Package com.broadleafcommerce.adminuser.user.service

Class DefaultAdminPermissionContextValidator<P extends AdminPermission>

java.lang.Object
com.broadleafcommerce.adminuser.user.service.DefaultAdminPermissionContextValidator<P>
All Implemented Interfaces:
AdminPermissionContextValidator<P>
public class DefaultAdminPermissionContextValidator<P extends AdminPermission> extends Object implements AdminPermissionContextValidator<P>
Default validator for use on AdminPermission creation/modification/deletion. Verifies the following:
  1. the current authentication is not application restricted (and can therefore modify these tenant-level entities)
  2. the current context is able to create/modify the permission
  3. the tenant ID of a permission can never be changed
  4. the name of a permission is non-empty and unique within its context
Author:
Samarth Dhruva (samarthd)

  • Constructor Summary

    Constructors
    Constructor
    Description
    DefaultAdminPermissionContextValidator(com.broadleafcommerce.common.extension.TypeFactory typeFactory, com.broadleafcommerce.data.tracking.core.policy.PolicyUtils policyUtils)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected com.broadleafcommerce.data.tracking.core.context.ContextRequest
    buildContextMatchingPermissionTenant(P permission)
    Builds a ContextRequest that has a ContextRequest.tenantId matching the AdminPermission.tenantId.
    protected boolean
    currentUserHasTenantAccess()
    Uses policyUtils to check if currently authenticated user has tenant access.
    protected AdminPermissionService<P>
    getAdminPermissionService()
     
    protected Map<String,Object>
    getAuthenticationDetails()
     
    protected String
    getCurrentlyAuthenticatedUser()
     
    protected org.springframework.validation.Errors
    getErrors(P permission)
     
    protected com.broadleafcommerce.data.tracking.core.policy.PolicyUtils
    getPolicyUtils()
     
    protected com.broadleafcommerce.common.extension.TypeFactory
    getTypeFactory()
     
    boolean
    isMutableFromContext(P permission, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
    Returns whether or not the given entity is mutable from the given context.
    protected String
    prefixWithEntityValidationMessageKey(String errorCode)
     
    void
    setAdminPermissionService(AdminPermissionService<P> adminPermissionService)
    Lazy injection since this validator is itself a service component.
    org.springframework.validation.Errors
    validateCreate(P permission, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
    Validates a create operation is allowed in the current context.
    void
    validateCreate(P permission, org.springframework.validation.Errors errors, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
    Validates a create operation is allowed in the current context.
    protected void
    validateCurrentAuthenticationHasTenantAccess()
    Since permissions are a tenant-level concept, only tenant access users can perform creation/modification operations on them.
    org.springframework.validation.Errors
    validateDelete(P permission, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
    Validates a delete operation is allowed in the current context.
    void
    validateDelete(P permission, org.springframework.validation.Errors errors, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
    Validates a delete operation is allowed in the current context.
    protected void
    validateNameUniqueInPermissionContext(String id, P permission, org.springframework.validation.Errors errors)
    While it is perfectly valid for two tenant-level permissions in different tenants to have the same name, we want to avoid having duplicate names from the perspective of a particular tenant context (to prevent confusion).
    protected void
    validatePermissionIsMutableFromCurrentContext(P permission, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
    Validates that the permission can be mutated by the current context.
    protected void
    validateTenantIdUnchanged(P existingPermission, P permission, org.springframework.validation.Errors errors)
    Regardless of what context this operation is being performed in, tenant ID can never be changed (as it would compromise accessibility to/from related entities).
    org.springframework.validation.Errors
    validateUpdate(String id, P permission, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
    Validates an update operation is allowed in the current context.
    void
    validateUpdate(String id, P permission, org.springframework.validation.Errors errors, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
    Validates an update operation is allowed in the current context.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • DefaultAdminPermissionContextValidator

      public DefaultAdminPermissionContextValidator(com.broadleafcommerce.common.extension.TypeFactory typeFactory, @Nullable com.broadleafcommerce.data.tracking.core.policy.PolicyUtils policyUtils)

  • Method Details

    • setAdminPermissionService

      @Autowired @Lazy public void setAdminPermissionService(AdminPermissionService<P> adminPermissionService)
      Lazy injection since this validator is itself a service component. This avoids circular dependency exceptions
      Parameters:
      adminPermissionService - the permission service

    • validateCreate

      public org.springframework.validation.Errors validateCreate(P permission, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
      Description copied from interface: AdminPermissionContextValidator
      Validates a create operation is allowed in the current context.
      Specified by:
      validateCreate in interface AdminPermissionContextValidator<P extends AdminPermission>
      Parameters:
      permission - The permission to validate
      contextInfo - The current context
      Returns:
      An Errors object bound to a {code permission}
      See Also:

    • getErrors

      protected org.springframework.validation.Errors getErrors(P permission)

    • validateUpdate

      public org.springframework.validation.Errors validateUpdate(String id, P permission, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
      Description copied from interface: AdminPermissionContextValidator
      Validates an update operation is allowed in the current context.
      Specified by:
      validateUpdate in interface AdminPermissionContextValidator<P extends AdminPermission>
      Parameters:
      id - the id of the permission being updated, explicitly provided such that it can be used to find the existing record even if AdminPermission.id is unsupplied in permission.
      permission - The permission to validate
      contextInfo - The current context
      Returns:
      An Errors object bound to a {code permission}
      See Also:

    • validateDelete

      public org.springframework.validation.Errors validateDelete(P permission, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
      Description copied from interface: AdminPermissionContextValidator
      Validates a delete operation is allowed in the current context.
      Specified by:
      validateDelete in interface AdminPermissionContextValidator<P extends AdminPermission>
      Parameters:
      permission - the permission being deleted to validate
      contextInfo - The current context
      Returns:
      An Errors object bound to a {code permission}
      See Also:

