Source code

001/**
002 * Copyright 2005-2018 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.krad.lookup;
017
018import org.kuali.rice.core.api.exception.RiceRuntimeException;
019import org.kuali.rice.kim.api.KimConstants;
020import org.kuali.rice.kim.api.identity.Person;
021import org.kuali.rice.krad.service.KRADServiceLocatorWeb;
022import org.kuali.rice.krad.uif.view.View;
023import org.kuali.rice.krad.uif.view.ViewAuthorizerBase;
024import org.kuali.rice.krad.uif.view.ViewModel;
025import org.kuali.rice.krad.util.KRADConstants;
026import org.kuali.rice.krad.util.KRADUtils;
027
028import java.util.Map;
029
030/**
031 * Implementation of {@link org.kuali.rice.krad.uif.view.ViewAuthorizer} for
032 * {@link LookupView} instances
033 *
034 * @author Kuali Rice Team (rice.collab@kuali.org)
035 */
036public class LookupViewAuthorizerBase extends ViewAuthorizerBase {
037    private static final long serialVersionUID = 3755133641536256283L;
038    private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(
039            LookupViewAuthorizerBase.class);
040
041    /**
042     * Override to check the for permissions of type 'Look Up Records' in addition to the open view check
043     * done in super
044     *
045     * @param view view instance the open permission should be checked for
046     * @param model object containing the model data associated with the view
047     * @param user user who is requesting the view
048     */
049    @Override
050    public boolean canOpenView(View view, ViewModel model, Person user) {
051        boolean canOpen = super.canOpenView(view, model, user);
052
053        if (canOpen) {
054            LookupForm lookupForm = (LookupForm) model;
055
056            Map<String, String> additionalPermissionDetails;
057            try {
058                additionalPermissionDetails = KRADUtils.getNamespaceAndComponentSimpleName(Class.forName(
059                        lookupForm.getDataObjectClassName()));
060            } catch (ClassNotFoundException e) {
061                throw new RiceRuntimeException(
062                        "Unable to create class for lookup class name: " + lookupForm.getDataObjectClassName(), e);
063            }
064
065            if (permissionExistsByTemplate(model, KRADConstants.KNS_NAMESPACE,
066                    KimConstants.PermissionTemplateNames.LOOK_UP_RECORDS, additionalPermissionDetails)) {
067                canOpen = isAuthorizedByTemplate(model, KRADConstants.KNS_NAMESPACE,
068                        KimConstants.PermissionTemplateNames.LOOK_UP_RECORDS, user.getPrincipalId(),
069                        additionalPermissionDetails, null);
070            }
071        }
072
073        return canOpen;
074    }
075
076    /**
077     * Check if user is allowed to initiate the maintenance document associated with the lookup data
078     * object class.
079     *
080     * @param dataObjectClassName data object class name associated with the lookup
081     * @param user user we are authorizing the actions for
082     * @return true if user is authorized to initiate the document, false otherwise
083     */
084    public boolean canInitiateMaintenanceDocument(String dataObjectClassName, Person user) {
085        boolean canInitiateDocument = false;
086
087        try {
088            Class<?> dataObjectClass = Class.forName(dataObjectClassName);
089
090            String documentTypeName = KRADServiceLocatorWeb.getDocumentDictionaryService()
091                    .getMaintenanceDocumentTypeName(dataObjectClass);
092            if ((documentTypeName != null) &&
093                    KRADServiceLocatorWeb.getDocumentDictionaryService().getDocumentAuthorizer(documentTypeName)
094                            .canInitiate(documentTypeName, user)) {
095                canInitiateDocument = true;
096            }
097        } catch (ClassNotFoundException e) {
098            LOG.warn("Unable to load Data Object Class: " + dataObjectClassName, e);
099        }
100
101        return canInitiateDocument;
102    }
103}