Service Layer

Overview

Service layer methods enforce security for create, update, and delete operations.

Pattern for Org-Scoped Entities

@Service
@Transactional
public class EventService {

    public Event save(Event event) {
        securityService.requireOrgAccess(event, AccessLevel.READ_WRITE);
        return eventRepository.save(event);
    }

    public Event update(Event event) {
        Event existing = findOneSecure(event.getId())
            .orElseThrow(() -> new EntityNotFoundException("Not found"));
        securityService.requireOrgAccess(existing, AccessLevel.READ_WRITE);
        return eventRepository.save(event);
    }
}

Pattern for Dual-Scoped Entities

@Service
@Transactional
public class EventEntryService {

    public EventEntry save(EventEntry entry) {
        Event event = eventRepository.findById(entry.getEvent().getId())
            .orElseThrow();
        securityService.requireOrgAccess(event, AccessLevel.READ_WRITE);
        securityService.requirePersonAccess(entry, AccessLevel.READ_WRITE);
        return eventEntryRepository.save(entry);
    }
}

Next Steps

Add REST Controllers
Write Integration Tests