I'm writing a multiuser application in which requests for a given resource (say, /people/4) will return differing levels of detail depending on the user performing the request (for example, user 4 or a support representative would see the entire resource, while other users would not see certain fields such as the user's e-mail address).
Spring HATEOAS has thorough support for building links, but the main ResourceAssember interface only provides a single adapter method that takes a domain object and returns a resource object, with no provision for additional parameters (such as the current Spring Security user), and neither ResourceSupport nor Resource<T> provides facilities for filtering the fields returned.
The approach I'm currently leaning toward is having the implementation of toResource for ResourceAssembler<Customer, CustomerResource> manually dig out the current Spring Security credentials and apply filtering at that point, essentially hand-writing a multi-stage copy constructor that will add public fields, then for-friends fields, then private fields to the resource object.
Is there a more integrated, especially declarative, way to handle the task, or is this the best solution available now? Will this approach integrate with the Spring Data REST controller, or will I have to reimplement paging and so forth if I want to handle the assembly myself?
