1 /**
2 * Copyright 2004-2013 The Kuali Foundation
3 *
4 * Licensed under the Educational Community License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.opensource.org/licenses/ecl2.php
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 package org.kuali.kpme.core.service.permission;
17
18 import java.util.HashMap;
19 import java.util.List;
20 import java.util.Map;
21
22 import org.joda.time.DateTime;
23 import org.kuali.kpme.core.assignment.Assignment;
24 import org.kuali.kpme.core.department.Department;
25 import org.kuali.kpme.core.department.service.DepartmentService;
26 import org.kuali.kpme.core.role.KPMERoleMemberAttribute;
27 import org.kuali.kpme.core.workarea.WorkArea;
28 import org.kuali.kpme.core.workarea.service.WorkAreaService;
29 import org.kuali.rice.kew.api.document.DocumentStatus;
30 import org.kuali.rice.kim.api.KimConstants;
31
32 public abstract class HrPermissionServiceBase {
33
34 private DepartmentService departmentService;
35 private WorkAreaService workAreaService;
36
37 /**
38 * Checks whether the given {@code principalId} is authorized to perform {@code permissionName} for the given role qualifications.
39 *
40 * @param principalId The person to check the permission for
41 * @param permissionName The name of the permission
42 * @param qualification The map of role qualifiers for the person
43 * @param asOfDate The effective date of the permission
44 *
45 * @return true if {@code principalId} is authorized to perform {@code permissionName}, false otherwise.
46 */
47 public abstract boolean isAuthorized(String principalId, String permissionName, Map<String, String> qualification, DateTime asOfDate);
48
49 /**
50 * Checks whether the given {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given permission details and role qualifications.
51 *
52 * @param principalId The person to check the permission for
53 * @param namespaceCode The namespace for the permission template
54 * @param permissionTemplateName The name of the permission template
55 * @param permissionDetails The map of permission details for the permission
56 * @param qualification The map of role qualifiers for the person
57 * @param asOfDate The effective date of the permission
58 *
59 * @return true if {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName}, false otherwise.
60 */
61 public abstract boolean isAuthorizedByTemplate(String principalId, String namespaceCode, String permissionTemplateName, Map<String, String> permissionDetails, Map<String, String> qualification, DateTime asOfDate);
62
63 /**
64 * Checks whether the given {@code principalId} is authorized to perform {@code permissionName} for the given work area.
65 *
66 * @param principalId The person to check the permission for
67 * @param permissionName The name of the permission
68 * @param workArea The work area qualifier
69 * @param asOfDate The effective date of the permission
70 *
71 * @return true if {@code principalId} is authorized to perform {@code permissionName} for the given work area, false otherwise.
72 */
73 public boolean isAuthorizedInWorkArea(String principalId, String permissionName, Long workArea, DateTime asOfDate) {
74 Map<String, String> qualification = new HashMap<String, String>();
75 qualification.put(KPMERoleMemberAttribute.WORK_AREA.getRoleMemberAttributeName(), String.valueOf(workArea));
76
77 return isAuthorized(principalId, permissionName, qualification, asOfDate);
78 }
79
80 /**
81 * Checks whether the given {@code principalId} is authorized to perform {@code permissionName} for the given department.
82 *
83 * @param principalId The person to check the permission for
84 * @param permissionName The name of the permission
85 * @param department The department qualifier
86 * @param asOfDate The effective date of the permission
87 *
88 * @return true if {@code principalId} is authorized to perform {@code permissionName} for the given department, false otherwise.
89 */
90 public boolean isAuthorizedInDepartment(String principalId, String permissionName, String department, DateTime asOfDate) {
91 Map<String, String> qualification = new HashMap<String, String>();
92 qualification.put(KPMERoleMemberAttribute.DEPARTMENT.getRoleMemberAttributeName(), department);
93
94 return isAuthorized(principalId, permissionName, qualification, asOfDate);
95 }
96
97 /**
98 * Checks whether the given {@code principalId} is authorized to perform {@code permissionName} for the given location.
