Interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>

All Known Implementing Classes:
DefaultItemListSecurityService

public interface ItemListSecurityService<R extends com.broadleafcommerce.cart.client.domain.ItemListAccessRule>
Manages security/access-control for item lists.
Author:
Jacob Mitash
  • Method Summary

    Modifier and Type
    Method
    Description
    void
    assertDeleteAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Asserts that the customer can delete a given list.
    void
    assertEditAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Asserts that the customer can edit a given list.
    void
    assertShareAccess(com.broadleafcommerce.order.common.domain.CustomerRef sharer, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Asserts that the customer can share a given list.
    void
    assertViewAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Asserts that the customer can view a given list.
    com.broadleafcommerce.cart.client.domain.ItemListAccessResponse
    filterDeleteAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules
    com.broadleafcommerce.cart.client.domain.ItemListAccessResponse
    filterEditAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules
    com.broadleafcommerce.cart.client.domain.ItemListAccessResponse
    filterViewAccess(@NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull Set<String> itemListIds, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules
    org.springframework.data.domain.Page<R>
    getAccessibleRules(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, org.springframework.data.domain.Pageable pageable, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Gets a page of acceesible access rules for a customer.
    grantOwnership(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Grants ownership of an item list to the given customer.
    boolean
    hasDeleteAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Tells if the given customer has access to delete an item list.
    boolean
    hasEditAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Tells if the given customer has access to edit an item list.
    boolean
    hasShareAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Tells if the given customer has access to share an item list.
    boolean
    hasViewAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Tells if the given customer has access to view an item list.
    share(com.broadleafcommerce.order.common.domain.CustomerRef sharer, ShareItemListRequest shareRequest, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
    Share an item list with other users.
  • Method Details

    • getAccessibleRules

      org.springframework.data.domain.Page<R> getAccessibleRules(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @Nullable org.springframework.data.domain.Pageable pageable, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Gets a page of acceesible access rules for a customer.
      Parameters:
      customerRef - the customer to find access rules for
      pageable - the requested page of access rules
      context - the context of the request
      Returns:
      a page of access rules
    • grantOwnership

      R grantOwnership(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Grants ownership of an item list to the given customer. Essentially creates a new access rule of the "owner" type.
      Parameters:
      customerRef - the reference to the customer to grant ownership for
      itemListId - the list to grant access to
      context - the context of the request
      Returns:
      the newly created item rule
    • share

      List<R> share(com.broadleafcommerce.order.common.domain.CustomerRef sharer, ShareItemListRequest shareRequest, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Share an item list with other users.
      Parameters:
      sharer - the customer initiating the share request
      shareRequest - the details of the request to share
      context - the context of the request
      Returns:
      the newly created access rules
    • hasViewAccess

      boolean hasViewAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Tells if the given customer has access to view an item list.
      Parameters:
      customerRef - the reference to the customer to test access for
      itemListId - the ID of the item list to test access to
      context - the context of the request
      Returns:
      whether the user can view the item list or not
    • hasEditAccess

      boolean hasEditAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Tells if the given customer has access to edit an item list.
      Parameters:
      customerRef - the reference to the customer to test access for
      itemListId - the ID of the item list to test access to
      context - the context of the request
      Returns:
      whether the user can edit the item list or not
    • hasDeleteAccess

      boolean hasDeleteAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Tells if the given customer has access to delete an item list.
      Parameters:
      customerRef - the reference to the customer to test access for
      itemListId - the ID of the item list to test access to
      context - the context of the request
      Returns:
      whether the user can edit the item list or not
    • hasShareAccess

      boolean hasShareAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, ShareItemListRequest shareRequest, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Tells if the given customer has access to share an item list.
      Parameters:
      customerRef - the reference to the customer to test access for
      shareRequest - the request that describes how and which item list should be shared
      context - the context of the request
      Returns:
      whether the user can edit the item list or not
    • filterViewAccess

      com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterViewAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Checks item list access rules for a list of item list ids based on the given customer ref and `VIEW` access rules
      Parameters:
      customerRef - the reference to the customer to test access for
      itemListIds - the list of item list ids to check
      context - the context of the request
      Returns:
      two lists, accessible and inaccessible item list ids
    • filterEditAccess

      com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterEditAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Checks item list access rules for a list of item list ids based on the given customer ref and `EDIT` access rules
      Parameters:
      customerRef - the reference to the customer to test access for
      itemListIds - the list of item list ids to check
      context - the context of the request
      Returns:
      two lists, accessible and inaccessible item list ids
    • filterDeleteAccess

      com.broadleafcommerce.cart.client.domain.ItemListAccessResponse filterDeleteAccess(@NonNull @NonNull com.broadleafcommerce.order.common.domain.CustomerRef customerRef, @NonNull @NonNull Set<String> itemListIds, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Checks item list access rules for a list of item list ids based on the given customer ref and `DELETE` access rules
      Parameters:
      customerRef - the reference to the customer to test access for
      itemListIds - the list of item list ids to check
      context - the context of the request
      Returns:
      two lists, accessible and inaccessible item list ids
    • assertViewAccess

      void assertViewAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Asserts that the customer can view a given list.
      Parameters:
      customerRef - the customer reference to test access for
      itemListId - the ID of the item list to test access to
      context - the context of the request
      Throws:
      com.broadleafcommerce.data.tracking.core.exception.NotPermittedException - if the customer is not authorized to view the list
    • assertEditAccess

      void assertEditAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Asserts that the customer can edit a given list.
      Parameters:
      customerRef - the customer reference to test access for
      itemListId - the ID of the item list to test access to
      context - the context of the request
      Throws:
      com.broadleafcommerce.data.tracking.core.exception.NotPermittedException - if the customer is not authorized to edit the list
    • assertDeleteAccess

      void assertDeleteAccess(com.broadleafcommerce.order.common.domain.CustomerRef customerRef, String itemListId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Asserts that the customer can delete a given list.
      Parameters:
      customerRef - the customer reference to test access for
      itemListId - the ID of the item list to test access to
      context - the context of the request
      Throws:
      com.broadleafcommerce.data.tracking.core.exception.NotPermittedException - if the customer is not authorized to delete the list
    • assertShareAccess

      void assertShareAccess(com.broadleafcommerce.order.common.domain.CustomerRef sharer, ShareItemListRequest shareRequest, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Asserts that the customer can share a given list.
      Parameters:
      sharer - the customer reference to test access for
      shareRequest - the request to share the item list
      context - the context of the request
      Throws:
      com.broadleafcommerce.data.tracking.core.exception.NotPermittedException - if the customer is not authorized to share the list