Skip to content

Commit 5437a1d

Browse files
committed
feat: force just owner can edit record
1 parent dbd3160 commit 5437a1d

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

src/main/java/cat/udl/eps/softarch/demo/handler/RecordEventHandler.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,10 @@ public void handleRecordPreCreate(Record record) {
2929

3030
@HandleBeforeSave
3131
public void handleRecordPreSave(Record record) {
32+
User owner = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
33+
if (!owner.equals(record.getOwnedBy())) {
34+
throw new SecurityException("Only the owner can modify the record");
35+
}
3236
ZonedDateTime timeStamp = ZonedDateTime.now();
3337
record.setModified(timeStamp);
3438
}

0 commit comments

Comments
 (0)