com.broadleafcommerce.cartoperation.service

Interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

All Known Implementing Classes:

DefaultItemListSecurityService

public interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

Manages security/access-control for item lists.

Author:

Jacob Mitash

Method Summary

Modifier and Type	Method and Description
void	assertDeleteAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can delete a given list.
void	assertEditAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can edit a given list.
void	assertShareAccess(com.broadleafcommerce.cart.client.domain.CustomerRef sharer, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can share a given list.
void	assertViewAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can view a given list.
com.broadleafcommerce.cart.client.domain.ItemListAccessResponse	filterDeleteAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules
com.broadleafcommerce.cart.client.domain.ItemListAccessResponse	filterEditAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules
com.broadleafcommerce.cart.client.domain.ItemListAccessResponse	filterViewAccess(@NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules
org.springframework.data.domain.Page<R>	getAccessibleRules(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, org.springframework.data.domain.Pageable pageable, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Gets a page of acceesible access rules for a customer.
R	grantOwnership(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Grants ownership of an item list to the given customer.
boolean	hasDeleteAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to delete an item list.
boolean	hasEditAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to edit an item list.
boolean	hasShareAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to share an item list.
boolean	hasViewAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to view an item list.
List<R>	share(com.broadleafcommerce.cart.client.domain.CustomerRef sharer, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Share an item list with other users.

Method Detail

getAccessibleRules

org.springframework.data.domain.Page<R> getAccessibleRules(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                                                           @Nullable
                                                           org.springframework.data.domain.Pageable pageable,
                                                           @Nullable
                                                           com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Gets a page of acceesible access rules for a customer.

Parameters:

customerRef - the customer to find access rules for

pageable - the requested page of access rules

context - the context of the request

Returns:

a page of access rules

grantOwnership

R grantOwnership(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                 String itemListId,
                 @Nullable
                 com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Grants ownership of an item list to the given customer. Essentially creates a new access rule of the "owner" type.

Parameters:

customerRef - the reference to the customer to grant ownership for

itemListId - the list to grant access to

context - the context of the request

Returns:

the newly created item rule

share

List<R> share(com.broadleafcommerce.cart.client.domain.CustomerRef sharer,
              ShareItemListRequest shareRequest,
              @Nullable
              com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Share an item list with other users.

Parameters:

sharer - the customer initiating the share request

shareRequest - the details of the request to share

context - the context of the request

Returns:

the newly created access rules

hasViewAccess

boolean hasViewAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                      String itemListId,
                      @Nullable
                      com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Tells if the given customer has access to view an item list.

Parameters:

customerRef - the reference to the customer to test access for

itemListId - the ID of the item list to test access to

context - the context of the request

Returns:

whether the user can view the item list or not

hasEditAccess

boolean hasEditAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                      String itemListId,
                      @Nullable
                      com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Tells if the given customer has access to edit an item list.

Parameters:

customerRef - the reference to the customer to test access for

itemListId - the ID of the item list to test access to

context - the context of the request

Returns:

whether the user can edit the item list or not

hasDeleteAccess

boolean hasDeleteAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                        String itemListId,
                        @Nullable
                        com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Tells if the given customer has access to delete an item list.

Parameters:

customerRef - the reference to the customer to test access for

itemListId - the ID of the item list to test access to

context - the context of the request

Returns:

whether the user can edit the item list or not

hasShareAccess

boolean hasShareAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                       ShareItemListRequest shareRequest,
                       @Nullable
                       com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Tells if the given customer has access to share an item list.

Parameters:

customerRef - the reference to the customer to test access for

shareRequest - the request that describes how and which item list should be shared

context - the context of the request

Returns:

whether the user can edit the item list or not

filterViewAccess

com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterViewAccess(@NonNull
                                                                                 @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                                                                                 @NonNull
                                                                                 @NonNull Set<String> itemListIds,
                                                                                 @Nullable
                                                                                 com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules

Parameters:

customerRef - the reference to the customer to test access for

itemListIds - the list of item list ids to check

context - the context of the request

Returns:

two lists, accessible and inaccessible item list ids

filterEditAccess

com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterEditAccess(@NonNull
                                                                                 @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                                                                                 @NonNull
                                                                                 @NonNull Set<String> itemListIds,
                                                                                 @Nullable
                                                                                 com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules

Parameters:

customerRef - the reference to the customer to test access for

itemListIds - the list of item list ids to check

context - the context of the request

Returns:

two lists, accessible and inaccessible item list ids

filterDeleteAccess

com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterDeleteAccess(@NonNull
                                                                                   @NonNull com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                                                                                   @NonNull
                                                                                   @NonNull Set<String> itemListIds,
                                                                                   @Nullable
                                                                                   com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules

Parameters:

customerRef - the reference to the customer to test access for

itemListIds - the list of item list ids to check

context - the context of the request

Returns:

two lists, accessible and inaccessible item list ids

assertViewAccess

void assertViewAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                      String itemListId,
                      @Nullable
                      com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Asserts that the customer can view a given list.

Parameters:

customerRef - the customer reference to test access for

itemListId - the ID of the item list to test access to

context - the context of the request

Throws:

com.broadleafcommerce.data.tracking.core.exception.NotPermittedException - if the customer is not authorized to view the list

assertEditAccess

void assertEditAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                      String itemListId,
                      @Nullable
                      com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Asserts that the customer can edit a given list.

Parameters:

customerRef - the customer reference to test access for

itemListId - the ID of the item list to test access to

context - the context of the request

Throws:

com.broadleafcommerce.data.tracking.core.exception.NotPermittedException - if the customer is not authorized to edit the list

assertDeleteAccess

void assertDeleteAccess(com.broadleafcommerce.cart.client.domain.CustomerRef customerRef,
                        String itemListId,
                        @Nullable
                        com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Asserts that the customer can delete a given list.

Parameters:

customerRef - the customer reference to test access for

itemListId - the ID of the item list to test access to

context - the context of the request

Throws:

com.broadleafcommerce.data.tracking.core.exception.NotPermittedException - if the customer is not authorized to delete the list

assertShareAccess

void assertShareAccess(com.broadleafcommerce.cart.client.domain.CustomerRef sharer,
                       ShareItemListRequest shareRequest,
                       @Nullable
                       com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

Asserts that the customer can share a given list.

Parameters:

sharer - the customer reference to test access for

shareRequest - the request to share the item list

context - the context of the request

Throws:

com.broadleafcommerce.data.tracking.core.exception.NotPermittedException - if the customer is not authorized to share the list