View Javadoc

1   /**
2    * Copyright 2004-2013 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.hr.time.authorization;
17  
18  import java.util.HashMap;
19  import java.util.HashSet;
20  import java.util.Map;
21  import java.util.Set;
22  
23  import org.kuali.hr.time.roles.TkUserRoles;
24  import org.kuali.rice.kew.api.document.DocumentStatus;
25  import org.kuali.rice.kim.api.identity.Person;
26  import org.kuali.rice.kns.document.authorization.DocumentAuthorizer;
27  import org.kuali.rice.kns.document.authorization.MaintenanceDocumentAuthorizer;
28  import org.kuali.rice.krad.bo.BusinessObject;
29  import org.kuali.rice.krad.document.Document;
30  import org.kuali.rice.krad.maintenance.MaintenanceDocument;
31  import org.kuali.rice.krad.util.GlobalVariables;
32  import org.kuali.rice.krad.util.KRADConstants;
33  
34  public class SystemAdminAuthorizer implements MaintenanceDocumentAuthorizer, DocumentAuthorizer {
35  	
36  	public boolean isSystemAdmin(){
37  		return TkUserRoles.getUserRoles(GlobalVariables.getUserSession().getPrincipalId()).isSystemAdmin();
38  	}
39  	
40  	public boolean isGlobalViewOnly(){
41  		return TkUserRoles.getUserRoles(GlobalVariables.getUserSession().getPrincipalId()).isGlobalViewOnly();
42  	}
43  
44  	@Override
45  	public boolean canInitiate(String documentTypeName, Person user) {
46  		return isSystemAdmin() || isGlobalViewOnly();
47  	}
48  
49  	@Override
50  	public boolean canOpen(Document document, Person user) {
51  		return isSystemAdmin();
52  	}
53  
54  	@Override
55  	public boolean canReceiveAdHoc(Document document, Person user,
56  			String actionRequestCode) {
57  		return isSystemAdmin();
58  	}
59  
60  	@Override
61  	public boolean canAddNoteAttachment(Document document,
62  			String attachmentTypeCode, Person user) {
63  		return isSystemAdmin();
64  	}
65  
66  	@Override
67  	public boolean canDeleteNoteAttachment(Document document,
68  			String attachmentTypeCode, String createdBySelfOnly, Person user) {
69  		return isSystemAdmin();
70  	}
71  	
72  	@Override
73  	public boolean canViewNoteAttachment(Document document,
74  			String attachmentTypeCode, Person user) {
75  		return isSystemAdmin();
76  	}
77  
78  	@Override
79  	public boolean canViewNoteAttachment(Document document, 
80  			String attachmentTypeCode, String authorUniversalIdentifier, Person user) {
81  		return isSystemAdmin();
82  	}
83  	
84  	@Override
85  	public boolean canSendAdHocRequests(Document document,
86  			String actionRequestCd, Person user) {
87  		return isSystemAdmin();
88  	}
89  
90  	@Override
91  	public boolean isAuthorized(BusinessObject businessObject,
92  			String namespaceCode, String permissionName, String principalId) {
93  		return isSystemAdmin();
94  	}
95  
96  	@Override
97  	public boolean isAuthorizedByTemplate(BusinessObject businessObject,
98  			String namespaceCode, String permissionTemplateName,
99  			String principalId) {
100 		return isSystemAdmin();
101 	}
102 
103 	@Override
104 	public boolean isAuthorized(BusinessObject businessObject,
105 			String namespaceCode, String permissionName, String principalId,
106 			Map<String, String> additionalPermissionDetails,
107 			Map<String, String> additionalRoleQualifiers) {
108 		return isSystemAdmin();
109 	}
110 
111 	@Override
112 	public boolean isAuthorizedByTemplate(Object dataObject,
113 			String namespaceCode, String permissionTemplateName,
114 			String principalId,
115 			Map<String, String> additionalPermissionDetails,
116 			Map<String, String> additionalRoleQualifiers) {
117 		return isSystemAdmin();
118 	}
119 
120 	@Override
121 	public Map<String, String> getCollectionItemRoleQualifications(
122 			BusinessObject collectionItemBusinessObject) {
123 		return new HashMap<String,String>();
124 	}
125 
126 	@Override
127 	public Map<String, String> getCollectionItemPermissionDetails(
128 			BusinessObject collectionItemBusinessObject) {
129 		return new HashMap<String,String>();
130 	}
131 
132 	@Override
133 	public Set<String> getSecurePotentiallyHiddenSectionIds() {
134 		return new HashSet<String>();
135 	}
136 
137 	@Override
138 	public boolean canCreate(Class boClass, Person user) {
139 		return isSystemAdmin();
140 	}
141 
142 	@Override
143 	public boolean canMaintain(Object dataObject, Person user) {
144 		return isSystemAdmin();
145 	}
146 
147 	@Override
148 	public boolean canCreateOrMaintain(MaintenanceDocument maintenanceDocument, 
149 			Person user) {
150 		return isSystemAdmin();
151 	}
152 
153 	@Override
154 	public Set<String> getSecurePotentiallyReadOnlySectionIds() {
155 		return new HashSet<String>();
156 	}
157 
158 	@Override
159 	public boolean canEdit(Document document, Person user) {
160 		return isSystemAdmin();
161 	}
162 
163 	@Override
164 	public boolean canAnnotate(Document document, Person user) {
165 		return isSystemAdmin();
166 	}
167 
168 	@Override
169 	public boolean canReload(Document document, Person user) {
170 		return isSystemAdmin();
171 	}
172 
173 	@Override
174 	public boolean canClose(Document document, Person user) {
175 		return isSystemAdmin();
176 	}
177 
178 	@Override
179 	public boolean canSave(Document document, Person user) {
180 		return isSystemAdmin();
181 	}
182 
183 	@Override
184 	public boolean canRoute(Document document, Person user) {
185 		return isSystemAdmin();
186 	}
187 
188 	@Override
189 	public boolean canCancel(Document document, Person user) {
190 		return isSystemAdmin();
191 	}
192 
193 	@Override
194 	public boolean canCopy(Document document, Person user) {
195 		return isSystemAdmin();
196 	}
197 
198 	@Override
199 	public boolean canPerformRouteReport(Document document, Person user) {
200 		return isSystemAdmin();
201 	}
202 
203 	@Override
204 	public boolean canBlanketApprove(Document document, Person user) {
205 		return isSystemAdmin();
206 	}
207 
208 	@Override
209 	public boolean canApprove(Document document, Person user) {
210 		return isSystemAdmin();
211 	}
212 
213 	@Override
214 	public boolean canDisapprove(Document document, Person user) {
215 		return isSystemAdmin();
216 	}
217 
218 	@Override
219 	public boolean canSendNoteFyi(Document document, Person user) {
