Query Services

Overview

Query services extend SecuredQueryService to automatically apply security filtering.

Base Class

public abstract class SecuredQueryService<ENTITY> extends QueryService<ENTITY> {

    @Autowired
    protected MultiDimensionalSecurityService securityService;

    protected abstract SecurityType getSecurityType();

    protected Specification<ENTITY> createSecureSpecification(
            Criteria criteria,
            AccessLevel accessLevel) {
        // Combines user criteria with security filtering
    }
}

Implementation Pattern

@Service
@Transactional(readOnly = true)
public class EventQueryService extends SecuredQueryService<Event> {

    @Override
    protected SecurityType getSecurityType() {
        return SecurityType.ORG_SCOPED;
    }

    @Override
    protected Specification<Event> getOrgSecuritySpec(AccessLevel accessLevel) {
        return securityService.hasOrgAccess(accessLevel);
    }

    public List<Event> findByCriteria(EventCriteria criteria) {
        Specification<Event> spec = createSecureSpecification(criteria, AccessLevel.READ);
        return eventRepository.findAll(spec);
    }
}

Next Steps

Implement Service Layer
Add REST Controllers