Interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
-
- All Known Implementing Classes:
DefaultItemListSecurityService
public interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
Manages security/access-control for item lists.- Author:
- Jacob Mitash
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
assertDeleteAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Asserts that the customer can delete a given list.void
assertEditAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Asserts that the customer can edit a given list.void
assertShareAccess(com.broadleafcommerce.order.common.domain.CustomerRef sharer, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Asserts that the customer can share a given list.void
assertViewAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Asserts that the customer can view a given list.com.broadleafcommerce.cart.client.domain.ItemListAccessResponse
filterDeleteAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rulescom.broadleafcommerce.cart.client.domain.ItemListAccessResponse
filterEditAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rulescom.broadleafcommerce.cart.client.domain.ItemListAccessResponse
filterViewAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rulesorg.springframework.data.domain.Page<R>
getAccessibleRules(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, org.springframework.data.domain.Pageable pageable, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Gets a page of acceesible access rules for a customer.R
grantOwnership(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Grants ownership of an item list to the given customer.boolean
hasDeleteAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Tells if the given customer has access to delete an item list.boolean
hasEditAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Tells if the given customer has access to edit an item list.boolean
hasShareAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Tells if the given customer has access to share an item list.boolean
hasViewAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Tells if the given customer has access to view an item list.List<R>
share(com.broadleafcommerce.order.common.domain.CustomerRef sharer, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Share an item list with other users.
-
-
-
Method Detail
-
getAccessibleRules
org.springframework.data.domain.Page<R> getAccessibleRules(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @Nullable org.springframework.data.domain.Pageable pageable, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Gets a page of acceesible access rules for a customer.- Parameters:
customerRef
- the customer to find access rules forpageable
- the requested page of access rulescontext
- the context of the request- Returns:
- a page of access rules
-
grantOwnership
R grantOwnership(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Grants ownership of an item list to the given customer. Essentially creates a new access rule of the "owner" type.- Parameters:
customerRef
- the reference to the customer to grant ownership foritemListId
- the list to grant access tocontext
- the context of the request- Returns:
- the newly created item rule
-
share
List<R> share(com.broadleafcommerce.order.common.domain.CustomerRef sharer, ShareItemListRequest shareRequest, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Share an item list with other users.- Parameters:
sharer
- the customer initiating the share requestshareRequest
- the details of the request to sharecontext
- the context of the request- Returns:
- the newly created access rules
-
hasViewAccess
boolean hasViewAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Tells if the given customer has access to view an item list.- Parameters:
customerRef
- the reference to the customer to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Returns:
- whether the user can view the item list or not
-
hasEditAccess
boolean hasEditAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Tells if the given customer has access to edit an item list.- Parameters:
customerRef
- the reference to the customer to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Returns:
- whether the user can edit the item list or not
-
hasDeleteAccess
boolean hasDeleteAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Tells if the given customer has access to delete an item list.- Parameters:
customerRef
- the reference to the customer to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Returns:
- whether the user can edit the item list or not
-
hasShareAccess
boolean hasShareAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, ShareItemListRequest shareRequest, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Tells if the given customer has access to share an item list.- Parameters:
customerRef
- the reference to the customer to test access forshareRequest
- the request that describes how and which item list should be sharedcontext
- the context of the request- Returns:
- whether the user can edit the item list or not
-
filterViewAccess
com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterViewAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules- Parameters:
customerRef
- the reference to the customer to test access foritemListIds
- the list of item list ids to checkcontext
- the context of the request- Returns:
- two lists, accessible and inaccessible item list ids
-
filterEditAccess
com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterEditAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules- Parameters:
customerRef
- the reference to the customer to test access foritemListIds
- the list of item list ids to checkcontext
- the context of the request- Returns:
- two lists, accessible and inaccessible item list ids
-
filterDeleteAccess
com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterDeleteAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules- Parameters:
customerRef
- the reference to the customer to test access foritemListIds
- the list of item list ids to checkcontext
- the context of the request- Returns:
- two lists, accessible and inaccessible item list ids
-
assertViewAccess
void assertViewAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Asserts that the customer can view a given list.- Parameters:
customerRef
- the customer reference to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Throws:
com.broadleafcommerce.data.tracking.core.exception.NotPermittedException
- if the customer is not authorized to view the list
-
assertEditAccess
void assertEditAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Asserts that the customer can edit a given list.- Parameters:
customerRef
- the customer reference to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Throws:
com.broadleafcommerce.data.tracking.core.exception.NotPermittedException
- if the customer is not authorized to edit the list
-
assertDeleteAccess
void assertDeleteAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Asserts that the customer can delete a given list.- Parameters:
customerRef
- the customer reference to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Throws:
com.broadleafcommerce.data.tracking.core.exception.NotPermittedException
- if the customer is not authorized to delete the list
-
assertShareAccess
void assertShareAccess(com.broadleafcommerce.order.common.domain.CustomerRef sharer, ShareItemListRequest shareRequest, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
Asserts that the customer can share a given list.- Parameters:
sharer
- the customer reference to test access forshareRequest
- the request to share the item listcontext
- the context of the request- Throws:
com.broadleafcommerce.data.tracking.core.exception.NotPermittedException
- if the customer is not authorized to share the list
-
-