220 		return isSystemAdmin();
221 	}
222 
223 	@Override
224 	public boolean canEditDocumentOverview(Document document, Person user) {
225 		return isSystemAdmin();
226 	}
227 
228 	@Override
229 	public boolean canFyi(Document document, Person user) {
230 		return isSystemAdmin();
231 	}
232 
233 	@Override
234 	public boolean canAcknowledge(Document document, Person user) {
235 		return isSystemAdmin();
236 	}
237 
238 	@Override
239 	public boolean canSendAnyTypeAdHocRequests(Document document, Person user) {
240 		return isSystemAdmin();
241 	}
242 
243 	@Override
244 	public boolean canTakeRequestedAction(Document document,
245 			String actionRequestCode, Person user) {
246 		return isSystemAdmin();
247 	}
248 
249 	@Override
250 	public boolean canRecall(Document document, Person user) {
251 		return isSystemAdmin();
252 	}
253 
254 	@Override
255 	public boolean isAuthorized(Object dataObject, String namespaceCode,
256 			String permissionName, String principalId) {
257 		return isSystemAdmin();
258 	}
259 
260 	@Override
261 	public boolean isAuthorizedByTemplate(Object dataObject,
262 			String namespaceCode, String permissionTemplateName,
263 			String principalId) {
264 		return isSystemAdmin();
265 	}
266 
267 	@Override
268 	public boolean isAuthorized(Object dataObject, String namespaceCode,
269 			String permissionName, String principalId,
270 			Map<String, String> additionalPermissionDetails,
271 			Map<String, String> additionalRoleQualifiers) {
272 		return isSystemAdmin();
273 	}
274 
275 	/**
276 	 * Copied from org.kuali.rice.kns.document.authorization.DocumentAuthorizerBase
277 	 */
278 	@Override
279 	public Set<String> getDocumentActions(Document document, Person user, Set<String> documentActions) {
280         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT) && !canEdit(document, user)) {
281             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT);
282         }
283 
284         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_COPY) && !canCopy(document, user)) {
285             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_COPY);
286         }
287 
288         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_CLOSE) && !canClose(document, user)) {
289             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_CLOSE);
290         }
291 
292         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_RELOAD) && !canReload(document, user)) {
293             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_RELOAD);
294         }
295 
296         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE) && !canBlanketApprove(document, user)) {
297             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE);
298         }
299 
300         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_CANCEL) && !canCancel(document, user)) {
301             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_CANCEL);
302         }
303 
304         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_RECALL) && !canRecall(document, user)) {
305             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_RECALL);
306         }
307 
308         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SAVE) && !canSave(document, user)) {
309             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SAVE);
310         }
311 
312         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ROUTE) && !canRoute(document, user)) {
313             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ROUTE);
314         }
315 
316         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE) && !canAcknowledge(document, user)) {
317             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE);
318         }
319 
320         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_FYI) && !canFyi(document, user)) {
321             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_FYI);
322         }
323 
324         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_APPROVE) && !canApprove(document, user)) {
325             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
326         }
327 
328         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE) && !canDisapprove(document, user)) {
329             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
330         }
331 
332         if (!canSendAnyTypeAdHocRequests(document, user)) {
333             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ADD_ADHOC_REQUESTS);
334             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_ADHOC_REQUESTS);
335             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
336         }
337 
338         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI) && !canSendNoteFyi(document, user)) {
339             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
340         }
341 
342         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ANNOTATE) && !canAnnotate(document, user)) {
343             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ANNOTATE);
344         }
345 
346         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW) && !canEditDocumentOverview(
347                 document, user)) {
348             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW);
349         }
350 
351         if (documentActions.contains(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT) && !canPerformRouteReport(document,
352                 user)) {
353             documentActions.remove(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT);
354         }
355 
356         DocumentStatus documentStatus = document.getDocumentHeader().getWorkflowDocument().getStatus();
357 
358         if (DocumentStatus.INITIATED.equals(documentStatus) || DocumentStatus.SAVED.equals(documentStatus)) {
359             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
360             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
361         } else if (DocumentStatus.FINAL.equals(documentStatus)) {
362             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
363             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
364         }
365         
366         return documentActions;
367 	}
368 
369 }