I am having a typical application where a user can be in multiple groups, and of course, a group can hold multiple users:
User <-> GroupMember (ManyToMany) <-> Group
Also, a GroupMember can have other relations for example it can have an item which belongs to it - but only in the context of that particular group:
GroupMember <- OneToMany <- GroupMemberItem
My first question would be this: Let's say there is a GroupRepository
@RepositoryRestResource(collectionResourceRel = "groups", path = "groups")
public interface GroupRepository extends JpaRepository<GroupEntity, Long> {
}
How would one fetch only the groups the user is actually assigned to and make it impossible for another user to access groups he is not.
Are @RepositoryRestResource / JpaRepository actullay designed for this? I am absolutely against writing @Query annotations where I end up writing queries which imho defy the whole purpose of why I would like to use them in the first place.
So if I told you
"I want http://localhost:8080/groups to return all the groups that the current logged in user is logged in"
would you recommend me to go the @RestController, @Service, @Repository where I just implement the query by myself where might even end up switching up to something like jOOQ at this point or would you tell me to go for @RepositoryRestResource because there is a very easy way to accomplish that without having to write complex queries inside that Java interface?
The second question is kind of a follow up to the first one. Having said that a GroupMember can own one or many GroupMemberItem, I am having struggles to understand how @RepositoryRestResource can be used in order to fetch all the items from the logged in user in a selected group. Just writing the SQL query is not the problem but can this be done with @RepositoryRestResource / JpaRepository? If yes, how? I cannot find a single example and I've been looking for quite a while now.
