Interface AccountAncestorService
- All Known Implementing Classes:
DefaultAccountAncestorService
public interface AccountAncestorService
Common functionality for evaluating account access
-
Method Summary
Modifier and TypeMethodDescriptiongetAccountAncestors
(String accountId) Get the set of account ids for all accounts where the user has an activeAccountRole
.Get the set of role ids for all of a user's activeAccountRoles
.getAllUserRolesForAccount
(User user, String accountId) Gets all the user'sAccountRoles
given anaccountId
including inherited roles from ancestor accounts.boolean
userHasAccessToRequestedAccount
(String requestedAccountId, User user) Determine if the user has access to the given account or any parent of the given account.
-
Method Details
-
getAccountAncestors
Defers toCustomerAccountService.getAccountAncestors(String)
. Get a list of all parent accounts for the account with the given id. The returned list does not include the given account id.- Parameters:
accountId
- The id of the account for which to lookup ancestors- Returns:
- A list of ids of ancestors to the given account id.
-
getAllActiveAccountIdsForUser
Get the set of account ids for all accounts where the user has an activeAccountRole
.- Parameters:
user
- The current authenticated user.- Returns:
- A set of ids for all accounts for which the user has an active role.
-
getAllActiveAccountRoleIdsForUser
Get the set of role ids for all of a user's activeAccountRoles
.- Parameters:
user
- The current authenticated user.- Returns:
- The set of active account role ids for all of a user's accounts.
-
getAllUserRolesForAccount
Gets all the user'sAccountRoles
given anaccountId
including inherited roles from ancestor accounts.- Parameters:
user
- The user to find roles for.accountId
- The account to find roles in.- Returns:
- All the user's
AccountRoles
given anaccountId
including inherited roles from ancestor accounts.
-
userHasAccessToRequestedAccount
Determine if the user has access to the given account or any parent of the given account. This also verifies that the requested account and its parents are active.- Parameters:
requestedAccountId
- The account for which the user is requesting authorization.user
- The current authenticated user.- Returns:
- True if the user has an active role in the requested account or a parent of the requested account.
-