001 /**
002 * Copyright 2004-2013 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.hr.time.authorization;
017
018 import java.util.HashMap;
019 import java.util.HashSet;
020 import java.util.Map;
021 import java.util.Set;
022
023 import org.apache.commons.lang.StringUtils;
024 import org.kuali.hr.time.roles.TkUserRoles;
025 import org.kuali.rice.kim.api.identity.Person;
026 import org.kuali.rice.kns.document.authorization.DocumentAuthorizer;
027 import org.kuali.rice.kns.document.authorization.MaintenanceDocumentAuthorizer;
028 import org.kuali.rice.krad.bo.BusinessObject;
029 import org.kuali.rice.krad.document.Document;
030 import org.kuali.rice.krad.maintenance.MaintenanceDocument;
031 import org.kuali.rice.krad.util.GlobalVariables;
032 import org.kuali.rice.krad.util.KRADConstants;
033
034 public class SystemAdminAuthorizer implements MaintenanceDocumentAuthorizer, DocumentAuthorizer {
035
036 public boolean isSystemAdmin(){
037 return TkUserRoles.getUserRoles(GlobalVariables.getUserSession().getPrincipalId()).isSystemAdmin();
038 }
039
040 public boolean isGlobalViewOnly(){
041 return TkUserRoles.getUserRoles(GlobalVariables.getUserSession().getPrincipalId()).isGlobalViewOnly();
042 }
043
044 @Override
045 public boolean canInitiate(String documentTypeName, Person user) {
046 return isSystemAdmin() || isGlobalViewOnly();
047 }
048
049 @Override
050 public boolean canOpen(Document document, Person user) {
051 return isSystemAdmin();
052 }
053
054 @Override
055 public boolean canReceiveAdHoc(Document document, Person user,
056 String actionRequestCode) {
057 return isSystemAdmin();
058 }
059
060 @Override
061 public boolean canAddNoteAttachment(Document document,
062 String attachmentTypeCode, Person user) {
063 return isSystemAdmin();
064 }
065
066 @Override
067 public boolean canDeleteNoteAttachment(Document document,
068 String attachmentTypeCode, String createdBySelfOnly, Person user) {
069 return isSystemAdmin();
070 }
071
072 @Override
073 public boolean canViewNoteAttachment(Document document,
074 String attachmentTypeCode, Person user) {
075 return isSystemAdmin();
076 }
077
078 @Override
079 public boolean canViewNoteAttachment(Document document,
080 String attachmentTypeCode, String authorUniversalIdentifier, Person user) {
081 return isSystemAdmin();
082 }
083
084 @Override
085 public boolean canSendAdHocRequests(Document document,
086 String actionRequestCd, Person user) {
087 return isSystemAdmin();
088 }
089
090 @Override
091 public boolean isAuthorized(BusinessObject businessObject,
092 String namespaceCode, String permissionName, String principalId) {
093 return isSystemAdmin();
094 }
095
096 @Override
097 public boolean isAuthorizedByTemplate(BusinessObject businessObject,
098 String namespaceCode, String permissionTemplateName,
099 String principalId) {
100 return isSystemAdmin();
101 }
102
103 @Override
104 public boolean isAuthorized(BusinessObject businessObject,
105 String namespaceCode, String permissionName, String principalId,
106 Map<String, String> additionalPermissionDetails,
107 Map<String, String> additionalRoleQualifiers) {
108 return isSystemAdmin();
109 }
110
111 @Override
112 public boolean isAuthorizedByTemplate(Object dataObject,
113 String namespaceCode, String permissionTemplateName,
114 String principalId,
115 Map<String, String> additionalPermissionDetails,
116 Map<String, String> additionalRoleQualifiers) {
117 return isSystemAdmin();
118 }
119
120 @Override
121 public Map<String, String> getCollectionItemRoleQualifications(
122 BusinessObject collectionItemBusinessObject) {
123 return new HashMap<String,String>();
124 }
125
126 @Override
127 public Map<String, String> getCollectionItemPermissionDetails(
128 BusinessObject collectionItemBusinessObject) {
129 return new HashMap<String,String>();
130 }
131
132 @Override
133 public Set<String> getSecurePotentiallyHiddenSectionIds() {
134 return new HashSet<String>();
135 }
136
137 @Override
138 public boolean canCreate(Class boClass, Person user) {
139 return isSystemAdmin();
140 }
141
142 @Override
143 public boolean canMaintain(Object dataObject, Person user) {
144 return isSystemAdmin();
145 }
146
147 @Override
148 public boolean canCreateOrMaintain(MaintenanceDocument maintenanceDocument,
149 Person user) {
150 return isSystemAdmin();
151 }
152
153 @Override
154 public Set<String> getSecurePotentiallyReadOnlySectionIds() {
155 return new HashSet<String>();
156 }
157
158 @Override
159 public boolean canEdit(Document document, Person user) {
160 return isSystemAdmin();
161 }
162
163 @Override
164 public boolean canAnnotate(Document document, Person user) {
165 return isSystemAdmin();
166 }
167
168 @Override
169 public boolean canReload(Document document, Person user) {
170 return isSystemAdmin();
171 }
172
173 @Override
174 public boolean canClose(Document document, Person user) {
175 return isSystemAdmin();
176 }
177
178 @Override
179 public boolean canSave(Document document, Person user) {
180 return isSystemAdmin();
181 }
182
183 @Override
184 public boolean canRoute(Document document, Person user) {
185 return isSystemAdmin();
186 }
187
188 @Override
189 public boolean canCancel(Document document, Person user) {
190 return isSystemAdmin();
191 }
192
193 @Override
194 public boolean canCopy(Document document, Person user) {
195 return isSystemAdmin();
196 }
197
198 @Override
199 public boolean canPerformRouteReport(Document document, Person user) {
200 return isSystemAdmin();
201 }
202
203 @Override
204 public boolean canBlanketApprove(Document document, Person user) {
