001 /**
002 * Copyright 2004-2013 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.hr.time.authorization;
017
018 import java.util.HashMap;
019 import java.util.HashSet;
020 import java.util.Map;
021 import java.util.Set;
022
023 import org.kuali.hr.time.roles.TkUserRoles;
024 import org.kuali.rice.kim.api.identity.Person;
025 import org.kuali.rice.kns.document.authorization.DocumentAuthorizer;
026 import org.kuali.rice.kns.document.authorization.MaintenanceDocumentAuthorizer;
027 import org.kuali.rice.krad.bo.BusinessObject;
028 import org.kuali.rice.krad.document.Document;
029 import org.kuali.rice.krad.maintenance.MaintenanceDocument;
030 import org.kuali.rice.krad.util.GlobalVariables;
031 import org.kuali.rice.krad.util.KRADConstants;
032
033 public class SystemAdminAuthorizer implements MaintenanceDocumentAuthorizer, DocumentAuthorizer {
034
035 public boolean isSystemAdmin(){
036 return TkUserRoles.getUserRoles(GlobalVariables.getUserSession().getPrincipalId()).isSystemAdmin();
037 }
038
039 public boolean isGlobalViewOnly(){
040 return TkUserRoles.getUserRoles(GlobalVariables.getUserSession().getPrincipalId()).isGlobalViewOnly();
041 }
042
043 @Override
044 public boolean canInitiate(String documentTypeName, Person user) {
045 return isSystemAdmin() || isGlobalViewOnly();
046 }
047
048 @Override
049 public boolean canOpen(Document document, Person user) {
050 return isSystemAdmin();
051 }
052
053 @Override
054 public boolean canReceiveAdHoc(Document document, Person user,
055 String actionRequestCode) {
056 return isSystemAdmin();
057 }
058
059 @Override
060 public boolean canAddNoteAttachment(Document document,
061 String attachmentTypeCode, Person user) {
062 return isSystemAdmin();
063 }
064
065 @Override
066 public boolean canDeleteNoteAttachment(Document document,
067 String attachmentTypeCode, String createdBySelfOnly, Person user) {
068 return isSystemAdmin();
069 }
070
071 @Override
072 public boolean canViewNoteAttachment(Document document,
073 String attachmentTypeCode, Person user) {
074 return isSystemAdmin();
075 }
076
077 @Override
078 public boolean canViewNoteAttachment(Document document,
079 String attachmentTypeCode, String authorUniversalIdentifier, Person user) {
080 return isSystemAdmin();
081 }
082
083 @Override
084 public boolean canSendAdHocRequests(Document document,
085 String actionRequestCd, Person user) {
086 return isSystemAdmin();
087 }
088
089 @Override
090 public boolean isAuthorized(BusinessObject businessObject,
091 String namespaceCode, String permissionName, String principalId) {
092 return isSystemAdmin();
093 }
094
095 @Override
096 public boolean isAuthorizedByTemplate(BusinessObject businessObject,
097 String namespaceCode, String permissionTemplateName,
098 String principalId) {
099 return isSystemAdmin();
100 }
101
102 @Override
103 public boolean isAuthorized(BusinessObject businessObject,
104 String namespaceCode, String permissionName, String principalId,
105 Map<String, String> additionalPermissionDetails,
106 Map<String, String> additionalRoleQualifiers) {
107 return isSystemAdmin();
108 }
109
110 @Override
111 public boolean isAuthorizedByTemplate(Object dataObject,
112 String namespaceCode, String permissionTemplateName,
113 String principalId,
114 Map<String, String> additionalPermissionDetails,
115 Map<String, String> additionalRoleQualifiers) {
116 return isSystemAdmin();
117 }
118
119 @Override
120 public Map<String, String> getCollectionItemRoleQualifications(
121 BusinessObject collectionItemBusinessObject) {
122 return new HashMap<String,String>();
123 }
124
125 @Override
126 public Map<String, String> getCollectionItemPermissionDetails(
127 BusinessObject collectionItemBusinessObject) {
128 return new HashMap<String,String>();
129 }
130
131 @Override
132 public Set<String> getSecurePotentiallyHiddenSectionIds() {
133 return new HashSet<String>();
134 }
135
136 @Override
137 public boolean canCreate(Class boClass, Person user) {
138 return isSystemAdmin();
139 }
140
141 @Override
142 public boolean canMaintain(Object dataObject, Person user) {
143 return isSystemAdmin();
144 }
145
146 @Override
147 public boolean canCreateOrMaintain(MaintenanceDocument maintenanceDocument,
148 Person user) {
149 return isSystemAdmin();
150 }
151
152 @Override
153 public Set<String> getSecurePotentiallyReadOnlySectionIds() {
154 return new HashSet<String>();
155 }
156
157 @Override
158 public boolean canEdit(Document document, Person user) {
159 return isSystemAdmin();
160 }
161
162 @Override
163 public boolean canAnnotate(Document document, Person user) {
164 return isSystemAdmin();
165 }
166
167 @Override
168 public boolean canReload(Document document, Person user) {
169 return isSystemAdmin();
170 }
171
172 @Override
173 public boolean canClose(Document document, Person user) {
174 return isSystemAdmin();
175 }
176
177 @Override
178 public boolean canSave(Document document, Person user) {
179 return isSystemAdmin();
180 }
181
182 @Override
183 public boolean canRoute(Document document, Person user) {
184 return isSystemAdmin();
185 }
186
187 @Override
188 public boolean canCancel(Document document, Person user) {
189 return isSystemAdmin();
190 }
191
192 @Override
193 public boolean canCopy(Document document, Person user) {
194 return isSystemAdmin();
195 }
196
197 @Override
198 public boolean canPerformRouteReport(Document document, Person user) {
199 return isSystemAdmin();
