Does @RolesAllowed work on view methods?

I have @PermitAll on my view class. Within I want to prevent a button from being added to the form, so I created a method and put @RolesAllowed(“ADMIN”). It still shows the button. (Side note: @RolesAllowed(“ADMIN”) on the view class does work just fine, but it’s not what I want. )

   :
HorizontalLayout toolbar = new HorizontalLayout(nameFilter, playersFilter, getAddButton());
   :

@RolesAllowed("ADMIN")
private Button getAddButton() {
   :
}

I looked into @RolesAllowed and it support annotating both a type and a method. Am I doing it wrong?

Thanks!

I forgot about accessChecker.hasAccess. Once I added that, it was easy peasy.

HorizontalLayout toolbar;
try {
    if (accessChecker.hasAccess(getClass().getMethod("getAddButton", null))) {
        toolbar = new HorizontalLayout(filterText, getAddButton());
    } else {
        toolbar = new HorizontalLayout(filterText);
    }
} catch (NoSuchMethodException e) {
    toolbar = new HorizontalLayout(filterText);
}
        toolbar.addClassName("persons-listview-toolbar");
return toolbar;

// needs to be public for RolesAllowed to work
@RolesAllowed("ADMIN")
public Button getAddButton() {
   :
}

I looked into @RolesAllowed and it support annotating both a type and a method. Am I doing it wrong?
Yes. It is more relevant with Hilla end point methods though. I am not entirely convinced that there are good use cases for this in Java defined Vaadin views.

I usually do this checks with if (SecurityUtils.isAdmin()) … it’s easier to read. And also do some checks in the service that throws an exception.
Annotation on method means proxy on classes and it’s too heavy in my opinion.

I’ll try that out. Thanks!!!