99 *
100 * @param principalId The person to check the permission for
101 * @param permissionName The name of the permission
102 * @param location The location qualifier
103 * @param asOfDate The effective date of the permission
104 *
105 * @return true if {@code principalId} is authorized to perform {@code permissionName} for the given location, false otherwise.
106 */
107 public boolean isAuthorizedInLocation(String principalId, String permissionName, String location, DateTime asOfDate) {
108 Map<String, String> qualification = new HashMap<String, String>();
109 qualification.put(KPMERoleMemberAttribute.LOCATION.getRoleMemberAttributeName(), location);
110
111 return isAuthorized(principalId, permissionName, qualification, asOfDate);
112 }
113
114 /**
115 * Checks whether the given {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given work area.
116 *
117 * @param principalId The person to check the permission for
118 * @param namespaceCode The namespace for the permission template
119 * @param permissionTemplateName The name of the permission template
120 * @param workArea The work area qualifier
121 * @param asOfDate The effective date of the permission
122 *
123 * @return true if {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given work area, false otherwise.
124 */
125 public boolean isAuthorizedByTemplateInWorkArea(String principalId, String namespaceCode, String permissionTemplateName, Long workArea, DateTime asOfDate) {
126 Map<String, String> permissionDetails = new HashMap<String, String>();
127
128 Map<String, String> qualification = new HashMap<String, String>();
129 qualification.put(KPMERoleMemberAttribute.WORK_AREA.getRoleMemberAttributeName(), String.valueOf(workArea));
130
131 return isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName, permissionDetails, qualification, asOfDate);
132 }
133
134 /**
135 * Checks whether the given {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given department.
136 *
137 * @param principalId The person to check the permission for
138 * @param namespaceCode The namespace for the permission template
139 * @param permissionTemplateName The name of the permission template
140 * @param department The department qualifier
141 * @param asOfDate The effective date of the permission
142 *
143 * @return true if {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given department, false otherwise.
144 */
145 public boolean isAuthorizedByTemplateInDepartment(String principalId, String namespaceCode, String permissionTemplateName, String department, DateTime asOfDate) {
146 Map<String, String> permissionDetails = new HashMap<String, String>();
147
148 Map<String, String> qualification = new HashMap<String, String>();
149 qualification.put(KPMERoleMemberAttribute.DEPARTMENT.getRoleMemberAttributeName(), department);
150
151 return isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName, permissionDetails, qualification, asOfDate);
152 }
153
154 /**
155 * Checks whether the given {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given location.
156 *
157 * @param principalId The person to check the permission for
158 * @param namespaceCode The namespace for the permission template
159 * @param permissionTemplateName The name of the permission template
160 * @param location The location qualifier
161 * @param asOfDate The effective date of the permission
162 *
163 * @return true if {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given location, false otherwise.
164 */
165 public boolean isAuthorizedByTemplateInLocation(String principalId, String namespaceCode, String permissionTemplateName, String location, DateTime asOfDate) {
166 Map<String, String> permissionDetails = new HashMap<String, String>();
167
168 Map<String, String> qualification = new HashMap<String, String>();
169 qualification.put(KPMERoleMemberAttribute.LOCATION.getRoleMemberAttributeName(), location);
170
171 return isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName, permissionDetails, qualification, asOfDate);
172 }
173
174 /**
175 * Checks whether the given {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given document information.
176 *
177 * @param principalId The person to check the permission for
178 * @param namespaceCode The namespace for the permission template
179 * @param permissionTemplateName The name of the permission template
180 * @param documentTypeName The type of the document
181 * @param documentId The id of the document
182 * @param documentStatus The status of the document
183 * @param assignments The list of assignments associated with the document
184 *
185 * @return true if {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given document information, false otherwise.
