Security Service
Overview
The MultiDimensionalSecurityService is the core service implementing the security resolution algorithm.
Key Methods
Organization Dimension
// Get accessible organization IDs
Set<Long> getCurrentUserOrgIds(AccessLevel minLevel)
// Check single org access
boolean canAccessOrg(Long orgId, AccessLevel requiredLevel)
// Create org security specification
<ENTITY extends OrganisationScoped> Specification<ENTITY> hasOrgAccess(AccessLevel accessLevel)Person Dimension
// Get accessible person IDs
Set<Long> getCurrentUserPersonIds(AccessLevel minLevel)
// Check single person access
boolean canAccessPerson(Long personId, AccessLevel requiredLevel)
// Create person security specification
<ENTITY extends PersonScoped> Specification<ENTITY> hasPersonAccess(AccessLevel accessLevel)Composite Security
For entities implementing both OrganisationScoped and PersonScoped, check each dimension separately:
// Check organization dimension
boolean hasOrgAccess = canAccessOrg(entity.getOrgId(), requiredLevel);
// Check person dimension
boolean hasPersonAccess = canAccessPerson(entity.getPersonId(), requiredLevel);
// Both dimensions must pass
if (!hasOrgAccess || !hasPersonAccess) {
throw new SecurityException("Access denied");
}Use specifications independently and combine them:
Specification<EventEntry> spec = hasOrgAccess(AccessLevel.READ)
.and(hasPersonAccess(AccessLevel.READ));Complete Implementation
See Complete Code Examples for full source code.
Next Steps
-
Implement Query Services
-
Create Service Layer methods