205 return isSystemAdmin();
206 }
207
208 @Override
209 public boolean canApprove(Document document, Person user) {
210 return isSystemAdmin();
211 }
212
213 @Override
214 public boolean canDisapprove(Document document, Person user) {
215 return isSystemAdmin();
216 }
217
218 @Override
219 public boolean canSendNoteFyi(Document document, Person user) {
220 return isSystemAdmin();
221 }
222
223 @Override
224 public boolean canEditDocumentOverview(Document document, Person user) {
225 return isSystemAdmin();
226 }
227
228 @Override
229 public boolean canFyi(Document document, Person user) {
230 return isSystemAdmin();
231 }
232
233 @Override
234 public boolean canAcknowledge(Document document, Person user) {
235 return isSystemAdmin();
236 }
237
238 @Override
239 public boolean canSendAnyTypeAdHocRequests(Document document, Person user) {
240 return isSystemAdmin();
241 }
242
243 @Override
244 public boolean canTakeRequestedAction(Document document,
245 String actionRequestCode, Person user) {
246 return isSystemAdmin();
247 }
248
249 @Override
250 public boolean canRecall(Document document, Person user) {
251 return isSystemAdmin();
252 }
253
254 @Override
255 public boolean isAuthorized(Object dataObject, String namespaceCode,
256 String permissionName, String principalId) {
257 return isSystemAdmin();
258 }
259
260 @Override
261 public boolean isAuthorizedByTemplate(Object dataObject,
262 String namespaceCode, String permissionTemplateName,
263 String principalId) {
264 return isSystemAdmin();
265 }
266
267 @Override
268 public boolean isAuthorized(Object dataObject, String namespaceCode,
269 String permissionName, String principalId,
270 Map<String, String> additionalPermissionDetails,
271 Map<String, String> additionalRoleQualifiers) {
272 return isSystemAdmin();
273 }
274
275 /**
276 * Copied from org.kuali.rice.kns.document.authorization.DocumentAuthorizerBase
277 */
278 @Override
279 public Set<String> getDocumentActions(Document document, Person user, Set<String> documentActions) {
280 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT) && !canEdit(document, user)) {
281 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT);
282 }
283
284 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_COPY) && !canCopy(document, user)) {
285 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_COPY);
286 }
287
288 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_CLOSE) && !canClose(document, user)) {
289 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_CLOSE);
290 }
291
292 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_RELOAD) && !canReload(document, user)) {
293 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_RELOAD);
294 }
295
296 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE) && !canBlanketApprove(document, user)) {
297 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE);
298 }
299
300 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_CANCEL) && !canCancel(document, user)) {
301 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_CANCEL);
302 }
303
304 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_RECALL) && !canRecall(document, user)) {
305 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_RECALL);
306 }
307
308 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SAVE) && !canSave(document, user)) {
309 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SAVE);
310 }
311
312 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ROUTE) && !canRoute(document, user)) {
313 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ROUTE);
314 }
315
316 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE) && !canAcknowledge(document, user)) {
317 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE);
318 }
319
320 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_FYI) && !canFyi(document, user)) {
321 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_FYI);
322 }
323
324 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_APPROVE) && !canApprove(document, user)) {
325 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
326 }
327
328 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE) && !canDisapprove(document, user)) {
329 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
330 }
331
332 if (!canSendAnyTypeAdHocRequests(document, user)) {
333 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ADD_ADHOC_REQUESTS);
334 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_ADHOC_REQUESTS);
335 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
336 }
337
338 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI) && !canSendNoteFyi(document, user)) {
339 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
340 }
341
342 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ANNOTATE) && !canAnnotate(document, user)) {
343 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ANNOTATE);
344 }
345
346 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW) && !canEditDocumentOverview(
347 document, user)) {
348 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW);
349 }
350
351 if (documentActions.contains(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT) && !canPerformRouteReport(document,
352 user)) {
353 documentActions.remove(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT);
354 }
355
356 String documentStatus = document.getDocumentHeader().getWorkflowDocument().getStatus().toString();
357
358 if (StringUtils.equals(documentStatus, "FINAL")) {
359 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
360 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
361 }
362 return documentActions;
363 }
364
365 }