Interface AccountAncestorService

All Known Implementing Classes:
DefaultAccountAncestorService

public interface AccountAncestorService
Common functionality for evaluating account access
  • Method Details

    • getAccountAncestors

      List<String> getAccountAncestors(String accountId)
      Defers to CustomerAccountService.getAccountAncestors(String). Get a list of all parent accounts for the account with the given id. The returned list does not include the given account id.
      Parameters:
      accountId - The id of the account for which to lookup ancestors
      Returns:
      A list of ids of ancestors to the given account id.
    • getAllActiveAccountIdsForUser

      Set<String> getAllActiveAccountIdsForUser(User user)
      Get the set of account ids for all accounts where the user has an active AccountRole.
      Parameters:
      user - The current authenticated user.
      Returns:
      A set of ids for all accounts for which the user has an active role.
    • getAllActiveAccountRoleIdsForUser

      Set<String> getAllActiveAccountRoleIdsForUser(User user)
      Get the set of role ids for all of a user's active AccountRoles.
      Parameters:
      user - The current authenticated user.
      Returns:
      The set of active account role ids for all of a user's accounts.
    • getAllUserRolesForAccount

      Stream<AccountRole> getAllUserRolesForAccount(User user, String accountId)
      Gets all the user's AccountRoles given an accountId including inherited roles from ancestor accounts.
      Parameters:
      user - The user to find roles for.
      accountId - The account to find roles in.
      Returns:
      All the user's AccountRoles given an accountId including inherited roles from ancestor accounts.
    • userHasAccessToRequestedAccount

      boolean userHasAccessToRequestedAccount(String requestedAccountId, User user)
      Determine if the user has access to the given account or any parent of the given account. This also verifies that the requested account and its parents are active.
      Parameters:
      requestedAccountId - The account for which the user is requesting authorization.
      user - The current authenticated user.
      Returns:
      True if the user has an active role in the requested account or a parent of the requested account.