Source code

001/**
002 * Copyright 2005-2018 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.krad.maintenance;
017
018import org.kuali.rice.kim.api.KimConstants;
019import org.kuali.rice.kim.api.identity.Person;
020import org.kuali.rice.krad.document.DocumentAuthorizerBase;
021import org.kuali.rice.krad.service.DocumentDictionaryService;
022import org.kuali.rice.krad.service.KRADServiceLocatorWeb;
023import org.kuali.rice.krad.util.KRADConstants;
024import org.kuali.rice.krad.util.KRADUtils;
025
026import java.util.HashMap;
027import java.util.Map;
028
029/**
030 * Default implementation for {@link MaintenanceDocumentAuthorizer} that perform KIM permission checks to authorize
031 * the actions
032 *
033 * @author Kuali Rice Team (rice.collab@kuali.org)
034 * @see org.kuali.rice.krad.maintenance.MaintenanceDocumentAuthorizer
035 */
036public class MaintenanceDocumentAuthorizerBase extends DocumentAuthorizerBase implements MaintenanceDocumentAuthorizer {
037    private static final long serialVersionUID = 6780013889553259327L;
038
039    private transient DocumentDictionaryService documentDictionaryService;
040
041    /**
042     * @see org.kuali.rice.krad.maintenance.MaintenanceDocumentAuthorizer#canCreate(Class, org.kuali.rice.kim.api.identity.Person)
043     */
044    @Override
045    public boolean canCreate(Class boClass, Person user) {
046        Map<String, String> permissionDetails = new HashMap<String, String>();
047        permissionDetails.put(KimConstants.AttributeConstants.DOCUMENT_TYPE_NAME,
048                getDocumentDictionaryService().getMaintenanceDocumentTypeName(boClass));
049        permissionDetails.put(KRADConstants.MAINTENANCE_ACTN, KRADConstants.MAINTENANCE_NEW_ACTION);
050
051        return !permissionExistsByTemplate(KRADConstants.KNS_NAMESPACE,
052                KimConstants.PermissionTemplateNames.CREATE_MAINTAIN_RECORDS, permissionDetails)
053                || getPermissionService().isAuthorizedByTemplate(user.getPrincipalId(), KRADConstants.KNS_NAMESPACE,
054                KimConstants.PermissionTemplateNames.CREATE_MAINTAIN_RECORDS, permissionDetails,
055                new HashMap<String, String>());
056    }
057
058    /**
059     * @see org.kuali.rice.krad.maintenance.MaintenanceDocumentAuthorizer#canMaintain(Object, org.kuali.rice.kim.api.identity.Person)
060     */
061    @Override
062    public boolean canMaintain(Object dataObject, Person user) {
063        Map<String, String> permissionDetails = new HashMap<String, String>(2);
064        permissionDetails.put(KimConstants.AttributeConstants.DOCUMENT_TYPE_NAME,
065                getDocumentDictionaryService().getMaintenanceDocumentTypeName(dataObject.getClass()));
066        permissionDetails.put(KRADConstants.MAINTENANCE_ACTN, KRADConstants.MAINTENANCE_EDIT_ACTION);
067
068        return !permissionExistsByTemplate(KRADConstants.KNS_NAMESPACE,
069                KimConstants.PermissionTemplateNames.CREATE_MAINTAIN_RECORDS, permissionDetails)
070                || isAuthorizedByTemplate(dataObject, KRADConstants.KNS_NAMESPACE,
071                KimConstants.PermissionTemplateNames.CREATE_MAINTAIN_RECORDS, user.getPrincipalId(), permissionDetails,
072                null);
073    }
074
075    /**
076     * @see org.kuali.rice.krad.maintenance.MaintenanceDocumentAuthorizer#canCreateOrMaintain(MaintenanceDocument, org.kuali.rice.kim.api.identity.Person)
077     */
078    @Override
079    public boolean canCreateOrMaintain(MaintenanceDocument maintenanceDocument, Person user) {
080        return !permissionExistsByTemplate(maintenanceDocument, KRADConstants.KNS_NAMESPACE,
081                KimConstants.PermissionTemplateNames.CREATE_MAINTAIN_RECORDS) || isAuthorizedByTemplate(
082                maintenanceDocument, KRADConstants.KNS_NAMESPACE,
083                KimConstants.PermissionTemplateNames.CREATE_MAINTAIN_RECORDS, user.getPrincipalId());
084    }
085
086    /**
087     * Adds the namespace and component to the role qualification attributes
088     *
089     * @see org.kuali.rice.krad.document.DocumentAuthorizerBase#addRoleQualification(Object, java.util.Map)
090     */
091    @SuppressWarnings("unchecked")
092    @Override
093    protected void addRoleQualification(Object dataObject, Map<String, String> attributes) {
094        super.addRoleQualification(dataObject, attributes);
095
096        if (dataObject instanceof MaintenanceDocument) {
097            MaintenanceDocument maintDoc = (MaintenanceDocument) dataObject;
098            if (maintDoc.getNewMaintainableObject() != null) {
099                attributes.putAll(KRADUtils.getNamespaceAndComponentSimpleName(
100                        maintDoc.getNewMaintainableObject().getDataObjectClass()));
101            }
102        }
103    }
104
105    /**
106     * Adds the namespace, component and maintenance actions to the permission details attributes
107     *
108     * @see org.kuali.rice.krad.document.DocumentAuthorizerBase#addPermissionDetails(Object, java.util.Map)
109     */
110    @SuppressWarnings("unchecked")
111    @Override
112    protected void addPermissionDetails(Object dataObject, Map<String, String> attributes) {
113        super.addPermissionDetails(dataObject, attributes);
114
115        if (dataObject instanceof MaintenanceDocument) {
116            MaintenanceDocument maintDoc = (MaintenanceDocument) dataObject;
117            if (maintDoc.getNewMaintainableObject() != null) {
118                attributes.putAll(KRADUtils.getNamespaceAndComponentSimpleName(
119                        maintDoc.getNewMaintainableObject().getDataObjectClass()));
120                attributes.put(KRADConstants.MAINTENANCE_ACTN,
121                        maintDoc.getNewMaintainableObject().getMaintenanceAction());
122            }
123        }
124    }
125
126    protected DocumentDictionaryService getDocumentDictionaryService() {
127        if (documentDictionaryService == null) {
128            documentDictionaryService = KRADServiceLocatorWeb.getDocumentDictionaryService();
129        }
130        return documentDictionaryService;
131    }
132
133    public void setDocumentDictionaryService(DocumentDictionaryService documentDictionaryService) {
134        this.documentDictionaryService = documentDictionaryService;
135    }
136}