Package com.broadleafcommerce.paymenttransaction.service.validation

Class DefaultPaymentAccessValidationService

java.lang.Object
com.broadleafcommerce.paymenttransaction.service.validation.DefaultPaymentAccessValidationService
All Implemented Interfaces:
PaymentAccessValidationService
public class DefaultPaymentAccessValidationService extends Object implements PaymentAccessValidationService
Default implementation of PaymentAccessValidationService.

  • Constructor Details

    • DefaultPaymentAccessValidationService

      public DefaultPaymentAccessValidationService(PaymentTTLValidationService paymentTTLValidationService, PaymentManagementService<Payment> paymentManagementService, com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils authenticationUtils)

  • Method Details

    • validateCustomerPaymentRequest

      public void validateCustomerPaymentRequest(@NonNull @NonNull Payment payment, @NonNull @NonNull CustomerRef customerRef, @Nullable String lockToken, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: PaymentAccessValidationService
      Validates access to the payment based on the passed in context
      Specified by:
      validateCustomerPaymentRequest in interface PaymentAccessValidationService
      Parameters:
      payment - the Payment requiring access
      customerRef - the CustomerRef to validate against
      lockToken - the current lock token
      context - context information surrounding multitenant state

    • validateCustomerPaymentRequest

      public void validateCustomerPaymentRequest(@NonNull @NonNull Payment payment, @NonNull @NonNull CustomerRef customerRef, @NonNull @NonNull UpdatePaymentRequest updatePaymentRequest, @Nullable String lockToken, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
      Description copied from interface: PaymentAccessValidationService
      Validates access to the payment based on the passed in context. In the case of a Payment update request, the details of the UpdatePaymentRequest can be factored into determining if the customer's request should be allowed or blocked
      Specified by:
      validateCustomerPaymentRequest in interface PaymentAccessValidationService
      Parameters:
      payment - the Payment requiring access
      customerRef - the CustomerRef to validate against
      updatePaymentRequest - the request payload related to an update request (only present for update requests)
      lockToken - the current lock token
      context - context information surrounding multitenant state

    • shouldAllowSupplementaryUpdatesWhileMutabilityBlockedForPaymentFinalization

      protected boolean shouldAllowSupplementaryUpdatesWhileMutabilityBlockedForPaymentFinalization(@Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

    • validatePaymentCustomerRef

      protected void validatePaymentCustomerRef(@NonNull @NonNull Payment payment, @NonNull @NonNull CustomerRef customerRef, @Nullable String lockToken, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

    • shouldSkipPaymentTTLValidation

      protected boolean shouldSkipPaymentTTLValidation(@NonNull @NonNull Payment payment, @NonNull @NonNull CustomerRef customerRef, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context)

    • isCustomerMutabilityBlocked

      protected boolean isCustomerMutabilityBlocked(@NonNull @NonNull Payment payment)

    • isCustomerMutabilityBlockedForPaymentFinalization

      protected boolean isCustomerMutabilityBlockedForPaymentFinalization(@NonNull @NonNull Payment payment)

    • customerMatches

      protected boolean customerMatches(@NonNull @NonNull Payment payment, @NonNull @NonNull CustomerRef customer)
      Validates if the owning user of the Payment matches the given CustomerRef.

      This is to ensure that the currently authenticated user, the given CustomerRef, has access to the Payment.

      Parameters:
      payment - the Payment to check the owning user for
      customer - the CustomerRef to check against
      Returns:
      true if the payment's owning user matches the given CustomerRef, otherwise false

    • validateAccessForAnonymousOwnedPayment

      protected boolean validateAccessForAnonymousOwnedPayment(@NonNull @NonNull Payment payment, @NonNull @NonNull CustomerRef customerRef)
      Validates access for anonymous owned Payment for the given CustomerRef, which checks against the Payment.getOwningUserEmailAddress() and CustomerRef.getUsername() by default.

      Override this method for additional validations or if CustomerRef.getUsername() is not the same as the customer email.

      Parameters:
      payment - the Payment being accessed
      customerRef - the CustomerRef to check against
      Returns:
      true if access is allowed, otherwise false.

    • getPaymentTTLValidationService

      protected PaymentTTLValidationService getPaymentTTLValidationService()

    • getPaymentManagementService

      protected PaymentManagementService<Payment> getPaymentManagementService()

    • getAuthenticationUtils

      protected com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils getAuthenticationUtils()

    • getPaymentTransactionServiceProperties

      protected PaymentTransactionServiceProperties getPaymentTransactionServiceProperties()

    • setPaymentTransactionServiceProperties

      @Autowired public void setPaymentTransactionServiceProperties(PaymentTransactionServiceProperties paymentTransactionServiceProperties)