View Javadoc
1   /*
2    * Copyright 2009 The Kuali Foundation.
3    * 
4    * Licensed under the Educational Community License, Version 1.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    * http://www.opensource.org/licenses/ecl1.php
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.ole.sec.document.validation.impl;
17  
18  import org.apache.commons.lang.StringUtils;
19  import org.kuali.ole.sec.SecConstants;
20  import org.kuali.ole.sec.SecKeyConstants;
21  import org.kuali.ole.sec.SecPropertyConstants;
22  import org.kuali.ole.sec.businessobject.SecurityPrincipal;
23  import org.kuali.ole.sec.businessobject.SecurityPrincipalDefinition;
24  import org.kuali.rice.kns.document.MaintenanceDocument;
25  import org.kuali.rice.kns.maintenance.rules.MaintenanceDocumentRuleBase;
26  import org.kuali.rice.krad.bo.PersistableBusinessObject;
27  import org.kuali.rice.krad.util.GlobalVariables;
28  import org.kuali.rice.krad.util.KRADConstants;
29  import org.kuali.rice.krad.util.ObjectUtils;
30  
31  
32  /**
33   * Implements business rules checks on the SecurityPrincipal maintenance document
34   */
35  public class SecurityPrincipalRule extends MaintenanceDocumentRuleBase {
36      protected static org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(SecurityPrincipalRule.class);
37  
38      private SecurityPrincipal oldSecurityPrincipal;
39      private SecurityPrincipal newSecurityPrincipal;
40  
41      public SecurityPrincipalRule() {
42          super();
43      }
44  
45      /**
46       * @see org.kuali.rice.kns.maintenance.rules.MaintenanceDocumentRuleBase#processCustomApproveDocumentBusinessRules(org.kuali.rice.kns.document.MaintenanceDocument)
47       */
48      @Override
49      protected boolean processCustomApproveDocumentBusinessRules(MaintenanceDocument document) {
50          boolean isValid = super.processCustomApproveDocumentBusinessRules(document);
51  
52          isValid &= validateSecurityPrincipal();
53  
54          return isValid;
55      }
56  
57      /**
58       * @see org.kuali.rice.kns.maintenance.rules.MaintenanceDocumentRuleBase#processCustomRouteDocumentBusinessRules(org.kuali.rice.kns.document.MaintenanceDocument)
59       */
60      @Override
61      protected boolean processCustomRouteDocumentBusinessRules(MaintenanceDocument document) {
62          boolean isValid = super.processCustomRouteDocumentBusinessRules(document);
63  
64          isValid &= validateSecurityPrincipal();
65  
66          return isValid;
67      }
68  
69      /**
70       * @see org.kuali.rice.kns.maintenance.rules.MaintenanceDocumentRuleBase#processCustomAddCollectionLineBusinessRules(org.kuali.rice.kns.document.MaintenanceDocument,
71       *      java.lang.String, org.kuali.rice.krad.bo.PersistableBusinessObject)
72       */
73      @Override
74      public boolean processCustomAddCollectionLineBusinessRules(MaintenanceDocument document, String collectionName, PersistableBusinessObject line) {
75          boolean isValid = super.processCustomAddCollectionLineBusinessRules(document, collectionName, line);
76  
77          if (SecPropertyConstants.PRINCIPAL_DEFINITIONS.equals(collectionName)) {
78              isValid &= validatePrincipalDefinition((SecurityPrincipalDefinition) line, "");
79          }
80  
81          return isValid;
82      }
83  
84      /**
85       * @see org.kuali.rice.kns.maintenance.rules.MaintenanceDocumentRuleBase#setupConvenienceObjects()
86       */
87      @Override
88      public void setupConvenienceObjects() {
89          oldSecurityPrincipal = (SecurityPrincipal) super.getOldBo();
90          newSecurityPrincipal = (SecurityPrincipal) super.getNewBo();
91      }
92  
93      /**
94       * Validates the new security principal record
95       * 
96       * @return boolean true if validation was successful, false if there are errors
97       */
98      protected boolean validateSecurityPrincipal() {
99          boolean isValid = true;
100 
101         int index = 0;
102         for (SecurityPrincipalDefinition principalDefinition : newSecurityPrincipal.getPrincipalDefinitions()) {
103             String errorKeyPrefix = KRADConstants.MAINTENANCE_NEW_MAINTAINABLE + SecPropertyConstants.PRINCIPAL_DEFINITIONS + "[" + index + "].";
104 
105             boolean principalDefinitionValid = validatePrincipalDefinition(principalDefinition, errorKeyPrefix);
106             if (!principalDefinitionValid) {
107                 isValid = false;
108             }
109 
110             index++;
111         }
112 
113         return isValid;
114     }
115 
116     /**
117      * Validates a definition assignment to the principal
118      * 
119      * @param principalDefinition SecurityPrincipalDefinition to validate
120      * @param errorKeyPrefix String errorPrefix to use if any errors are found
121      * @return boolean true if validation was successful, false if there are errors
122      */
123     protected boolean validatePrincipalDefinition(SecurityPrincipalDefinition principalDefinition, String errorKeyPrefix) {
124         boolean isValid = true;
125 
126         principalDefinition.refreshNonUpdateableReferences();
127         
128         if (ObjectUtils.isNull(principalDefinition.getSecurityDefinition())) {
129             return false;
130         }
131 
132         String attributeName = principalDefinition.getSecurityDefinition().getSecurityAttribute().getName();
133         String attributeValue = principalDefinition.getAttributeValue();
134         
135         // if value is blank (which is allowed) no need to validate
136         if (StringUtils.isBlank(attributeValue)) {
137             return true;
138         }
139 
140         // descend attributes do not allow multiple values or wildcards, and operator must be equal
141         if (SecConstants.SecurityAttributeNames.CHART_DESCEND_HIERARCHY.equals(attributeName) || SecConstants.SecurityAttributeNames.ORGANIZATION_DESCEND_HIERARCHY.equals(attributeName)) {
142             if (StringUtils.contains(attributeValue, SecConstants.SecurityValueSpecialCharacters.MULTI_VALUE_SEPERATION_CHARACTER)) {
143                 GlobalVariables.getMessageMap().putError(errorKeyPrefix + SecPropertyConstants.ATTRIBUTE_VALUE, SecKeyConstants.ERROR_MODEL_DEFINITION_MULTI_ATTR_VALUE, attributeName);
144                 isValid = false;
145             }
146 
147             if (StringUtils.contains(attributeValue, SecConstants.SecurityValueSpecialCharacters.WILDCARD_CHARACTER)) {
148                 GlobalVariables.getMessageMap().putError(errorKeyPrefix + SecPropertyConstants.ATTRIBUTE_VALUE, SecKeyConstants.ERROR_MODEL_DEFINITION_WILDCARD_ATTR_VALUE, attributeName);
149                 isValid = false;
150             }
151 
152             if (!SecConstants.SecurityDefinitionOperatorCodes.EQUAL.equals(principalDefinition.getOperatorCode())) {
153                 GlobalVariables.getMessageMap().putError(errorKeyPrefix + SecPropertyConstants.OPERATOR_CODE, SecKeyConstants.ERROR_MODEL_DEFINITION_OPERATOR_CODE_NOT_EQUAL, attributeName);
154                 isValid = false;
155             }
156         }
157 
158         // validate attribute value for existence
159         isValid = isValid && SecurityValidationUtil.validateAttributeValue(attributeName, attributeValue, errorKeyPrefix);
160 
161         return isValid;
162     }
163 
164 }