View Javadoc

1   /**
2    * Copyright 2004-2013 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.hr.time.authorization;
17  
18  import java.util.HashMap;
19  import java.util.HashSet;
20  import java.util.Map;
21  import java.util.Set;
22  
23  import org.kuali.hr.time.roles.TkUserRoles;
24  import org.kuali.rice.kim.api.identity.Person;
25  import org.kuali.rice.kns.document.authorization.DocumentAuthorizer;
26  import org.kuali.rice.kns.document.authorization.MaintenanceDocumentAuthorizer;
27  import org.kuali.rice.krad.bo.BusinessObject;
28  import org.kuali.rice.krad.document.Document;
29  import org.kuali.rice.krad.maintenance.MaintenanceDocument;
30  import org.kuali.rice.krad.util.GlobalVariables;
31  import org.kuali.rice.krad.util.KRADConstants;
32  
33  public class SystemAdminAuthorizer implements MaintenanceDocumentAuthorizer, DocumentAuthorizer {
34  	
35  	public boolean isSystemAdmin(){
36  		return TkUserRoles.getUserRoles(GlobalVariables.getUserSession().getPrincipalId()).isSystemAdmin();
37  	}
38  	
39  	public boolean isGlobalViewOnly(){
40  		return TkUserRoles.getUserRoles(GlobalVariables.getUserSession().getPrincipalId()).isGlobalViewOnly();
41  	}
42  
43  	@Override
44  	public boolean canInitiate(String documentTypeName, Person user) {
45  		return isSystemAdmin() || isGlobalViewOnly();
46  	}
47  
48  	@Override
49  	public boolean canOpen(Document document, Person user) {
50  		return isSystemAdmin();
51  	}
52  
53  	@Override
54  	public boolean canReceiveAdHoc(Document document, Person user,
55  			String actionRequestCode) {
56  		return isSystemAdmin();
57  	}
58  
59  	@Override
60  	public boolean canAddNoteAttachment(Document document,
61  			String attachmentTypeCode, Person user) {
62  		return isSystemAdmin();
63  	}
64  
65  	@Override
66  	public boolean canDeleteNoteAttachment(Document document,
67  			String attachmentTypeCode, String createdBySelfOnly, Person user) {
68  		return isSystemAdmin();
69  	}
70  	
71  	@Override
72  	public boolean canViewNoteAttachment(Document document,
73  			String attachmentTypeCode, Person user) {
74  		return isSystemAdmin();
75  	}
76  
77  	@Override
78  	public boolean canViewNoteAttachment(Document document, 
79  			String attachmentTypeCode, String authorUniversalIdentifier, Person user) {
80  		return isSystemAdmin();
81  	}
82  	
83  	@Override
84  	public boolean canSendAdHocRequests(Document document,
85  			String actionRequestCd, Person user) {
86  		return isSystemAdmin();
87  	}
88  
89  	@Override
90  	public boolean isAuthorized(BusinessObject businessObject,
91  			String namespaceCode, String permissionName, String principalId) {
92  		return isSystemAdmin();
93  	}
94  
95  	@Override
96  	public boolean isAuthorizedByTemplate(BusinessObject businessObject,
97  			String namespaceCode, String permissionTemplateName,
98  			String principalId) {
99  		return isSystemAdmin();
100 	}
101 
102 	@Override
103 	public boolean isAuthorized(BusinessObject businessObject,
104 			String namespaceCode, String permissionName, String principalId,
105 			Map<String, String> additionalPermissionDetails,
106 			Map<String, String> additionalRoleQualifiers) {
107 		return isSystemAdmin();
108 	}
109 
110 	@Override
111 	public boolean isAuthorizedByTemplate(Object dataObject,
112 			String namespaceCode, String permissionTemplateName,
113 			String principalId,
114 			Map<String, String> additionalPermissionDetails,
115 			Map<String, String> additionalRoleQualifiers) {
116 		return isSystemAdmin();
117 	}
118 
119 	@Override
120 	public Map<String, String> getCollectionItemRoleQualifications(
121 			BusinessObject collectionItemBusinessObject) {
122 		return new HashMap<String,String>();
123 	}
124 
125 	@Override
126 	public Map<String, String> getCollectionItemPermissionDetails(
127 			BusinessObject collectionItemBusinessObject) {
128 		return new HashMap<String,String>();
129 	}
130 
131 	@Override
132 	public Set<String> getSecurePotentiallyHiddenSectionIds() {
133 		return new HashSet<String>();
134 	}
135 
136 	@Override
137 	public boolean canCreate(Class boClass, Person user) {
138 		return isSystemAdmin();
139 	}
140 
141 	@Override
142 	public boolean canMaintain(Object dataObject, Person user) {
143 		return isSystemAdmin();
144 	}
145 
146 	@Override
147 	public boolean canCreateOrMaintain(MaintenanceDocument maintenanceDocument, 
148 			Person user) {
149 		return isSystemAdmin();
150 	}
151 
152 	@Override
153 	public Set<String> getSecurePotentiallyReadOnlySectionIds() {
154 		return new HashSet<String>();
155 	}
156 
157 	@Override
158 	public boolean canEdit(Document document, Person user) {
159 		return isSystemAdmin();
160 	}
161 
162 	@Override
163 	public boolean canAnnotate(Document document, Person user) {
164 		return isSystemAdmin();
165 	}
166 
167 	@Override
168 	public boolean canReload(Document document, Person user) {
169 		return isSystemAdmin();
170 	}
171 
172 	@Override
173 	public boolean canClose(Document document, Person user) {
174 		return isSystemAdmin();
175 	}
176 
177 	@Override
178 	public boolean canSave(Document document, Person user) {
179 		return isSystemAdmin();
180 	}
181 
182 	@Override
183 	public boolean canRoute(Document document, Person user) {
184 		return isSystemAdmin();
185 	}
186 
187 	@Override
188 	public boolean canCancel(Document document, Person user) {
189 		return isSystemAdmin();
190 	}
191 
192 	@Override
193 	public boolean canCopy(Document document, Person user) {
194 		return isSystemAdmin();
195 	}
196 
197 	@Override
198 	public boolean canPerformRouteReport(Document document, Person user) {
199 		return isSystemAdmin();
200 	}
201 
202 	@Override
203 	public boolean canBlanketApprove(Document document, Person user) {
204 		return isSystemAdmin();
205 	}
206 
207 	@Override
208 	public boolean canApprove(Document document, Person user) {
