Applying User Role Locking

I’m building a Site Administration Module in NixMash Spring and starting with User and Role Management. (For the sake of this post I’ll be using the term “Roles” for “Authorities.”) To prevent bad things happening when essential roles like ROLE_ADMIN and ROLE_USER are accidentally deleted I added Role Locking. Here are the design basics.

First our Roles List, nestled in a Dandelion Datatable. We can add, modify and remove roles. Any roles removed are first automatically unassigned from any users before they are removed.

Role Editing is next, where we use the same Dandelion Datatable and display different table columns with Javascript. More on that in a future post.

Like I said, we don’t want to mess with these two essential roles, so they are locked with a database bit and a new isLocked model property. Here is the updated Authority table schema.

With the new property we can check on the Role’s isLocked status and return a Feedback Message at (1) below.

And return it to the page.

As you’ve noticed, I haven’t yet added the ability to lock/unlock a Role in the UI, but will probably do that at some point.

Source Code Notes for this Post

All source code discussed in this post can be found in my NixMash Spring GitHub repo and viewed online here.