186 */
187 protected boolean isAuthorizedByTemplate(String principalId, String namespaceCode, String permissionTemplateName, String documentTypeName, String documentId, DocumentStatus documentStatus, List<Assignment> assignments) {
188 boolean isAuthorized = false;
189
190 for (Assignment assignment : assignments) {
191 if (isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName, documentTypeName, documentId, documentStatus, assignment)) {
192 isAuthorized = true;
193 break;
194 }
195 }
196
197 return isAuthorized;
198 }
199
200 /**
201 * Checks whether the given {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given document information.
202 *
203 * @param principalId The person to check the permission for
204 * @param namespaceCode The namespace for the permission template
205 * @param permissionTemplateName The name of the permission template
206 * @param documentTypeName The type of the document
207 * @param documentId The id of the document
208 * @param documentStatus The status of the document
209 * @param assignment The assignment associated with the document
210 *
211 * @return true if {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given document information, false otherwise.
212 */
213 protected boolean isAuthorizedByTemplate(String principalId, String namespaceCode, String permissionTemplateName, String documentTypeName, String documentId, DocumentStatus documentStatus, Assignment assignment) {
214 boolean isAuthorized = false;
215
216 Long workArea = assignment.getWorkArea();
217 WorkArea workAreaObj = getWorkAreaService().getWorkArea(workArea, assignment.getEffectiveLocalDate());
218
219 String department = workAreaObj != null ? workAreaObj.getDept() : null;
220 Department departmentObj = getDepartmentService().getDepartment(department, assignment.getEffectiveLocalDate());
221
222 String location = departmentObj != null ? departmentObj.getLocation() : null;
223
224 if (isAuthorizedByTemplateInWorkArea(principalId, namespaceCode, permissionTemplateName, workArea, documentTypeName, documentId, documentStatus, assignment.getEffectiveLocalDate().toDateTimeAtStartOfDay())
225 || isAuthorizedByTemplateInDepartment(principalId, namespaceCode, permissionTemplateName, department, documentTypeName, documentId, documentStatus, assignment.getEffectiveLocalDate().toDateTimeAtStartOfDay())
226 || isAuthorizedByTemplateInLocation(principalId, namespaceCode, permissionTemplateName, location, documentTypeName, documentId, documentStatus, assignment.getEffectiveLocalDate().toDateTimeAtStartOfDay())) {
227 isAuthorized = true;
228 }
229
230 return isAuthorized;
231 }
232
233 /**
234 * Checks whether the given {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given document information.
235 *
236 * @param principalId The person to check the permission for
237 * @param namespaceCode The namespace for the permission template
238 * @param permissionTemplateName The name of the permission template
239 * @param documentTypeName The type of the document
240 * @param documentId The id of the document
241 * @param documentStatus The status of the document
242 * @param asOfDate The effective date of the permission
243 *
244 * @return true if {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given document information, false otherwise.
245 */
246 protected boolean isAuthorizedByTemplate(String principalId, String namespaceCode, String permissionTemplateName, String documentTypeName, String documentId, DocumentStatus documentStatus, DateTime asOfDate) {
247 Map<String, String> qualification = new HashMap<String, String>();
248
249 return isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName, documentTypeName, documentId, documentStatus, qualification, asOfDate);
250 }
251
252 /**
253 * Checks whether the given {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given work area and document information.
254 *
255 * @param principalId The person to check the permission for
256 * @param namespaceCode The namespace for the permission template
257 * @param permissionTemplateName The name of the permission template
258 * @param workArea The work area qualifier
259 * @param documentTypeName The type of the document
260 * @param documentId The id of the document
261 * @param documentStatus The status of the document
262 * @param asOfDate The effective date of the permission
263 *
264 * @return true if {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given work area and document information, false otherwise.
265 */
266 protected boolean isAuthorizedByTemplateInWorkArea(String principalId, String namespaceCode, String permissionTemplateName, Long workArea, String documentTypeName, String documentId, DocumentStatus documentStatus, DateTime asOfDate) {
267 Map<String, String> qualification = new HashMap<String, String>();
268 qualification.put(KPMERoleMemberAttribute.WORK_AREA.getRoleMemberAttributeName(), String.valueOf(workArea));
269
270 return isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName, documentTypeName, documentId, documentStatus, qualification, asOfDate);
271 }
272
273 /**
274 * Checks whether the given {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given department and document information.
