Spring data rest and custom representation

Question

I am using the current version of Spring Data Rest (SDR) and Spring Security (SS) and have following entities:

• User: contains a List of teams joined and another for teams managed.
• Team: contains a List for members and another for admins.

What I would like to do is customize the information returned for the entities by SDR given permissions of the current User. I'm aware of Projections in SDR but I believe they're not suitable for my current problem since this should be done transparently without having the User specify the projection in the request.

Given the following:

(1) /teams/{team_id}/members
(2) /teams/{team_id}/members/{member_id}
(3) /users/{user_id}/teamsJoined

Here is what I want to implement:

• Visiting (1) by a normal member of the team would return different fields than when done by an admin.
• Visiting (2) would return additional fields not returned by (1)
• Visiting (3):
  • by the user with {user_id} should return all teams.
  • by another member should return only the intersection of their teams.

I was thinking about maybe using AOP but I'm not really sure if it would work. What would be the best way to implement this?

Answer 1

I'm not sure exposing various representations of a resource (at the same uri) based on the requesting user follows the REST philosophy. You should use another uri for that.

Maybe you could split the data visible by only some kind of users from the original entity into another 'sub'entity (1-1 relation) and restrict the access to theses related resources endpoints. You can make use of @PreAuthorize and @PostFilter annotations on your repositories methods to restrict access on your resources based on the identified user.