DefaultItemListSecurityService (Broadleaf Cart Operation Services 1.6.0-GA API)

java.lang.Object
- com.broadleafcommerce.cartoperation.service.DefaultItemListSecurityService<R>

All Implemented Interfaces:

ItemListSecurityService<R>
```
public class DefaultItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
extends Object
implements ItemListSecurityService<R>
```
Default implementation of an item list security service. Supports the roles defined in DefaultItemListAccessRuleRole.

Author:

Jacob Mitash

Constructor Summary

Constructors
Constructor and Description
`DefaultItemListSecurityService(com.broadleafcommerce.common.extension.TypeFactory typeFactory, ItemListAccessRuleProvider<R> ruleProvider, CartOperationServiceProperties properties)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`assertDeleteAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Asserts that the customer can delete a given list.
`void`	`assertEditAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Asserts that the customer can edit a given list.
`void`	`assertShareAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef sharer, @NonNull ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Asserts that the customer can share a given list.
`void`	`assertViewAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Asserts that the customer can view a given list.
`protected R`	`createOwnerAccessRule(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull String itemListId)` Creates an owner type of access rule for the given item list.
`protected List<R>`	`createSharedAccessRules(@NonNull ShareItemListRequest shareRequest)` Creates shared access rules based off of a share request.
`protected com.broadleafcommerce.cart.client.domain.ItemListAccessResponse`	`filterAccessByRoles(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, @NonNull Set<String> roles, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Based on the provided list of `ItemList` ids & roles, determines which ItemLists the customer has access to
`com.broadleafcommerce.cart.client.domain.ItemListAccessResponse`	`filterDeleteAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules
`com.broadleafcommerce.cart.client.domain.ItemListAccessResponse`	`filterEditAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules
`com.broadleafcommerce.cart.client.domain.ItemListAccessResponse`	`filterViewAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules
`org.springframework.data.domain.Page<R>`	`getAccessibleRules(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, org.springframework.data.domain.Pageable pageable, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Gets a page of acceesible access rules for a customer.
`protected Optional<R>`	`getRule(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Gets the rule for a customer to a specific item list.
`protected ItemListAccessRuleProvider<R>`	`getRuleProvider()`
`protected CartOperationServiceProperties.ItemListSecurity`	`getSecurityProps()`
`protected com.broadleafcommerce.common.extension.TypeFactory`	`getTypeFactory()`
`R`	`grantOwnership(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Grants ownership of an item list to the given customer.
`boolean`	`hasDeleteAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Tells if the given customer has access to delete an item list.
`boolean`	`hasEditAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Tells if the given customer has access to edit an item list.
`boolean`	`hasShareAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Tells if the given customer has access to share an item list.
`boolean`	`hasViewAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Tells if the given customer has access to view an item list.
`protected R`	`newItemListAccessRule()` Creates a new item list access rule instance.
`List<R>`	`share(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef sharer, @NonNull ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)` Share an item list with other users.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultItemListSecurityService

public DefaultItemListSecurityService(com.broadleafcommerce.common.extension.TypeFactory typeFactory,
                                      ItemListAccessRuleProvider<R> ruleProvider,
                                      CartOperationServiceProperties properties)

Method Detail

getAccessibleRules

public org.springframework.data.domain.Page<R> getAccessibleRules(@NonNull
                                                                  @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                                                                  @Nullable
                                                                  org.springframework.data.domain.Pageable pageable,
                                                                  @Nullable
                                                                  com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Description copied from interface: ItemListSecurityService

Gets a page of acceesible access rules for a customer.

Specified by:: getAccessibleRules in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
Parameters:: customerRef - the customer to find access rules for; pageable - the requested page of access rules; context - the context of the request
Returns:: a page of access rules

grantOwnership
```
public R grantOwnership(@NonNull
                        @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                        @NonNull
                        @NonNull String itemListId,
                        @Nullable
                        com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
```
Description copied from interface: ItemListSecurityService

Grants ownership of an item list to the given customer. Essentially creates a new access rule of the "owner" type.

