Class TrackableEntityPolicyEvaluator
- java.lang.Object
-
- com.broadleafcommerce.data.tracking.core.policy.trackable.TrackableEntityPolicyEvaluator
-
- All Implemented Interfaces:
PolicyEvaluator
public class TrackableEntityPolicyEvaluator extends Object implements PolicyEvaluator
Default implementation of PermissionEvaluator responsible for checking the validity of a requested mutating method call on aTrackableentity given the current Spring Security authority and additionalContextInfoinformation.This validation generally encapsulates checks not only against the current Spring Security principal granted authorities, but also against the application and catalog information in play and the user's authorization to read or mutate records for the application and/or catalog.
- Author:
- Jeff Fischer
-
-
Constructor Summary
Constructors Constructor Description TrackableEntityPolicyEvaluator(PolicyUtils policyUtils)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected booleancanEqual(Object other)booleanequals(Object o)PolicyUtilsgetPolicyUtils()inthashCode()protected booleanisOwnerPolicy(PolicyInformation policy)Does this policy contain IdentityType.OWNER?StringtoString()PolicyResponsevalidate(Map<Integer,Object> methodParams, PolicyInformation policy, ContextInfo contextInfo, OperationType operationType)Validate security context required to execute a method annotated withPolicy.PolicyResponsevalidateReadOutput(Object output, PolicyInformation policy)Validate the output of a read method for methods annotated with a Policy of theIdentityType.OWNERtype and a matching user of the owner type (seeTrackablePolicyUtils#isOwnerUser()).protected PolicyResponsevalidateRequestedOperation(Map<Integer,Object> methodParams, PolicyInformation policy, ContextInfo contextInfo, OperationType operationType, TrackablePolicyUtils trackablePolicyUtils)
-
-
-
Constructor Detail
-
TrackableEntityPolicyEvaluator
public TrackableEntityPolicyEvaluator(PolicyUtils policyUtils)
-
-
Method Detail
-
validate
public PolicyResponse validate(Map<Integer,Object> methodParams, PolicyInformation policy, ContextInfo contextInfo, OperationType operationType)
Description copied from interface:PolicyEvaluatorValidate security context required to execute a method annotated withPolicy.- Specified by:
validatein interfacePolicyEvaluator- Parameters:
methodParams- The method parameters in the method call being validatedpolicy- ThePolicyannotation on the method- Returns:
- The result of the validation
-
isOwnerPolicy
protected boolean isOwnerPolicy(PolicyInformation policy)
Does this policy contain IdentityType.OWNER?- Parameters:
policy- The policy information- Returns:
trueif this is an OWNER policy, elsefalse.
-
validateRequestedOperation
protected PolicyResponse validateRequestedOperation(Map<Integer,Object> methodParams, PolicyInformation policy, ContextInfo contextInfo, OperationType operationType, TrackablePolicyUtils trackablePolicyUtils)
-
validateReadOutput
public PolicyResponse validateReadOutput(Object output, PolicyInformation policy)
Description copied from interface:PolicyEvaluatorValidate the output of a read method for methods annotated with a Policy of theIdentityType.OWNERtype and a matching user of the owner type (seeTrackablePolicyUtils#isOwnerUser()).- Specified by:
validateReadOutputin interfacePolicyEvaluator- Parameters:
output- The results of the read operationpolicy- ThePolicyannotation on the method- Returns:
- The result of the validation
-
getPolicyUtils
public PolicyUtils getPolicyUtils()
-
canEqual
protected boolean canEqual(Object other)
-
-