我的问题是，我有一个使用输入和输出的JavaSpring应用程序 DTO 有几个领域，而且我有一个 api 使用此更新我的数据模型 DTO . 我的意见 DTO 是这样的：

@Getter
@Setter
public class UpdateUser extends AbstractPortable {

@NotNull
@Size(min = 5, max = 255)
private String address;

@Size(min = 1, max = 10)
@Pattern(regexp = "^[0-9]*$")
private String birthCertificateNumber;

@Size(min = 1, max = 2)
@Pattern(regexp = "^[0-9]*$")
private String birthCertificateSeriesNumber;

@Past
@Schema(description = "{\"validators\":[\"age > 18\"]}")
private LocalDateTime birthDate;

@Size(min = 3, max = 50)
private String englishCompanyName;

@Size(min = 3, max = 255)
private String description;

@NotNull
@Pattern(regexp = "^(.+)@(\\S+)$")
private String emailAddress;

@Size(min = 3, max = 50)
private String englishFatherName;

@Pattern(regexp = "^[1-9][0-9]{3,7}$")
private String faxNumber;

@Size(min = 3, max = 50)
private String englishFirstName;

@Size(min = 3, max = 50)
private String englishLastName;

@NationalCode
private String nationalCode;

@Future
@Schema(description = "{\"validators\":[\"passportExpireDate < now\"]}")
private LocalDateTime passportExpireDate;

@NotNull
@Pattern(regexp = "^(?!^0+$)[a-zA-Z0-9]{3,20}$\n")
private String passportNumber;

@PastOrPresent
private LocalDateTime registerDate;

@Pattern(regexp = "^[1-9][0-9]{3,7}$")
private String telephoneNumber;

private Reference<Long> residenceCity;

private Reference<Long> birthCountry;

}

问题是我想限制更新这个 DTO's 根据我的访问控制。。。我只是希望用户不要看到一些基于访问级别的文件。我不想告诉ui团队不要向用户显示一些字段，我想从我的业务方面把这个限制传递给ui。最后一点是，我检查用户令牌以控制访问控制。如何创建动态 DTO 基于访问控制？实现这一点的最佳实践是什么？