SpringBot hiding attributes

Attributes can come from two different sources,

A user adds them to an entity, or
The extension adds them in

Users can add attributes to an entity such as the Notes string attribute below. This is the most common way attributes are included. Extensions can also add attributes, for example the User extension shown below will add attributes such as Username, Password etc.

Hiding them in the client-side

The most simple use case for need to hide attributes is removing them from the DOM.

This can be achieved by making use of the hideElement attribute which is available from within the client-side model for each entity. Using our above example, by adding the attribute hideElement to our user-added Notes attribute, we can remove it from all views.

The model file updated in this scenario can be found at clientside/src/app/models/myuser/myuser.model.ts.

// % protected region % [Add any additional model attribute properties for Notes here] on begin
hideElement: true
// % protected region % [Add any additional model attribute properties for Notes here] end

The new getProps() method will now appear as follows:

static getProps(): ModelProperty[] {
        return super.getProps().concat([
            {
                name: 'notes',
                // % protected region % [Set displayName for Notes here] off begin
                displayName: 'Notes',
                // % protected region % [Set displayName for Notes here] end
                type: ModelPropertyType.STRING,
                // % protected region % [Set display element type for Notes here] off begin
                elementType: ElementType.PASSWORD,
                // % protected region % [Set display element type for Notes here] end
                // % protected region % [Set isSensitive for Notes here] off begin
                isSensitive: true,
                // % protected region % [Set isSensitive for Notes here] end
                // % protected region % [Set readonly for Notes here] off begin
                readOnly: false,
                // % protected region % [Set readonly for Notes here] end
                validators: [
                    // % protected region % [Add other validators for Notes here] off begin
                    // % protected region % [Add other validators for Notes here] end
                ],
                // % protected region % [Add any additional model attribute properties for Notes here] on begin
                hideElement: true
                // % protected region % [Add any additional model attribute properties for Notes here] end
            },
            // % protected region % [Add any additional class field names here] off begin
            // % protected region % [Add any additional class field names here] end
        ]);
    }

To hide any attributes that are added via the User extension, follow the same steps but in user.mode.ts.

NOTE:** Do not only use this method for sensitive data that needs removing. This is a cosmetic change only.

A work around

In the current version of SpringBot, this property does not propagate properly. As such, a work around is required for the Data table list column headers.

Open clientside/src/app/admin/tiles/crud/myuser/myuser.admin.tile.crud.component.ts and turn on the protected region called Change your header options required here. Replace the contents with the following:

// % protected region % [Change your header options required here] on begin
readonly headerOptions: HeaderOption[] = this.modelProperties.map(prop => {
    return {
        ...prop,
        sortable: true,
        sourceDirectFromModel: true,
        valueSource: prop.name,
        doHide: prop.isSensitive
    } as HeaderOption;
}).filter(opt => opt.name !== 'id').filter(opt => !opt.doHide && !['notes'].includes(opt.name));
// % protected region % [Change your header options required here] end

As you can see, we have added the additional condition !['notes'].includes(opt.name) to the filter, which will remove all properties with the name notes from the collection. This has been written as an array to allow for additional attributes to be filtered out.

Server-side

This is the option that is recommended for sensitive data. It does require the client-side method to also be implemented. The server-side implementation prevents the data from being available to the client-side, and it can be implemented at model time through the use of the Available By model property.

Model server only using available by

This will achieve the following,

Remove the attribute from the GraphQL response, and

Mark the attribute as WRITE_ONLY. For example, in serverside/src/main/java/[projectName]/entities/MyuserEntity.java

// % protected region % [Modify attribute annotation for Notes here] off begin
  @Nullable
  @Column(name = "notes")
  @JsonProperty(access = Access.WRITE_ONLY)
  @ToString.Include
  // % protected region % [

by Brodie O'Carroll

19 November 2020

Originally written by Kellie Lutze on 28 May 2020

Was this article helpful?

Thanks for your feedback!

If you would like to tell us more, please click on the link below to send us a message with more details.