Class DefaultItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

java.lang.Object
com.broadleafcommerce.cartoperation.service.DefaultItemListSecurityService<R>
All Implemented Interfaces:
ItemListSecurityService<R>

public class DefaultItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule> extends Object implements ItemListSecurityService<R>
Default implementation of an item list security service. Supports the roles defined in DefaultItemListAccessRuleRole.
Author:
Jacob Mitash
  • Constructor Summary

    Constructors
    Constructor
    Description
    DefaultItemListSecurityService(com.broadleafcommerce.common.extension.TypeFactory typeFactory, ItemListAccessRuleProvider<R> ruleProvider, CartOperationServiceProperties properties)
     
  • Method Summary

    Modifier and Type
    Method
    Description
    void
    assertDeleteAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Asserts that the customer can delete a given list.
    void
    assertEditAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Asserts that the customer can edit a given list.
    void
    assertShareAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef sharer, @NonNull ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Asserts that the customer can share a given list.
    void
    assertViewAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Asserts that the customer can view a given list.
    protected R
    createOwnerAccessRule(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId)
    Creates an owner type of access rule for the given item list.
    protected List<R>
    Creates shared access rules based off of a share request.
    protected com.broadleafcommerce.cart.client.domain.ItemListAccessResponse
    filterAccessByRoles(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, @NonNull Set<String> roles, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Based on the provided list of ItemList ids & roles, determines which ItemLists the customer has access to
    com.broadleafcommerce.cart.client.domain.ItemListAccessResponse
    filterDeleteAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules
    com.broadleafcommerce.cart.client.domain.ItemListAccessResponse
    filterEditAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules
    com.broadleafcommerce.cart.client.domain.ItemListAccessResponse
    filterViewAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules
    org.springframework.data.domain.Page<R>
    getAccessibleRules(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, org.springframework.data.domain.Pageable pageable, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Gets a page of acceesible access rules for a customer.
    protected Optional<R>
    getRule(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Gets the rule for a customer to a specific item list.
     
     
    protected com.broadleafcommerce.common.extension.TypeFactory
     
    grantOwnership(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Grants ownership of an item list to the given customer.
    boolean
    hasDeleteAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Tells if the given customer has access to delete an item list.
    boolean
    hasEditAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Tells if the given customer has access to edit an item list.
    boolean
    hasShareAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Tells if the given customer has access to share an item list.
    boolean
    hasViewAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Tells if the given customer has access to view an item list.
    protected R
    Creates a new item list access rule instance.
    share(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef sharer, @NonNull ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Share an item list with other users.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

  • Method Details

    • getAccessibleRules

      public org.springframework.data.domain.Page<R> getAccessibleRules(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @Nullable org.springframework.data.domain.Pageable pageable, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Gets a page of acceesible access rules for a customer.
      Specified by:
      getAccessibleRules in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      customerRef - the customer to find access rules for
      pageable - the requested page of access rules
      context - the context of the request
      Returns:
      a page of access rules
    • grantOwnership

      public R grantOwnership(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Grants ownership of an item list to the given customer. Essentially creates a new access rule of the "owner" type.
      Specified by:
      grantOwnership in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      customerRef - the reference to the customer to grant ownership for
      itemListId - the list to grant access to
      context - the context of the request
      Returns:
      the newly created item rule
    • share

      public List<R> share(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef sharer, @NonNull @NonNull ShareItemListRequest shareRequest, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Share an item list with other users.
      Specified by:
      share in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      sharer - the customer initiating the share request
      shareRequest - the details of the request to share
      context - the context of the request
      Returns:
      the newly created access rules
    • hasViewAccess

      public boolean hasViewAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Tells if the given customer has access to view an item list.
      Specified by:
      hasViewAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      customerRef - the reference to the customer to test access for
      itemListId - the ID of the item list to test access to
      context - the context of the request
      Returns:
      whether the user can view the item list or not
    • hasEditAccess

      public boolean hasEditAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Tells if the given customer has access to edit an item list.
      Specified by:
      hasEditAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      customerRef - the reference to the customer to test access for
      itemListId - the ID of the item list to test access to
      context - the context of the request
      Returns:
      whether the user can edit the item list or not
    • hasDeleteAccess

