The IRestContactAuthorizationPlugin plugin
IRestContactAuthorizationPlugin is a plugin that defines
methods called by Cloud API to determine the appropriate access for a called using the
contactAuthorizationIDs strategy.
The plugin implements the IRestContactAuthorizationPlugin
interface. This interface defines the following methods:
-
AuthAccess getAccessForAccountResource(AuthorizedUser user, Account account) -
Map<RestContactAuthAccessType, Set<AccountContact>> getAuthorizedUserAccountContacts(AuthorizedUser user) -
Query<AccountContact> createUserAccountContactsBaseQuery(AuthorizedUser user) -
Query<AccountContact> createUserPrimaryPayerAccountContactsQuery(AuthorizedUser user) -
Query<AccountContact> createUserPrivilegedAccountContactsQuery(AuthorizedUser user)
The getAuthorizedUserAccountContacts method identifies the
list of contacts a user is claiming to be or to represent. It also determines what
access each contact has to their respective accounts.
The getAccessForAccountResource method is called by the
getRestContactAuthAccountAccess method in the
ContactAuthorizationIdsRestV1Enhancement
enhancement. It is the default method for determining a user's access to a
resource. The default implementation calls the
getAuthorizedUserAccountContacts method to determine this.
If you want to change some of the logic for how access is determine, you can create a new plugin implementation that overrides the base configuration methods.