Package com.broadleafcommerce.cartoperation.service

Interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

  • All Known Implementing Classes:
    DefaultItemListSecurityService
    public interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
    Manages security/access-control for item lists.
    Author:
    Jacob Mitash

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      void assertDeleteAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Asserts that the customer can delete a given list.
      void assertEditAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Asserts that the customer can edit a given list.
      void assertShareAccess​(com.broadleafcommerce.order.common.domain.CustomerRef sharer, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Asserts that the customer can share a given list.
      void assertViewAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Asserts that the customer can view a given list.
      com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterDeleteAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules
      com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterEditAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules
      com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterViewAccess​(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules
      org.springframework.data.domain.Page<R> getAccessibleRules​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, org.springframework.data.domain.Pageable pageable, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Gets a page of acceesible access rules for a customer.
      R grantOwnership​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Grants ownership of an item list to the given customer.
      boolean hasDeleteAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Tells if the given customer has access to delete an item list.
      boolean hasEditAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Tells if the given customer has access to edit an item list.
      boolean hasShareAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Tells if the given customer has access to share an item list.
      boolean hasViewAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Tells if the given customer has access to view an item list.
      List<R> share​(com.broadleafcommerce.order.common.domain.CustomerRef sharer, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Share an item list with other users.

    • Method Detail

      • getAccessibleRules

        org.springframework.data.domain.Page<R> getAccessibleRules​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                                                           @Nullable
                                                           org.springframework.data.domain.Pageable pageable,
                                                           @Nullable
                                                           com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Gets a page of acceesible access rules for a customer.
        Parameters:
        customerRef - the customer to find access rules for
        pageable - the requested page of access rules
        context - the context of the request
        Returns:
        a page of access rules

      • grantOwnership

        R grantOwnership​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                 String itemListId,
                 @Nullable
                 com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Grants ownership of an item list to the given customer. Essentially creates a new access rule of the "owner" type.
        Parameters:
        customerRef - the reference to the customer to grant ownership for
        itemListId - the list to grant access to
        context - the context of the request
        Returns:
        the newly created item rule

      • share

        List<R> share​(com.broadleafcommerce.order.common.domain.CustomerRef sharer,
              ShareItemListRequest shareRequest,
              @Nullable
              com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Share an item list with other users.
        Parameters:
        sharer - the customer initiating the share request
        shareRequest - the details of the request to share
        context - the context of the request
        Returns:
        the newly created access rules

      • hasViewAccess

        boolean hasViewAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                      String itemListId,
                      @Nullable
                      com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Tells if the given customer has access to view an item list.
        Parameters:
        customerRef - the reference to the customer to test access for
        itemListId - the ID of the item list to test access to
        context - the context of the request
        Returns:
        whether the user can view the item list or not

      • hasEditAccess

        boolean hasEditAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                      String itemListId,
                      @Nullable
                      com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Tells if the given customer has access to edit an item list.
        Parameters:
        customerRef - the reference to the customer to test access for
        itemListId - the ID of the item list to test access to
        context - the context of the request
        Returns:
        whether the user can edit the item list or not

      • hasDeleteAccess

        boolean hasDeleteAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                        String itemListId,
                        @Nullable
                        com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Tells if the given customer has access to delete an item list.
        Parameters:
        customerRef - the reference to the customer to test access for
        itemListId - the ID of the item list to test access to
        context - the context of the request
        Returns:
        whether the user can edit the item list or not

      • hasShareAccess

        boolean hasShareAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                       ShareItemListRequest shareRequest,
                       @Nullable
                       com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Tells if the given customer has access to share an item list.
        Parameters:
        customerRef - the reference to the customer to test access for
        shareRequest - the request that describes how and which item list should be shared
        context - the context of the request
        Returns:
        whether the user can edit the item list or not

      • filterViewAccess

        com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterViewAccess​(@NonNull
                                                                                 @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                                                                                 @NonNull
                                                                                 @NonNull Set<String> itemListIds,
                                                                                 @Nullable
                                                                                 com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules
        Parameters:
        customerRef - the reference to the customer to test access for
        itemListIds - the list of item list ids to check
        context - the context of the request
        Returns:
        two lists, accessible and inaccessible item list ids

      • filterEditAccess

        com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterEditAccess​(@NonNull
                                                                                 @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                                                                                 @NonNull
                                                                                 @NonNull Set<String> itemListIds,
                                                                                 @Nullable
                                                                                 com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules
        Parameters:
        customerRef - the reference to the customer to test access for
        itemListIds - the list of item list ids to check
        context - the context of the request
        Returns:
        two lists, accessible and inaccessible item list ids

      • filterDeleteAccess

        com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterDeleteAccess​(@NonNull
                                                                                   @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                                                                                   @NonNull
                                                                                   @NonNull Set<String> itemListIds,
                                                                                   @Nullable
                                                                                   com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules
        Parameters:
        customerRef - the reference to the customer to test access for
        itemListIds - the list of item list ids to check
        context - the context of the request
        Returns:
        two lists, accessible and inaccessible item list ids

      • assertViewAccess

        void assertViewAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                      String itemListId,
                      @Nullable
                      com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Asserts that the customer can view a given list.
        Parameters:
        customerRef - the customer reference to test access for
        itemListId - the ID of the item list to test access to
        context - the context of the request
        Throws:
        com.broadleafcommerce.data.tracking.core.exception.NotPermittedException - if the customer is not authorized to view the list

      • assertEditAccess

        void assertEditAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                      String itemListId,
                      @Nullable
                      com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Asserts that the customer can edit a given list.
        Parameters:
        customerRef - the customer reference to test access for
        itemListId - the ID of the item list to test access to
        context - the context of the request
        Throws:
        com.broadleafcommerce.data.tracking.core.exception.NotPermittedException - if the customer is not authorized to edit the list

      • assertDeleteAccess

        void assertDeleteAccess​(com.broadleafcommerce.order.common.domain.CustomerRef customerRef,
                        String itemListId,
                        @Nullable
                        com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Asserts that the customer can delete a given list.
        Parameters:
        customerRef - the customer reference to test access for
        itemListId - the ID of the item list to test access to
        context - the context of the request
        Throws:
        com.broadleafcommerce.data.tracking.core.exception.NotPermittedException - if the customer is not authorized to delete the list

      • assertShareAccess

        void assertShareAccess​(com.broadleafcommerce.order.common.domain.CustomerRef sharer,
                       ShareItemListRequest shareRequest,
                       @Nullable
                       com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
        Asserts that the customer can share a given list.
        Parameters:
        sharer - the customer reference to test access for
        shareRequest - the request to share the item list
        context - the context of the request
        Throws:
        com.broadleafcommerce.data.tracking.core.exception.NotPermittedException - if the customer is not authorized to share the list