    • validateCreate

      public void validateCreate(P permission, org.springframework.validation.Errors errors, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
      Description copied from interface: AdminPermissionContextValidator
      Validates a create operation is allowed in the current context.
      Specified by:
      validateCreate in interface AdminPermissionContextValidator<P extends AdminPermission>
      Parameters:
      permission - The permission to validate
      errors - An errors object bound to the permission to be validated
      contextInfo - The current context

    • validateCurrentAuthenticationHasTenantAccess

      protected void validateCurrentAuthenticationHasTenantAccess()
      Since permissions are a tenant-level concept, only tenant access users can perform creation/modification operations on them.
      Throws:
      com.broadleafcommerce.data.tracking.core.exception.NotPermittedException - if the current authentication does not have tenant access

    • currentUserHasTenantAccess

      protected boolean currentUserHasTenantAccess()
      Uses policyUtils to check if currently authenticated user has tenant access.

      If policyUtils is null or it's not an instance of TrackablePolicyUtils, that means policy validation is turned off or trackable considerations should be ignored. Therefore it will automatically report the currently authenticated user has tenant access, since we want to allow everything in those cases.

      Returns:
      true if currently authenticated user has tenant access, otherwise false
      See Also:
      • TrackablePolicyUtils.isUserTenantLevelAccess()

    • getAuthenticationDetails

      @NonNull protected Map<String,Object> getAuthenticationDetails()

    • prefixWithEntityValidationMessageKey

      protected String prefixWithEntityValidationMessageKey(String errorCode)

    • getCurrentlyAuthenticatedUser

      protected String getCurrentlyAuthenticatedUser()

    • validateNameUniqueInPermissionContext

      protected void validateNameUniqueInPermissionContext(@Nullable String id, P permission, org.springframework.validation.Errors errors)
      While it is perfectly valid for two tenant-level permissions in different tenants to have the same name, we want to avoid having duplicate names from the perspective of a particular tenant context (to prevent confusion).

      This means that:

      • a tenant-level permission's name must be unique among permissions with the same tenant id and global permissions (which would be accessible from any tenant-context)
      • a global permission's name must be unique among all permissions in all contexts
      This method first validates that the name is present, then validates its uniqueness.
      Parameters:
      id - the id of the permission, explicitly provided as it may be null on the permission. May be null as in the case of a create.
      permission - the permission whose name should be validated for uniqueness in its context
      errors - the errors object bound to the given permission on which errors can be registered

    • buildContextMatchingPermissionTenant

      protected com.broadleafcommerce.data.tracking.core.context.ContextRequest buildContextMatchingPermissionTenant(P permission)
      Builds a ContextRequest that has a ContextRequest.tenantId matching the AdminPermission.tenantId. Useful in situations where it is necessary to make validations from the perspective of the entity's context rather than the context of the current request itself, which may have different accessibility.
      Parameters:
      permission - the permission for which to build a context request
      Returns:
      a ContextRequest matching the given permission's tenant ID

    • validateUpdate

      public void validateUpdate(String id, P permission, org.springframework.validation.Errors errors, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
      Description copied from interface: AdminPermissionContextValidator
      Validates an update operation is allowed in the current context.
      Specified by:
      validateUpdate in interface AdminPermissionContextValidator<P extends AdminPermission>
      Parameters:
      id - the id of the permission being updated, explicitly provided such that it can be used to find the existing record even if AdminPermission.id is unsupplied in permission.
      permission - The permission to validate
      errors - An errors object bound to the permission to be validated
      contextInfo - The current context

    • validateTenantIdUnchanged

      protected void validateTenantIdUnchanged(P existingPermission, P permission, org.springframework.validation.Errors errors)
      Regardless of what context this operation is being performed in, tenant ID can never be changed (as it would compromise accessibility to/from related entities).
      Parameters:
      existingPermission - the permission as it exists in the data store currently
      permission - the permission after update
      errors - the errors object bound to the given permission on which errors can be registered

    • validatePermissionIsMutableFromCurrentContext

      protected void validatePermissionIsMutableFromCurrentContext(P permission, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
      Validates that the permission can be mutated by the current context.

      This is important, because in some cases permissions are accessible by a context but not mutable from that context. For example, a global permission can be accessed by a tenant context but cannot be mutated by that tenant context.

      Parameters:
      permission - the permission to validate mutability for
      contextInfo - context information surrounding multitenant state
      Throws:
      com.broadleafcommerce.data.tracking.core.exception.InvalidContextRequestException - if the permission is not mutable from the current context

    • validateDelete

      public void validateDelete(P permission, org.springframework.validation.Errors errors, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
      Description copied from interface: AdminPermissionContextValidator
      Validates a delete operation is allowed in the current context.
      Specified by:
      validateDelete in interface AdminPermissionContextValidator<P extends AdminPermission>
      Parameters:
      permission - The permission being deleted to validate
      errors - An errors object bound to the permission to be validated
      contextInfo - The current context

    • isMutableFromContext

      public boolean isMutableFromContext(P permission, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
      Description copied from interface: AdminPermissionContextValidator
      Returns whether or not the given entity is mutable from the given context.
      Specified by:
      isMutableFromContext in interface AdminPermissionContextValidator<P extends AdminPermission>
      Parameters:
      permission - the entity whose mutability should be checked
      contextInfo - the context in which mutability should be checked
      Returns:
      true if the entity is mutable from the given context, false otherwise

    • getTypeFactory

      protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory()

    • getAdminPermissionService

      protected AdminPermissionService<P> getAdminPermissionService()

    • getPolicyUtils

      @Nullable protected com.broadleafcommerce.data.tracking.core.policy.PolicyUtils getPolicyUtils()