ApplicationTenancyEvaluator

Optional SPI interface to be implemented by a domain service, providing an alternative mechanism for evaluating the application tenancy of the object being interacted with (the "what") and optionally also the tenancy of the user making the call (the "who").

API

ApplicationTenancyEvaluator.java

interface ApplicationTenancyEvaluator {
  boolean handles(Class<?> cls)     (1)
  String hides(Object domainObject, ApplicationUser applicationUser)     (2)
  String disables(Object domainObject, ApplicationUser applicationUser)     (3)
}

1	handles(Class) Whether this evaluator can determine the tenancy of the specified domain entity (such as `ToDoItem` ) being interacted with (the "what").
2	hides(Object, ApplicationUser) Whether this domain object should not be visible to the specified ApplicationUser .
3	disables(Object, ApplicationUser) Whether the object members of this domain object should be disabled/read-only for the specified ApplicationUser .

Members

handles(Class)

Whether this evaluator can determine the tenancy of the specified domain entity (such as ToDoItem ) being interacted with (the "what").

This method is also called to determine if the evaluator is also able to determine the tenancy of the security module’s own ApplicationUser , ie the "who" is doing the interacting. If the evaluator does not handle the class, then the fallback behaviour is to invoke ApplicationUser#getAtPath() } on the ApplicationUser and use the path from that.

hides(Object, ApplicationUser)

Whether this domain object should not be visible to the specified ApplicationUser .

The domain object will be one that is handled by this evaluator, in other words that #handles(Class) was previously called and the evaluator returned true .

A non-null return value means that the object should be hidden.

disables(Object, ApplicationUser)

Whether the object members of this domain object should be disabled/read-only for the specified ApplicationUser .

The domain object will be one that is handled by this evaluator, in other words that #handles(Class) was previously called and the evaluator returned true .

This method is only called after #hides(Object, ApplicationUser) and only if that method returned false .

A non-null return value means that the object should be disabled, and is used as the reason why the object member is disabled.