      public boolean hasDeleteAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Tells if the given customer has access to delete an item list.
      Specified by:
      hasDeleteAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      customerRef - the reference to the customer to test access for
      itemListId - the ID of the item list to test access to
      context - the context of the request
      Returns:
      whether the user can edit the item list or not
    • hasShareAccess

      public boolean hasShareAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull ShareItemListRequest shareRequest, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Tells if the given customer has access to share an item list.
      Specified by:
      hasShareAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      customerRef - the reference to the customer to test access for
      shareRequest - the request that describes how and which item list should be shared
      context - the context of the request
      Returns:
      whether the user can edit the item list or not
    • filterViewAccess

      public com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterViewAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules
      Specified by:
      filterViewAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      customerRef - the reference to the customer to test access for
      itemListIds - the list of item list ids to check
      context - the context of the request
      Returns:
      two lists, accessible and inaccessible item list ids
    • filterEditAccess

      public com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterEditAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules
      Specified by:
      filterEditAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      customerRef - the reference to the customer to test access for
      itemListIds - the list of item list ids to check
      context - the context of the request
      Returns:
      two lists, accessible and inaccessible item list ids
    • filterDeleteAccess

      public com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterDeleteAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules
      Specified by:
      filterDeleteAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      customerRef - the reference to the customer to test access for
      itemListIds - the list of item list ids to check
      context - the context of the request
      Returns:
      two lists, accessible and inaccessible item list ids
    • assertViewAccess

      public void assertViewAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Asserts that the customer can view a given list.
      Specified by:
      assertViewAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      customerRef - the customer reference to test access for
      itemListId - the ID of the item list to test access to
      context - the context of the request
    • assertEditAccess

      public void assertEditAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Asserts that the customer can edit a given list.
      Specified by:
      assertEditAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      customerRef - the customer reference to test access for
      itemListId - the ID of the item list to test access to
      context - the context of the request
    • assertDeleteAccess

      public void assertDeleteAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Asserts that the customer can delete a given list.
      Specified by:
      assertDeleteAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      customerRef - the customer reference to test access for
      itemListId - the ID of the item list to test access to
      context - the context of the request
    • assertShareAccess

      public void assertShareAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef sharer, @NonNull @NonNull ShareItemListRequest shareRequest, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: ItemListSecurityService
      Asserts that the customer can share a given list.
      Specified by:
      assertShareAccess in interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
      Parameters:
      sharer - the customer reference to test access for
      shareRequest - the request to share the item list
      context - the context of the request
    • createOwnerAccessRule

      protected R createOwnerAccessRule(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId)
      Creates an owner type of access rule for the given item list. Typically used upon creation of an item list or re-assignment of the owner of an item list.
      Parameters:
      customerRef - the reference to the (new) owning customer
      itemListId - the item list ID to grant access to
      Returns:
      a populated item list access rule representing the ownership of the item list
    • createSharedAccessRules

      protected List<R> createSharedAccessRules(@NonNull @NonNull ShareItemListRequest shareRequest)
      Creates shared access rules based off of a share request.
      Parameters:
      shareRequest - the share request to create backing access rules for
      Returns:
      a list of access rules expressing the request to share
    • getRule

      protected Optional<R> getRule(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Gets the rule for a customer to a specific item list.
      Parameters:
      customerRef - a reference ot the customer to find an access rule for
      itemListId - the ID of the item list to get an access rule for
      context - the context of the request
      Returns:
      an access rule for the given customer to the given list, or empty if none was found
    • newItemListAccessRule

      protected R newItemListAccessRule()
      Creates a new item list access rule instance.
      Returns:
      a new item list access rule instance
    • filterAccessByRoles

      protected com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterAccessByRoles(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @NonNull @NonNull Set<String> roles, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Based on the provided list of ItemList ids & roles, determines which ItemLists the customer has access to
      Parameters:
      customerRef - the customer to check access for
      itemListIds - the list of item list ids to check
      roles - the access roles we want to verify
      context - the context of the request
      Returns:
      two lists, accessible and inaccessible item list ids
    • getTypeFactory

      protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory()
    • getRuleProvider

      protected ItemListAccessRuleProvider<R> getRuleProvider()
    • getSecurityProps