Specified by:

grantOwnership in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

Parameters:

customerRef - the reference to the customer to grant ownership for

itemListId - the list to grant access to

context - the context of the request

Returns:

the newly created item rule

share
```
public List<R> share(@NonNull
                     @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef sharer,
                     @NonNull
                     @NonNull ShareItemListRequest shareRequest,
                     @Nullable
                     com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
```
Description copied from interface: ItemListSecurityService

Share an item list with other users.

Specified by:

share in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

Parameters:

sharer - the customer initiating the share request

shareRequest - the details of the request to share

context - the context of the request

Returns:

the newly created access rules

hasViewAccess
```
public boolean hasViewAccess(@NonNull
                             @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                             @NonNull
                             @NonNull String itemListId,
                             @Nullable
                             com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
```
Description copied from interface: ItemListSecurityService

Tells if the given customer has access to view an item list.

Specified by:

hasViewAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

Parameters:

customerRef - the reference to the customer to test access for

itemListId - the ID of the item list to test access to

context - the context of the request

Returns:

whether the user can view the item list or not

hasEditAccess
```
public boolean hasEditAccess(@NonNull
                             @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                             @NonNull
                             @NonNull String itemListId,
                             @Nullable
                             com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
```
Description copied from interface: ItemListSecurityService

Tells if the given customer has access to edit an item list.

Specified by:

hasEditAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

Parameters:

customerRef - the reference to the customer to test access for

itemListId - the ID of the item list to test access to

context - the context of the request

Returns:

whether the user can edit the item list or not

hasDeleteAccess
```
public boolean hasDeleteAccess(@NonNull
                               @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                               @NonNull
                               @NonNull String itemListId,
                               @Nullable
                               com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
```
Description copied from interface: ItemListSecurityService

Tells if the given customer has access to delete an item list.

Specified by:

hasDeleteAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

Parameters:

customerRef - the reference to the customer to test access for

itemListId - the ID of the item list to test access to

context - the context of the request

Returns:

whether the user can edit the item list or not

hasShareAccess
```
public boolean hasShareAccess(@NonNull
                              @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                              @NonNull
                              @NonNull ShareItemListRequest shareRequest,
                              @Nullable
                              com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
```
Description copied from interface: ItemListSecurityService

Tells if the given customer has access to share an item list.

Specified by:

hasShareAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

Parameters:

customerRef - the reference to the customer to test access for

shareRequest - the request that describes how and which item list should be shared

context - the context of the request

Returns:

whether the user can edit the item list or not

filterViewAccess

public com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterViewAccess(@NonNull
                                                                                        @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                                                                                        @NonNull
                                                                                        @NonNull Set<String> itemListIds,
                                                                                        @Nullable
                                                                                        com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Description copied from interface: ItemListSecurityService

Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules

Specified by:: filterViewAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
Parameters:: customerRef - the reference to the customer to test access for; itemListIds - the list of item list ids to check; context - the context of the request
Returns:: two lists, accessible and inaccessible item list ids

filterEditAccess

public com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterEditAccess(@NonNull
                                                                                        @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                                                                                        @NonNull
                                                                                        @NonNull Set<String> itemListIds,
                                                                                        @Nullable
                                                                                        com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Description copied from interface: ItemListSecurityService

Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules

Specified by:: filterEditAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
Parameters:: customerRef - the reference to the customer to test access for; itemListIds - the list of item list ids to check; context - the context of the request
Returns:: two lists, accessible and inaccessible item list ids

filterDeleteAccess

public com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterDeleteAccess(@NonNull
                                                                                          @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                                                                                          @NonNull
                                                                                          @NonNull Set<String> itemListIds,
                                                                                          @Nullable
                                                                                          com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Description copied from interface: ItemListSecurityService

Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules

Specified by:: filterDeleteAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
Parameters:: customerRef - the reference to the customer to test access for; itemListIds - the list of item list ids to check; context - the context of the request
Returns:: two lists, accessible and inaccessible item list ids

assertViewAccess
```
public void assertViewAccess(@NonNull
                             @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                             @NonNull
                             @NonNull String itemListId,
                             @Nullable
                             com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
```
Description copied from interface: ItemListSecurityService

Asserts that the customer can view a given list.