200 }
201
202 @Override
203 public boolean canBlanketApprove(Document document, Person user) {
204 return isSystemAdmin();
205 }
206
207 @Override
208 public boolean canApprove(Document document, Person user) {
209 return isSystemAdmin();
210 }
211
212 @Override
213 public boolean canDisapprove(Document document, Person user) {
214 return isSystemAdmin();
215 }
216
217 @Override
218 public boolean canSendNoteFyi(Document document, Person user) {
219 return isSystemAdmin();
220 }
221
222 @Override
223 public boolean canEditDocumentOverview(Document document, Person user) {
224 return isSystemAdmin();
225 }
226
227 @Override
228 public boolean canFyi(Document document, Person user) {
229 return isSystemAdmin();
230 }
231
232 @Override
233 public boolean canAcknowledge(Document document, Person user) {
234 return isSystemAdmin();
235 }
236
237 @Override
238 public boolean canSendAnyTypeAdHocRequests(Document document, Person user) {
239 return isSystemAdmin();
240 }
241
242 @Override
243 public boolean canTakeRequestedAction(Document document,
244 String actionRequestCode, Person user) {
245 return isSystemAdmin();
246 }
247
248 @Override
249 public boolean canRecall(Document document, Person user) {
250 return isSystemAdmin();
251 }
252
253 @Override
254 public boolean isAuthorized(Object dataObject, String namespaceCode,
255 String permissionName, String principalId) {
256 return isSystemAdmin();
257 }
258
259 @Override
260 public boolean isAuthorizedByTemplate(Object dataObject,
261 String namespaceCode, String permissionTemplateName,
262 String principalId) {
263 return isSystemAdmin();
264 }
265
266 @Override
267 public boolean isAuthorized(Object dataObject, String namespaceCode,
268 String permissionName, String principalId,
269 Map<String, String> additionalPermissionDetails,
270 Map<String, String> additionalRoleQualifiers) {
271 return isSystemAdmin();
272 }
273
274 /**
275 * Copied from org.kuali.rice.kns.document.authorization.DocumentAuthorizerBase
276 */
277 @Override
278 public Set<String> getDocumentActions(Document document, Person user, Set<String> documentActions) {
279 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT) && !canEdit(document, user)) {
280 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT);
281 }
282
283 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_COPY) && !canCopy(document, user)) {
284 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_COPY);
285 }
286
287 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_CLOSE) && !canClose(document, user)) {
288 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_CLOSE);
289 }
290
291 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_RELOAD) && !canReload(document, user)) {
292 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_RELOAD);
293 }
294
295 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE) && !canBlanketApprove(document, user)) {
296 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE);
297 }
298
299 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_CANCEL) && !canCancel(document, user)) {
300 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_CANCEL);
301 }
302
303 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_RECALL) && !canRecall(document, user)) {
304 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_RECALL);
305 }
306
307 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SAVE) && !canSave(document, user)) {
308 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SAVE);
309 }
310
311 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ROUTE) && !canRoute(document, user)) {
312 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ROUTE);
313 }
314
315 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE) && !canAcknowledge(document, user)) {
316 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE);
317 }
318
319 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_FYI) && !canFyi(document, user)) {
320 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_FYI);
321 }
322
323 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_APPROVE) && !canApprove(document, user)) {
324 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
325 }
326
327 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE) && !canDisapprove(document, user)) {
328 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
329 }
330
331 if (!canSendAnyTypeAdHocRequests(document, user)) {
332 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ADD_ADHOC_REQUESTS);
333 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_ADHOC_REQUESTS);
334 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
335 }
336
337 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI) && !canSendNoteFyi(document, user)) {
338 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
339 }
340
341 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ANNOTATE) && !canAnnotate(document, user)) {
342 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ANNOTATE);
343 }
344
345 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW) && !canEditDocumentOverview(
346 document, user)) {
347 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW);
348 }
349
350 if (documentActions.contains(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT) && !canPerformRouteReport(document,
351 user)) {
352 documentActions.remove(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT);
353 }
354
355 return documentActions;
356 }
357
358 }