Class DefaultItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
java.lang.Object
com.broadleafcommerce.cartoperation.service.DefaultItemListSecurityService<R>
- All Implemented Interfaces:
ItemListSecurityService<R>
public class DefaultItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
extends Object
implements ItemListSecurityService<R>
Default implementation of an item list security service. Supports the roles defined in
DefaultItemListAccessRuleRole
.- Author:
- Jacob Mitash
-
Constructor Summary
ConstructorDescriptionDefaultItemListSecurityService
(com.broadleafcommerce.common.extension.TypeFactory typeFactory, ItemListAccessRuleProvider<R> ruleProvider, CartOperationServiceProperties properties) -
Method Summary
Modifier and TypeMethodDescriptionvoid
assertDeleteAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can delete a given list.void
assertEditAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can edit a given list.void
assertShareAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef sharer, @NonNull ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can share a given list.void
assertViewAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can view a given list.protected R
createOwnerAccessRule
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId) Creates an owner type of access rule for the given item list.createSharedAccessRules
(@NonNull ShareItemListRequest shareRequest) Creates shared access rules based off of a share request.protected com.broadleafcommerce.cart.client.domain.ItemListAccessResponse
filterAccessByRoles
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, @NonNull Set<String> roles, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Based on the provided list ofItemList
ids & roles, determines which ItemLists the customer has access tocom.broadleafcommerce.cart.client.domain.ItemListAccessResponse
filterDeleteAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rulescom.broadleafcommerce.cart.client.domain.ItemListAccessResponse
filterEditAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rulescom.broadleafcommerce.cart.client.domain.ItemListAccessResponse
filterViewAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rulesorg.springframework.data.domain.Page<R>
getAccessibleRules
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, org.springframework.data.domain.Pageable pageable, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Gets a page of acceesible access rules for a customer.getRule
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Gets the rule for a customer to a specific item list.protected ItemListAccessRuleProvider<R>
protected com.broadleafcommerce.common.extension.TypeFactory
grantOwnership
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Grants ownership of an item list to the given customer.boolean
hasDeleteAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to delete an item list.boolean
hasEditAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to edit an item list.boolean
hasShareAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to share an item list.boolean
hasViewAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to view an item list.protected R
Creates a new item list access rule instance.share
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef sharer, @NonNull ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Share an item list with other users.
-
Constructor Details
-
DefaultItemListSecurityService
public DefaultItemListSecurityService(com.broadleafcommerce.common.extension.TypeFactory typeFactory, ItemListAccessRuleProvider<R> ruleProvider, CartOperationServiceProperties properties)
-
-
Method Details
-
getAccessibleRules
public org.springframework.data.domain.Page<R> getAccessibleRules(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @Nullable org.springframework.data.domain.Pageable pageable, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Description copied from interface:ItemListSecurityService
Gets a page of acceesible access rules for a customer.- Specified by:
getAccessibleRules
in interfaceItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
- Parameters:
customerRef
- the customer to find access rules forpageable
- the requested page of access rulescontext
- the context of the request- Returns:
- a page of access rules
-
grantOwnership
public R grantOwnership(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Description copied from interface:ItemListSecurityService
Grants ownership of an item list to the given customer. Essentially creates a new access rule of the "owner" type.- Specified by:
grantOwnership
in interfaceItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
- Parameters:
customerRef
- the reference to the customer to grant ownership foritemListId
- the list to grant access tocontext
- the context of the request- Returns:
- the newly created item rule
-
hasViewAccess
public boolean hasViewAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Description copied from interface:ItemListSecurityService
Tells if the given customer has access to view an item list.- Specified by:
hasViewAccess
in interfaceItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
- Parameters:
customerRef
- the reference to the customer to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Returns:
- whether the user can view the item list or not
-
hasEditAccess
public boolean hasEditAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Description copied from interface:ItemListSecurityService
Tells if the given customer has access to edit an item list.- Specified by:
hasEditAccess
in interfaceItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
- Parameters:
customerRef
- the reference to the customer to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Returns:
- whether the user can edit the item list or not
-
hasDeleteAccess
public boolean hasDeleteAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Description copied from interface:ItemListSecurityService
Tells if the given customer has access to delete an item list.- Specified by:
hasDeleteAccess
in interfaceItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
- Parameters:
customerRef
- the reference to the customer to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Returns:
- whether the user can edit the item list or not
-
filterViewAccess
public com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterViewAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Description copied from interface:ItemListSecurityService
Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules- Specified by:
filterViewAccess
in interfaceItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
- Parameters:
customerRef
- the reference to the customer to test access foritemListIds
- the list of item list ids to checkcontext
- the context of the request- Returns:
- two lists, accessible and inaccessible item list ids
-
filterEditAccess
public com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterEditAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Description copied from interface:ItemListSecurityService
Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules- Specified by:
filterEditAccess
in interfaceItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
- Parameters:
customerRef
- the reference to the customer to test access foritemListIds
- the list of item list ids to checkcontext
- the context of the request- Returns:
- two lists, accessible and inaccessible item list ids
-
filterDeleteAccess
public com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterDeleteAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Description copied from interface:ItemListSecurityService
Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules- Specified by:
filterDeleteAccess
in interfaceItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
- Parameters:
customerRef
- the reference to the customer to test access foritemListIds
- the list of item list ids to checkcontext
- the context of the request- Returns:
- two lists, accessible and inaccessible item list ids
-
assertViewAccess
public void assertViewAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Description copied from interface:ItemListSecurityService
Asserts that the customer can view a given list.- Specified by:
assertViewAccess
in interfaceItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
- Parameters:
customerRef
- the customer reference to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request
-
assertEditAccess
public void assertEditAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Description copied from interface:ItemListSecurityService
Asserts that the customer can edit a given list.- Specified by:
assertEditAccess
in interfaceItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
- Parameters:
customerRef
- the customer reference to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request
-
assertDeleteAccess
public void assertDeleteAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Description copied from interface:ItemListSecurityService
Asserts that the customer can delete a given list.- Specified by:
assertDeleteAccess
in interfaceItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
- Parameters:
customerRef
- the customer reference to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request
-
createOwnerAccessRule
protected R createOwnerAccessRule(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId) Creates an owner type of access rule for the given item list. Typically used upon creation of an item list or re-assignment of the owner of an item list.- Parameters:
customerRef
- the reference to the (new) owning customeritemListId
- the item list ID to grant access to- Returns:
- a populated item list access rule representing the ownership of the item list
-
getRule
protected Optional<R> getRule(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Gets the rule for a customer to a specific item list.- Parameters:
customerRef
- a reference ot the customer to find an access rule foritemListId
- the ID of the item list to get an access rule forcontext
- the context of the request- Returns:
- an access rule for the given customer to the given list, or empty if none was found
-
newItemListAccessRule
Creates a new item list access rule instance.- Returns:
- a new item list access rule instance
-
filterAccessByRoles
protected com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterAccessByRoles(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @NonNull @NonNull Set<String> roles, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Based on the provided list ofItemList
ids & roles, determines which ItemLists the customer has access to- Parameters:
customerRef
- the customer to check access foritemListIds
- the list of item list ids to checkroles
- the access roles we want to verifycontext
- the context of the request- Returns:
- two lists, accessible and inaccessible item list ids
-
getTypeFactory
protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory() -
getRuleProvider
-
getSecurityProps
-