0

I'm using:

  • spring-boot-starter-web
  • spring-boot-starter-data-rest
  • spring-boot-starter-data-mongodb
  • spring-boot-starter-security

and with spring data-rest I created REST API. Every entity has property userId. How can I use it to restrict all repository methods (e.g.: findAll(), save(), ...)?

I want that only owner can see, edit, and delete his data.

adian
  • 278
  • 1
  • 9
  • have a look here: [how-to-allow-a-user-only-access-their-own-data](https://stackoverflow.com/questions/51712724/how-to-allow-a-user-only-access-their-own-data-in-spring-boot-spring-security/51713982#51713982) – Dirk Deyne Sep 28 '20 at 18:27
  • The case there is different. I don't have user id in HTTP path :/ – adian Sep 28 '20 at 18:41
  • Only way in my case is to filter all entities by user id with is inside entity. – adian Sep 28 '20 at 18:45

0 Answers0