如何实现 PostFilter 到 PagingAndSortingRepository？

Question

我正在寻找如何为PagingAndSortingRepository 接口实现@PostFilter 注释

我创建了我的自定义存储库类扩展

public interface PublishableEntityRepository<T, ID extends Serializable>
        extends PagingAndSortingRepository<T, ID> {
    @PostFilter("hasPermission(filterObject, 'read')")
    Page<T> findAll(Pageable var1);
}

然后创建了一个自定义的PermissionEvaluator 类

public class AccessPermissionEvaluator implements PermissionEvaluator {

    @Override
    public boolean hasPermission(Authentication authentication, Object o, Object o1) {
        boolean hasPermission = false;

        if (authentication != null) {
            User user = (User) authentication.getPrincipal();
            if (((PublishableEntity) o).getStatus().equals(AccessStatus.PUBLISHED)) {
                hasPermission = true;
            }
        }

        return hasPermission;
    }

    @Override
    public boolean hasPermission(Authentication authentication, Serializable serializable, String s, Object o) {
        return false;
    }
}

但是，IllegalArgumentException 被抛出：

RepositoryRestExceptionHandler - 过滤器目标必须是集合或数组类型，但第 0 页（共 0 页）包含 UNKNOWN 实例

我知道有问题的 filterObject 是一个 Page 类，那么如何过滤页面内容？

Answer 1

找到答案，它是使用@Query 和带有安全扩展的SpEL。

@NoRepositoryBean
public interface PublishableEntityRepository<T, ID extends Serializable>
       extends PagingAndSortingRepository<T, ID> {
    @PostFilter("hasPermission(filterObject, 'read')")
    List<T> findAll();

    @PostAuthorize("hasPermission(returnObject, 'read')")
    T findOne(ID id);

    // where entity.status is PUBLISHED or security SpEL with hasRole
    @Query("select o from #{#entityName} o where o.status = 'PUBLISHED' " +
        "or 1 = ?#{security.hasRole('ROLE_ADMIN') ? 1 : 0}")
    Page<T> findAll(Pageable var1);
}

http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#data-query