Package de.hybris.platform.cmsfacades.types.service.impl

Class DefaultCMSPermissionChecker

    • Constructor Detail

      • DefaultCMSPermissionChecker

        public DefaultCMSPermissionChecker()

    • Method Detail

      • isAttributeTypeBlacklisted

        protected boolean isAttributeTypeBlacklisted​(TypeModel attributeType)
        Method that returns true if the attribute type is not applicable for permission checking. Currently type MediaModel is not applicable for type permission checking.

      • hasPermissionForContainedType

        public boolean hasPermissionForContainedType​(AttributeDescriptorModel attribute,
                                             java.lang.String permissionName)
        Type permission checking to see if the current principal has permissions to perform the specified operation (e.g. read, change, create or remove) on the type of an attribute or not.
        • When the attribute is of type ComposedTypeModel, this method verifies that the type specified in the ComposedTypeModel is manageable by the current user.
        • When the attribute is of type AtomicTypeModel, no additional type checking needs to be done. This will always return TRUE.

        Possible scenarios are listed in the table below:

        Sample Attribute Attribute Expected Result
        String name Atomic type always TRUE
        Media media Composed type TRUE when user has permission for Media type
        List<MediaModel> media Collection of Composed type TRUE when user has permission for Media type
        Map<String, MediaModel> media Localized Composed type TRUE when user has permission for Media type
        Map<String, List<MediaModel>> media Localized Collection of Composed type TRUE when user has permission for Media type
        Specified by:
        hasPermissionForContainedType in interface CMSPermissionChecker
        permissionName - - The name of the permission to be checked; valid values defined in PermissionsConstants
        Returns:
        true if the current principal has been granted change permission on the type contained in the non-primitive attribute or the attribute is of type AtomicTypeModel; false otherwise.
        Throws:
        TypePermissionException - when principal cannot READ the type contained in a required attribute.

      • hasPermission

        protected boolean hasPermission​(AttributeDescriptorModel attribute,
                                java.lang.String permissionName,
                                TypeModel attributeType)
        Verifies if the current principal has permissions to perform the specified operation (e.g. read, change, create or remove) on an attribute or not.
        Parameters:
        attribute - - The descriptor that specifies the attribute whose permission to check.
        permissionName - - The name of the permission to be checked; valid values defined in PermissionsConstants
        attributeType - - The TypeModel of the attribute
        Returns:
        TRUE when the user has permission to perform the specified operation on the attribute; FALSE otherwise.

      • hasReadPermission

        protected boolean hasReadPermission​(AttributeDescriptorModel attribute,
                                    TypeModel attributeType)
        Verifies if the current principal has read permission on an attribute or not.
        Parameters:
        attribute - - The descriptor that specifies the attribute whose permission to check.
        attributeType - - The TypeModel of the attribute
        Returns:
        TRUE when the user has read permission on the attribute; FALSE otherwise.

      • setPermissionCRUDService

        public void setPermissionCRUDService​(PermissionCRUDService permissionCRUDService)