Interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
- All Known Implementing Classes:
DefaultItemListSecurityService
public interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
Manages security/access-control for item lists.
- Author:
- Jacob Mitash
-
Method Summary
Modifier and TypeMethodDescriptionvoid
assertDeleteAccess
(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can delete a given list.void
assertEditAccess
(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can edit a given list.void
assertShareAccess
(com.broadleafcommerce.order.common.domain.CustomerRef sharer, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can share a given list.void
assertViewAccess
(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can view a given list.com.broadleafcommerce.cart.client.domain.ItemListAccessResponse
filterDeleteAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rulescom.broadleafcommerce.cart.client.domain.ItemListAccessResponse
filterEditAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rulescom.broadleafcommerce.cart.client.domain.ItemListAccessResponse
filterViewAccess
(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rulesorg.springframework.data.domain.Page<R>
getAccessibleRules
(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, org.springframework.data.domain.Pageable pageable, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Gets a page of acceesible access rules for a customer.grantOwnership
(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Grants ownership of an item list to the given customer.boolean
hasDeleteAccess
(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to delete an item list.boolean
hasEditAccess
(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to edit an item list.boolean
hasShareAccess
(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to share an item list.boolean
hasViewAccess
(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to view an item list.share
(com.broadleafcommerce.order.common.domain.CustomerRef sharer, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Share an item list with other users.
-
Method Details
-
getAccessibleRules
org.springframework.data.domain.Page<R> getAccessibleRules(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @Nullable org.springframework.data.domain.Pageable pageable, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Gets a page of acceesible access rules for a customer.- Parameters:
customerRef
- the customer to find access rules forpageable
- the requested page of access rulescontext
- the context of the request- Returns:
- a page of access rules
-
grantOwnership
R grantOwnership(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Grants ownership of an item list to the given customer. Essentially creates a new access rule of the "owner" type.- Parameters:
customerRef
- the reference to the customer to grant ownership foritemListId
- the list to grant access tocontext
- the context of the request- Returns:
- the newly created item rule
-
hasViewAccess
boolean hasViewAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to view an item list.- Parameters:
customerRef
- the reference to the customer to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Returns:
- whether the user can view the item list or not
-
hasEditAccess
boolean hasEditAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to edit an item list.- Parameters:
customerRef
- the reference to the customer to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Returns:
- whether the user can edit the item list or not
-
hasDeleteAccess
boolean hasDeleteAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Tells if the given customer has access to delete an item list.- Parameters:
customerRef
- the reference to the customer to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Returns:
- whether the user can edit the item list or not
-
filterViewAccess
com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterViewAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules- Parameters:
customerRef
- the reference to the customer to test access foritemListIds
- the list of item list ids to checkcontext
- the context of the request- Returns:
- two lists, accessible and inaccessible item list ids
-
filterEditAccess
com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterEditAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules- Parameters:
customerRef
- the reference to the customer to test access foritemListIds
- the list of item list ids to checkcontext
- the context of the request- Returns:
- two lists, accessible and inaccessible item list ids
-
filterDeleteAccess
com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterDeleteAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules- Parameters:
customerRef
- the reference to the customer to test access foritemListIds
- the list of item list ids to checkcontext
- the context of the request- Returns:
- two lists, accessible and inaccessible item list ids
-
assertViewAccess
void assertViewAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can view a given list.- Parameters:
customerRef
- the customer reference to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Throws:
com.broadleafcommerce.data.tracking.core.exception.NotPermittedException
- if the customer is not authorized to view the list
-
assertEditAccess
void assertEditAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can edit a given list.- Parameters:
customerRef
- the customer reference to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Throws:
com.broadleafcommerce.data.tracking.core.exception.NotPermittedException
- if the customer is not authorized to edit the list
-
assertDeleteAccess
void assertDeleteAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Asserts that the customer can delete a given list.- Parameters:
customerRef
- the customer reference to test access foritemListId
- the ID of the item list to test access tocontext
- the context of the request- Throws:
com.broadleafcommerce.data.tracking.core.exception.NotPermittedException
- if the customer is not authorized to delete the list
-