Package com.broadleafcommerce.cartoperation.service

Class DefaultItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

  • All Implemented Interfaces:
    ItemListSecurityService<R>
    public class DefaultItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
extends Object
implements ItemListSecurityService<R>
    Default implementation of an item list security service. Supports the roles defined in DefaultItemListAccessRuleRole.
    Author:
    Jacob Mitash

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void assertDeleteAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Asserts that the customer can delete a given list.
      void assertEditAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Asserts that the customer can edit a given list.
      void assertShareAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef sharer, @NonNull ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Asserts that the customer can share a given list.
      void assertViewAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Asserts that the customer can view a given list.
      protected R createOwnerAccessRule​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId)
      Creates an owner type of access rule for the given item list.
      protected List<R> createSharedAccessRules​(@NonNull ShareItemListRequest shareRequest)
      Creates shared access rules based off of a share request.
      protected com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterAccessByRoles​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, @NonNull Set<String> roles, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Based on the provided list of ItemList ids & roles, determines which ItemLists the customer has access to
      com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterDeleteAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules
      com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterEditAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules
      com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterViewAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules
      org.springframework.data.domain.Page<R> getAccessibleRules​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, org.springframework.data.domain.Pageable pageable, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Gets a page of acceesible access rules for a customer.
      protected Optional<R> getRule​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Gets the rule for a customer to a specific item list.
      protected ItemListAccessRuleProvider<R> getRuleProvider()  
      protected CartOperationServiceProperties.ItemListSecurity getSecurityProps()  
      protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory()  
      R grantOwnership​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Grants ownership of an item list to the given customer.
      boolean hasDeleteAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Tells if the given customer has access to delete an item list.
      boolean hasEditAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Tells if the given customer has access to edit an item list.
      boolean hasShareAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Tells if the given customer has access to share an item list.
      boolean hasViewAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Tells if the given customer has access to view an item list.
      protected R newItemListAccessRule()
      Creates a new item list access rule instance.
      List<R> share​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef sharer, @NonNull ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Share an item list with other users.

    • Method Detail

      • getAccessibleRules

        public org.springframework.data.domain.Page<R> getAccessibleRules​(@NonNull
                                                                  @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                                                                  @Nullable
                                                                  org.springframework.data.domain.Pageable pageable,
                                                                  @Nullable
                                                                  com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Gets a page of acceesible access rules for a customer.
        Specified by:
        getAccessibleRules in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        customerRef - the customer to find access rules for
        pageable - the requested page of access rules
        context - the context of the request
        Returns:
        a page of access rules

      • grantOwnership

        public R grantOwnership​(@NonNull
                        @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                        @NonNull
                        @NonNull String itemListId,
                        @Nullable
                        com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Grants ownership of an item list to the given customer. Essentially creates a new access rule of the "owner" type.
        Specified by:
        grantOwnership in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        customerRef - the reference to the customer to grant ownership for
        itemListId - the list to grant access to
        context - the context of the request
        Returns:
        the newly created item rule

      • share

        public List<R> share​(@NonNull
                     @NonNull com.broadleafcommerce.order.common.domain.CustomerRef sharer,
                     @NonNull
                     @NonNull ShareItemListRequest shareRequest,
                     @Nullable
                     com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Share an item list with other users.
        Specified by:
        share in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        sharer - the customer initiating the share request
        shareRequest - the details of the request to share
        context - the context of the request
        Returns:
        the newly created access rules

      • hasViewAccess

        public boolean hasViewAccess​(@NonNull
                             @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                             @NonNull
                             @NonNull String itemListId,
                             @Nullable
                             com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Tells if the given customer has access to view an item list.
        Specified by:
        hasViewAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        customerRef - the reference to the customer to test access for
        itemListId - the ID of the item list to test access to
        context - the context of the request
        Returns:
        whether the user can view the item list or not

      • hasEditAccess

        public boolean hasEditAccess​(@NonNull
                             @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                             @NonNull
                             @NonNull String itemListId,
                             @Nullable
                             com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Tells if the given customer has access to edit an item list.
        Specified by:
        hasEditAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        customerRef - the reference to the customer to test access for
        itemListId - the ID of the item list to test access to
        context - the context of the request
        Returns:
        whether the user can edit the item list or not

      • hasDeleteAccess

        public boolean hasDeleteAccess​(@NonNull
                               @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                               @NonNull
                               @NonNull String itemListId,
                               @Nullable
                               com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Tells if the given customer has access to delete an item list.
        Specified by:
        hasDeleteAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        customerRef - the reference to the customer to test access for
        itemListId - the ID of the item list to test access to
        context - the context of the request
        Returns:
        whether the user can edit the item list or not

      • hasShareAccess

        public boolean hasShareAccess​(@NonNull
                              @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                              @NonNull
                              @NonNull ShareItemListRequest shareRequest,
                              @Nullable
                              com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Tells if the given customer has access to share an item list.
        Specified by:
        hasShareAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        customerRef - the reference to the customer to test access for
        shareRequest - the request that describes how and which item list should be shared
        context - the context of the request
        Returns:
        whether the user can edit the item list or not