Specified by:

assertViewAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

Parameters:

customerRef - the customer reference to test access for

itemListId - the ID of the item list to test access to

context - the context of the request

assertEditAccess
```
public void assertEditAccess(@NonNull
                             @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                             @NonNull
                             @NonNull String itemListId,
                             @Nullable
                             com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
```
Description copied from interface: ItemListSecurityService

Asserts that the customer can edit a given list.

Specified by:

assertEditAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

Parameters:

customerRef - the customer reference to test access for

itemListId - the ID of the item list to test access to

context - the context of the request

assertDeleteAccess
```
public void assertDeleteAccess(@NonNull
                               @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                               @NonNull
                               @NonNull String itemListId,
                               @Nullable
                               com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
```
Description copied from interface: ItemListSecurityService

Asserts that the customer can delete a given list.

Specified by:

assertDeleteAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

Parameters:

customerRef - the customer reference to test access for

itemListId - the ID of the item list to test access to

context - the context of the request

assertShareAccess
```
public void assertShareAccess(@NonNull
                              @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef sharer,
                              @NonNull
                              @NonNull ShareItemListRequest shareRequest,
                              @Nullable
                              com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
```
Description copied from interface: ItemListSecurityService

Asserts that the customer can share a given list.

Specified by:

assertShareAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

Parameters:

sharer - the customer reference to test access for

shareRequest - the request to share the item list

context - the context of the request

createOwnerAccessRule
```
protected R createOwnerAccessRule(@NonNull
                                  @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                                  @NonNull
                                  @NonNull String itemListId)
```
Creates an owner type of access rule for the given item list. Typically used upon creation of an item list or re-assignment of the owner of an item list.

Parameters:

customerRef - the reference to the (new) owning customer

itemListId - the item list ID to grant access to

Returns:

a populated item list access rule representing the ownership of the item list

createSharedAccessRules
```
protected List<R> createSharedAccessRules(@NonNull
                                          @NonNull ShareItemListRequest shareRequest)
```
Creates shared access rules based off of a share request.

Parameters:

shareRequest - the share request to create backing access rules for

Returns:

a list of access rules expressing the request to share

getRule

protected Optional<R> getRule(@NonNull
                              @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                              @NonNull
                              @NonNull String itemListId,
                              @Nullable
                              com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Gets the rule for a customer to a specific item list.

Parameters:: customerRef - a reference ot the customer to find an access rule for; itemListId - the ID of the item list to get an access rule for; context - the context of the request
Returns:: an access rule for the given customer to the given list, or empty if none was found

newItemListAccessRule
```
protected R newItemListAccessRule()
```
Creates a new item list access rule instance.

Returns:

a new item list access rule instance

filterAccessByRoles

protected com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterAccessByRoles(@NonNull
                                                                                              @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                                                                                              @NonNull
                                                                                              @NonNull Set<String> itemListIds,
                                                                                              @NonNull
                                                                                              @NonNull Set<String> roles,
                                                                                              @Nullable
                                                                                              com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Based on the provided list of ItemList ids & roles, determines which ItemLists the customer has access to

Parameters:: customerRef - the customer to check access for; itemListIds - the list of item list ids to check; roles - the access roles we want to verify; context - the context of the request
Returns:: two lists, accessible and inaccessible item list ids

getTypeFactory

protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory()

getRuleProvider

protected ItemListAccessRuleProvider<R> getRuleProvider()

getSecurityProps

protected CartOperationServiceProperties.ItemListSecurity getSecurityProps()

Class DefaultItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

DefaultItemListSecurityService

Method Detail

getAccessibleRules

grantOwnership

share

hasViewAccess

hasEditAccess

hasDeleteAccess

hasShareAccess

filterViewAccess

filterEditAccess

filterDeleteAccess

assertViewAccess

assertEditAccess

assertDeleteAccess

assertShareAccess

createOwnerAccessRule

createSharedAccessRules

getRule

newItemListAccessRule

filterAccessByRoles

getTypeFactory

getRuleProvider

getSecurityProps