209 		return isSystemAdmin();
210 	}
211 
212 	@Override
213 	public boolean canDisapprove(Document document, Person user) {
214 		return isSystemAdmin();
215 	}
216 
217 	@Override
218 	public boolean canSendNoteFyi(Document document, Person user) {
219 		return isSystemAdmin();
220 	}
221 
222 	@Override
223 	public boolean canEditDocumentOverview(Document document, Person user) {
224 		return isSystemAdmin();
225 	}
226 
227 	@Override
228 	public boolean canFyi(Document document, Person user) {
229 		return isSystemAdmin();
230 	}
231 
232 	@Override
233 	public boolean canAcknowledge(Document document, Person user) {
234 		return isSystemAdmin();
235 	}
236 
237 	@Override
238 	public boolean canSendAnyTypeAdHocRequests(Document document, Person user) {
239 		return isSystemAdmin();
240 	}
241 
242 	@Override
243 	public boolean canTakeRequestedAction(Document document,
244 			String actionRequestCode, Person user) {
245 		return isSystemAdmin();
246 	}
247 
248 	@Override
249 	public boolean canRecall(Document document, Person user) {
250 		return isSystemAdmin();
251 	}
252 
253 	@Override
254 	public boolean isAuthorized(Object dataObject, String namespaceCode,
255 			String permissionName, String principalId) {
256 		return isSystemAdmin();
257 	}
258 
259 	@Override
260 	public boolean isAuthorizedByTemplate(Object dataObject,
261 			String namespaceCode, String permissionTemplateName,
262 			String principalId) {
263 		return isSystemAdmin();
264 	}
265 
266 	@Override
267 	public boolean isAuthorized(Object dataObject, String namespaceCode,
268 			String permissionName, String principalId,
269 			Map<String, String> additionalPermissionDetails,
270 			Map<String, String> additionalRoleQualifiers) {
271 		return isSystemAdmin();
272 	}
273 
274 	/**
275 	 * Copied from org.kuali.rice.kns.document.authorization.DocumentAuthorizerBase
276 	 */
277 	@Override
278 	public Set<String> getDocumentActions(Document document, Person user, Set<String> documentActions) {
279         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT) && !canEdit(document, user)) {
280             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT);
281         }
282 
283         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_COPY) && !canCopy(document, user)) {
284             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_COPY);
285         }
286 
287         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_CLOSE) && !canClose(document, user)) {
288             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_CLOSE);
289         }
290 
291         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_RELOAD) && !canReload(document, user)) {
292             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_RELOAD);
293         }
294 
295         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE) && !canBlanketApprove(document, user)) {
296             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE);
297         }
298 
299         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_CANCEL) && !canCancel(document, user)) {
300             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_CANCEL);
301         }
302 
303         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_RECALL) && !canRecall(document, user)) {
304             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_RECALL);
305         }
306 
307         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SAVE) && !canSave(document, user)) {
308             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SAVE);
309         }
310 
311         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ROUTE) && !canRoute(document, user)) {
312             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ROUTE);
313         }
314 
315         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE) && !canAcknowledge(document, user)) {
316             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE);
317         }
318 
319         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_FYI) && !canFyi(document, user)) {
320             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_FYI);
321         }
322 
323         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_APPROVE) && !canApprove(document, user)) {
324             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
325         }
326 
327         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE) && !canDisapprove(document, user)) {
328             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
329         }
330 
331         if (!canSendAnyTypeAdHocRequests(document, user)) {
332             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ADD_ADHOC_REQUESTS);
333             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_ADHOC_REQUESTS);
334             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
335         }
336 
337         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI) && !canSendNoteFyi(document, user)) {
338             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
339         }
340 
341         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ANNOTATE) && !canAnnotate(document, user)) {
342             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ANNOTATE);
343         }
344 
345         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW) && !canEditDocumentOverview(
346                 document, user)) {
347             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW);
348         }
349 
350         if (documentActions.contains(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT) && !canPerformRouteReport(document,
351                 user)) {
352             documentActions.remove(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT);
353         }
354 
355         return documentActions;
356 	}
357 
358 }