Class TrackableEntityPolicyEvaluator
- java.lang.Object
-
- com.broadleafcommerce.data.tracking.core.policy.trackable.TrackableEntityPolicyEvaluator
-
- All Implemented Interfaces:
PolicyEvaluator
public class TrackableEntityPolicyEvaluator extends Object implements PolicyEvaluator
Default implementation of PermissionEvaluator responsible for checking the validity of a requested mutating method call on aTrackable
entity given the current Spring Security authority and additionalContextInfo
information.This validation generally encapsulates checks not only against the current Spring Security principal granted authorities, but also against the application and catalog information in play and the user's authorization to read or mutate records for the application and/or catalog.
- Author:
- Jeff Fischer
-
-
Constructor Summary
Constructors Constructor Description TrackableEntityPolicyEvaluator(PolicyUtils policyUtils)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected boolean
canEqual(Object other)
boolean
equals(Object o)
PolicyUtils
getPolicyUtils()
int
hashCode()
protected boolean
isOwnerPolicy(PolicyInformation policy)
Does this policy contain IdentityType.OWNER?String
toString()
PolicyResponse
validate(Map<Integer,Object> methodParams, PolicyInformation policy, ContextInfo contextInfo, OperationType operationType)
Validate security context required to execute a method annotated withPolicy
.PolicyResponse
validateReadOutput(Object output, PolicyInformation policy)
Validate the output of a read method for methods annotated with a Policy of theIdentityType.OWNER
type and a matching user of the owner type (seeTrackablePolicyUtils#isOwnerUser()
).protected PolicyResponse
validateRequestedOperation(Map<Integer,Object> methodParams, PolicyInformation policy, ContextInfo contextInfo, OperationType operationType, TrackablePolicyUtils trackablePolicyUtils)
-
-
-
Constructor Detail
-
TrackableEntityPolicyEvaluator
public TrackableEntityPolicyEvaluator(PolicyUtils policyUtils)
-
-
Method Detail
-
validate
public PolicyResponse validate(Map<Integer,Object> methodParams, PolicyInformation policy, ContextInfo contextInfo, OperationType operationType)
Description copied from interface:PolicyEvaluator
Validate security context required to execute a method annotated withPolicy
.- Specified by:
validate
in interfacePolicyEvaluator
- Parameters:
methodParams
- The method parameters in the method call being validatedpolicy
- ThePolicy
annotation on the method- Returns:
- The result of the validation
-
isOwnerPolicy
protected boolean isOwnerPolicy(PolicyInformation policy)
Does this policy contain IdentityType.OWNER?- Parameters:
policy
- The policy information- Returns:
true
if this is an OWNER policy, elsefalse
.
-
validateRequestedOperation
protected PolicyResponse validateRequestedOperation(Map<Integer,Object> methodParams, PolicyInformation policy, ContextInfo contextInfo, OperationType operationType, TrackablePolicyUtils trackablePolicyUtils)
-
validateReadOutput
public PolicyResponse validateReadOutput(Object output, PolicyInformation policy)
Description copied from interface:PolicyEvaluator
Validate the output of a read method for methods annotated with a Policy of theIdentityType.OWNER
type and a matching user of the owner type (seeTrackablePolicyUtils#isOwnerUser()
).- Specified by:
validateReadOutput
in interfacePolicyEvaluator
- Parameters:
output
- The results of the read operationpolicy
- ThePolicy
annotation on the method- Returns:
- The result of the validation
-
getPolicyUtils
public PolicyUtils getPolicyUtils()
-
canEqual
protected boolean canEqual(Object other)
-
-