275 *
276 * @param principalId The person to check the permission for
277 * @param namespaceCode The namespace for the permission template
278 * @param permissionTemplateName The name of the permission template
279 * @param department The department qualifier
280 * @param documentTypeName The type of the document
281 * @param documentId The id of the document
282 * @param documentStatus The status of the document
283 * @param asOfDate The effective date of the permission
284 *
285 * @return true if {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given department and document information, false otherwise.
286 */
287 protected boolean isAuthorizedByTemplateInDepartment(String principalId, String namespaceCode, String permissionTemplateName, String department, String documentTypeName, String documentId, DocumentStatus documentStatus, DateTime asOfDate) {
288 Map<String, String> qualification = new HashMap<String, String>();
289 qualification.put(KPMERoleMemberAttribute.DEPARTMENT.getRoleMemberAttributeName(), department);
290
291 return isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName, documentTypeName, documentId, documentStatus, qualification, asOfDate);
292 }
293
294 /**
295 * Checks whether the given {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given location and document information.
296 *
297 * @param principalId The person to check the permission for
298 * @param namespaceCode The namespace for the permission template
299 * @param permissionTemplateName The name of the permission template
300 * @param location The location qualifier
301 * @param documentTypeName The type of the document
302 * @param documentId The id of the document
303 * @param documentStatus The status of the document
304 * @param asOfDate The effective date of the permission
305 *
306 * @return true if {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given location and document information, false otherwise.
307 */
308 protected boolean isAuthorizedByTemplateInLocation(String principalId, String namespaceCode, String permissionTemplateName, String location, String documentTypeName, String documentId, DocumentStatus documentStatus, DateTime asOfDate) {
309 Map<String, String> qualification = new HashMap<String, String>();
310 qualification.put(KPMERoleMemberAttribute.LOCATION.getRoleMemberAttributeName(), location);
311
312 return isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName, documentTypeName, documentId, documentStatus, qualification, asOfDate);
313 }
314
315 /**
316 * Checks whether the given {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given document information and role qualifiers.
317 *
318 * @param principalId The person to check the permission for
319 * @param namespaceCode The namespace for the permission template
320 * @param permissionTemplateName The name of the permission template
321 * @param documentTypeName The type of the document
322 * @param documentId The id of the document
323 * @param documentStatus The status of the document
324 * @param qualification The map of role qualifiers for the person
325 * @param asOfDate The effective date of the permission
326 *
327 * @return true if {@code principalId} is authorized to perform any permission templated by {@code permissionTemplateName} for the given document information and role qualifiers, false otherwise.
328 */
329 protected boolean isAuthorizedByTemplate(String principalId, String namespaceCode, String permissionTemplateName, String documentTypeName, String documentId, DocumentStatus documentStatus, Map<String, String> qualification, DateTime asOfDate) {
330 qualification.put(KimConstants.AttributeConstants.DOCUMENT_NUMBER, documentId);
331
332 Map<String, String> permissionDetails = new HashMap<String, String>();
333 permissionDetails.put(KimConstants.AttributeConstants.DOCUMENT_TYPE_NAME, documentTypeName);
334 permissionDetails.put(KimConstants.AttributeConstants.ROUTE_STATUS_CODE, documentStatus.getCode());
335
336 return isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName, permissionDetails, qualification, asOfDate);
337 }
338
339 public DepartmentService getDepartmentService() {
340 return departmentService;
341 }
342
343 public void setDepartmentService(DepartmentService departmentService) {
344 this.departmentService = departmentService;
345 }
346
347 public WorkAreaService getWorkAreaService() {
348 return workAreaService;
349 }
350
351 public void setWorkAreaService(WorkAreaService workAreaService) {
352 this.workAreaService = workAreaService;
353 }
354
355 }