      • filterViewAccess

        public com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterViewAccess​(@NonNull
                                                                                        @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                                                                                        @NonNull
                                                                                        @NonNull Set<String> itemListIds,
                                                                                        @Nullable
                                                                                        com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules
        Specified by:
        filterViewAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        customerRef - the reference to the customer to test access for
        itemListIds - the list of item list ids to check
        context - the context of the request
        Returns:
        two lists, accessible and inaccessible item list ids

      • filterEditAccess

        public com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterEditAccess​(@NonNull
                                                                                        @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                                                                                        @NonNull
                                                                                        @NonNull Set<String> itemListIds,
                                                                                        @Nullable
                                                                                        com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules
        Specified by:
        filterEditAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        customerRef - the reference to the customer to test access for
        itemListIds - the list of item list ids to check
        context - the context of the request
        Returns:
        two lists, accessible and inaccessible item list ids

      • filterDeleteAccess

        public com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterDeleteAccess​(@NonNull
                                                                                          @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                                                                                          @NonNull
                                                                                          @NonNull Set<String> itemListIds,
                                                                                          @Nullable
                                                                                          com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules
        Specified by:
        filterDeleteAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        customerRef - the reference to the customer to test access for
        itemListIds - the list of item list ids to check
        context - the context of the request
        Returns:
        two lists, accessible and inaccessible item list ids

      • assertViewAccess

        public void assertViewAccess​(@NonNull
                             @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                             @NonNull
                             @NonNull String itemListId,
                             @Nullable
                             com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Asserts that the customer can view a given list.
        Specified by:
        assertViewAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        customerRef - the customer reference to test access for
        itemListId - the ID of the item list to test access to
        context - the context of the request

      • assertEditAccess

        public void assertEditAccess​(@NonNull
                             @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                             @NonNull
                             @NonNull String itemListId,
                             @Nullable
                             com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Asserts that the customer can edit a given list.
        Specified by:
        assertEditAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        customerRef - the customer reference to test access for
        itemListId - the ID of the item list to test access to
        context - the context of the request

      • assertDeleteAccess

        public void assertDeleteAccess​(@NonNull
                               @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                               @NonNull
                               @NonNull String itemListId,
                               @Nullable
                               com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Asserts that the customer can delete a given list.
        Specified by:
        assertDeleteAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        customerRef - the customer reference to test access for
        itemListId - the ID of the item list to test access to
        context - the context of the request

      • assertShareAccess

        public void assertShareAccess​(@NonNull
                              @NonNull com.broadleafcommerce.order.common.domain.CustomerRef sharer,
                              @NonNull
                              @NonNull ShareItemListRequest shareRequest,
                              @Nullable
                              com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Description copied from interface: ItemListSecurityService
        Asserts that the customer can share a given list.
        Specified by:
        assertShareAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
        Parameters:
        sharer - the customer reference to test access for
        shareRequest - the request to share the item list
        context - the context of the request

      • createOwnerAccessRule

        protected R createOwnerAccessRule​(@NonNull
                                  @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                                  @NonNull
                                  @NonNull String itemListId)
        Creates an owner type of access rule for the given item list. Typically used upon creation of an item list or re-assignment of the owner of an item list.
        Parameters:
        customerRef - the reference to the (new) owning customer
        itemListId - the item list ID to grant access to
        Returns:
        a populated item list access rule representing the ownership of the item list

      • createSharedAccessRules

        protected List<R> createSharedAccessRules​(@NonNull
                                          @NonNull ShareItemListRequest shareRequest)
        Creates shared access rules based off of a share request.
        Parameters:
        shareRequest - the share request to create backing access rules for
        Returns:
        a list of access rules expressing the request to share

      • getRule

        protected Optional<R> getRule​(@NonNull
                              @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                              @NonNull
                              @NonNull String itemListId,
                              @Nullable
                              com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Gets the rule for a customer to a specific item list.
        Parameters:
        customerRef - a reference ot the customer to find an access rule for
        itemListId - the ID of the item list to get an access rule for
        context - the context of the request
        Returns:
        an access rule for the given customer to the given list, or empty if none was found

      • newItemListAccessRule

        protected R newItemListAccessRule()
        Creates a new item list access rule instance.
        Returns:
        a new item list access rule instance

      • filterAccessByRoles

        protected com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterAccessByRoles​(@NonNull
                                                                                              @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                                                                                              @NonNull
                                                                                              @NonNull Set<String> itemListIds,
                                                                                              @NonNull
                                                                                              @NonNull Set<String> roles,
                                                                                              @Nullable
                                                                                              com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Based on the provided list of ItemList ids & roles, determines which ItemLists the customer has access to
        Parameters:
        customerRef - the customer to check access for
        itemListIds - the list of item list ids to check
        roles - the access roles we want to verify
        context - the context of the request
        Returns:
        two lists, accessible and inaccessible item list ids

      • getTypeFactory

        protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory()