Class TrackableEntityPolicyEvaluator
java.lang.Object
com.broadleafcommerce.data.tracking.core.policy.trackable.TrackableEntityPolicyEvaluator
- All Implemented Interfaces:
PolicyEvaluator
Default implementation of PermissionEvaluator responsible for checking the validity of a
requested mutating method call on a
Trackable
entity given the current Spring Security
authority and additional ContextInfo
information.
This validation generally encapsulates checks not only against the current Spring Security principal granted authorities, but also against the application and catalog information in play and the user's authorization to read or mutate records for the application and/or catalog.
- Author:
- Jeff Fischer
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
boolean
int
hashCode()
protected boolean
isOwnerPolicy
(PolicyInformation policy) Does this policy contain IdentityType.OWNER?toString()
validate
(Map<Integer, Object> methodParams, PolicyInformation policy, ContextInfo contextInfo, OperationType operationType) Validate security context required to execute a method annotated withPolicy
.validateReadOutput
(Object output, PolicyInformation policy) Validate the output of a read method for methods annotated with a Policy of theIdentityType.OWNER
type and a matching user of the owner type (seeTrackablePolicyUtils#isOwnerUser()
).protected PolicyResponse
validateRequestedOperation
(Map<Integer, Object> methodParams, PolicyInformation policy, ContextInfo contextInfo, OperationType operationType, TrackablePolicyUtils trackablePolicyUtils)
-
Constructor Details
-
TrackableEntityPolicyEvaluator
-
-
Method Details
-
validate
public PolicyResponse validate(Map<Integer, Object> methodParams, PolicyInformation policy, ContextInfo contextInfo, OperationType operationType) Description copied from interface:PolicyEvaluator
Validate security context required to execute a method annotated withPolicy
.- Specified by:
validate
in interfacePolicyEvaluator
- Parameters:
methodParams
- The method parameters in the method call being validatedpolicy
- ThePolicy
annotation on the method- Returns:
- The result of the validation
-
isOwnerPolicy
Does this policy contain IdentityType.OWNER?- Parameters:
policy
- The policy information- Returns:
true
if this is an OWNER policy, elsefalse
.
-
validateRequestedOperation
protected PolicyResponse validateRequestedOperation(Map<Integer, Object> methodParams, PolicyInformation policy, ContextInfo contextInfo, OperationType operationType, TrackablePolicyUtils trackablePolicyUtils) -
validateReadOutput
Description copied from interface:PolicyEvaluator
Validate the output of a read method for methods annotated with a Policy of theIdentityType.OWNER
type and a matching user of the owner type (seeTrackablePolicyUtils#isOwnerUser()
).- Specified by:
validateReadOutput
in interfacePolicyEvaluator
- Parameters:
output
- The results of the read operationpolicy
- ThePolicy
annotation on the method- Returns:
- The result of the validation
-
getPolicyUtils
-
equals
-
canEqual
-
hashCode
public int hashCode() -
toString
-