      0








      0





      $begingroup$


      Depending on whether the caller has the right STUDENT or TEACHER (or ADMIN), I want to allow the caller to update different fields. For now, I have created the following contraption, which is kind of offensive to the eyes.



      It iss also necessary to check if the caller even wants to update a field, which further complicates the code.



      Any idea how I could improve this?



      For some context: This is Java 8+ using Spring Security in the background.



      public void update(@NonNull String uuid, @Valid @NonNull UserUpdateRequest uur) {
      
  UserEntity ue = userRepository.getOne(uuid);
      

      
  if (uur.getPassword() != null) {
      
    enforceAtLeastStudent();
      
    ue.setHashedAndSaltedPassword(passwordHasher.hashAndSalt(uur.getPassword()));
      
  }
      
  if (uur.getEmail() != null) {
      
    enforceAtLeastStudent();
      
    ue.setEmail(uur.getEmail());
      
  }
      

      
  if (uur.getBirthday() != null) {
      
    enforceAdminOrTeacher();
      
    ue.setBirthday(uur.getBirthday());
      
  }
      
  if (uur.getFamilyName() != null) {
      
    enforceAdminOrTeacher();
      
    ue.setFamilyName(uur.getFamilyName());
      
  }
      
  if (uur.getFirstName() != null) {
      
    enforceAdminOrTeacher();
      
    ue.setFirstName(uur.getFirstName());
      
  }
      
}
      

      
private void enforceAtLeastStudent() {
      
  authHelper.hasAnyRoleOrThrow("STUDENT", "TEACHER", "ADMIN");
      
}
      

      
private void enforceAdminOrTeacher() {
      
  authHelper.hasAnyRoleOrThrow("TEACHER", "ADMIN");
      
}





      java spring authorization







      share|improve this question











      $endgroup$




      Depending on whether the caller has the right STUDENT or TEACHER (or ADMIN), I want to allow the caller to update different fields. For now, I have created the following contraption, which is kind of offensive to the eyes.



      It iss also necessary to check if the caller even wants to update a field, which further complicates the code.



      Any idea how I could improve this?



      For some context: This is Java 8+ using Spring Security in the background.



      public void update(@NonNull String uuid, @Valid @NonNull UserUpdateRequest uur) {
      
  UserEntity ue = userRepository.getOne(uuid);
      

      
  if (uur.getPassword() != null) {
      
    enforceAtLeastStudent();
      
    ue.setHashedAndSaltedPassword(passwordHasher.hashAndSalt(uur.getPassword()));
      
  }
      
  if (uur.getEmail() != null) {
      
    enforceAtLeastStudent();
      
    ue.setEmail(uur.getEmail());
      
  }
      

      
  if (uur.getBirthday() != null) {
      
    enforceAdminOrTeacher();
      
    ue.setBirthday(uur.getBirthday());
      
  }
      
  if (uur.getFamilyName() != null) {
      
    enforceAdminOrTeacher();
      
    ue.setFamilyName(uur.getFamilyName());
      
  }
      
  if (uur.getFirstName() != null) {
      
    enforceAdminOrTeacher();
      
    ue.setFirstName(uur.getFirstName());
      
  }
      
}
      

      
private void enforceAtLeastStudent() {
      
  authHelper.hasAnyRoleOrThrow("STUDENT", "TEACHER", "ADMIN");
      
}
      

      
private void enforceAdminOrTeacher() {
      
  authHelper.hasAnyRoleOrThrow("TEACHER", "ADMIN");
      
}





      java spring authorization




      java spring authorization






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 13 hours ago









      200_success

      130k16153417




      130k16153417










      asked 16 hours ago









      TraubenfuchsTraubenfuchs

      41829




      41829






















          0






          active

          oldest

          votes











          Your Answer





          StackExchange.ifUsing("editor", function () {
          return StackExchange.using("mathjaxEditing", function () {
          StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
          StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
          });
          });
          }, "mathjax-editing");

          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "196"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f214539%2fcheck-authority-for-every-field-in-an-update-request%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Code Review Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          Use MathJax to format equations. MathJax reference.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f214539%2fcheck-authority-for-every-field-in-an-update-request%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          is 'sed' thread safeWhat should someone know about using Python scripts in the shell?Nexenta bash script uses...

          Image
          1970s scifi/horror novel where protagonist is used by a crablike creature to feed its larvae, goes mad, and is defeated by retraumatising him Practical reasons to have both a large police force and bounty hunting network? Is there a frame of reference in which I was born before I was conceived? A peculiar integral identity Is there a way to find out the age of climbing ropes? PTIJ: Aharon, King of Egypt Specific Chinese carabiner QA? Can we carry rice to Japan? Would the melodic leap of the opening phrase of Mozart's K545 be considered dissonant? Can an earth elemental drown/bury its opponent underground using earth glide?
          Read more

          How do i solve the “ No module named 'mlxtend' ” issue on Jupyter?

          Image
          Dilemma of explaining to interviewer that he is the reason for declining second interview Meaning of すきっとした How much time does it take for a broken magnet to recover its poles? Can a hotel cancel a confirmed reservation? Removing debris from PCB Using AWS Fargate as web server When does coming up with an idea constitute sufficient contribution for authorship? If a druid in Wild Shape swallows a creature whole, then turns back to her normal form, what happens? How Should I Define/Declare String Constants How to add multiple differently colored borders around a node? Can I retract my name from a
          Read more

          Pilgersdorf Inhaltsverzeichnis Geografie | Geschichte | Bevölkerungsentwicklung | Politik | Kultur...

          Image
          Gemeinde im BurgenlandOrt im Bezirk OberpullendorfPilgersdorfErsterwähnung 1225 ungarischkroatischBurgenlandBezirk OberpullendorfÖsterreichZöbernbachKirchschlag in der Buckligen WeltLockenhausKatastralgemeindenNoricumkeltischen Höhensiedlung BurgBurgbergPannoniaLudwigs des DeutschenDominicusRatpotsRihherisMagyarenGüssinger FehdeAlbrechtFranziskanernKanizsayKirchschlagKrumbachTürkenProtestantenSteinbachHaidukenAugustiner-EremitenKuruzenPestVolkszählungGemeinderatBürgermeisterdirektwahlErstenZweiten WeltkriegsDeutschkreutzDraßmarktFrankenau-UnterpullendorfGroßwarasdorfHoritschonKaisersdorfKobersdorfLackenbachLackendorfLockenhausLutzmannsburgMannersdorf an der RabnitzMarkt Sankt MartinNeckenmarktNeutalNikitschOberloisdorfOberpullendorfPilgersdorfPiringsdorfRaidingRitzingSteinberg-DörflStoobUnterfrauenhaidUnterrabnitz-SchwendgrabenWeingrabenWeppersdorf Dieser Artikel erläutert die burgenländische Gemeinde. Siehe auch Pilgersdorf (Gemeinde Lasberg), Oberösterreich bzw. Pilgersdorf,
          Read more