org.kuali.ole.sec.document

Class SecurityDefinitionMaintainableImpl

java.lang.Object

org.kuali.rice.krad.uif.service.impl.ViewHelperServiceImpl

org.kuali.rice.krad.maintenance.MaintainableImpl

org.kuali.rice.kns.maintenance.KualiMaintainableImpl

org.kuali.ole.sys.document.FinancialSystemMaintainable

org.kuali.ole.sec.document.AbstractSecurityModuleMaintainable

org.kuali.ole.sec.document.SecurityDefinitionMaintainableImpl

All Implemented Interfaces:

Serializable, org.kuali.rice.krad.lookup.SelectiveReferenceRefresher, org.kuali.rice.krad.maintenance.Maintainable, org.kuali.rice.krad.uif.service.ViewHelperService

public class SecurityDefinitionMaintainableImpl
extends AbstractSecurityModuleMaintainable

Maintainable implementation for the Security Definition maintenance document. Hooks into Post processing to create the KIM permissions from the definition records

See Also:

Serialized Form

Field Summary

Fields inherited from class org.kuali.rice.kns.maintenance.KualiMaintainableImpl

businessObject, businessObjectAuthorizationService, businessObjectDictionaryService, businessObjectMetaDataService, documentHelperService, inactiveRecordDisplay, maintenanceDocumentDictionaryService, newCollectionLineNames, newCollectionLines, personService

Constructor Summary

Constructors

Constructor and Description
SecurityDefinitionMaintainableImpl()

Method Summary

Methods

Modifier and Type	Method and Description
protected void	assignPermissionToRole(org.kuali.rice.kim.api.permission.Permission perm, String roleId)
protected void	createOrUpdateDefinitionRole(SecurityDefinition oldSecurityDefinition, SecurityDefinition newSecurityDefinition) Creates a new role for the definition (if the definition is new), then grants to the role any new permissions granted for the definition.
protected void	createOrUpdateDocumentPermissions(SecurityDefinition securityDefinition) Iterates through the document types and creates any new document permissions necessary or updates old permissions setting inactive if needed
protected void	createOrUpdateDocumentTypePermissions(String documentType, boolean active, SecurityDefinition securityDefinition) For each of the document templates ids calls helper method to create or update corresponding permission
protected void	createOrUpdateInquiryPermissions(SecurityDefinition securityDefinition) First tries to find inquiry permissions for GL namespace and LD namespace.
protected void	createOrUpdateLookupPermission(SecurityDefinition securityDefinition) First tries to retrieve a lookup permission previously setup for this definition.
protected void	createOrUpdatePermissionAndAssignToRole(String permissionName, String roleId, String permissionDescription, boolean active, org.kuali.rice.kim.api.common.template.Template permissionTemplate, Map<String,String> permissionDetails) Calls PermissionUpdateService to save a permission.
void	doRouteStatusChange(org.kuali.rice.krad.bo.DocumentHeader documentHeader)
static AccessSecurityService	getAccessSecurityService()
protected Map<String,String>	getInquiryPermissionDetails(String namespaceCode, SecurityDefinition securityDefinition) Builds an Map populated from the given method parameters.
protected Map<String,String>	getLookupPermissionDetails(SecurityDefinition securityDefinition) Builds an Map populated from the given method parameters.
protected boolean	isDocumentTypeInDefinition(String documentType, SecurityDefinition oldSecurityDefinition) Determines whether a given document type name is included in the document type list for the given security definition
protected Map<String,String>	populateDocumentTypePermissionDetails(String documentType, SecurityDefinition securityDefinition) Builds an Map populated from the given method parameters.
void	processAfterCopy(org.kuali.rice.kns.document.MaintenanceDocument document, Map<String,String[]> parameters) Override to clear out KIM role id on copy

Methods inherited from class org.kuali.ole.sec.document.AbstractSecurityModuleMaintainable

doMembershipQualificationsMatchValues, doQualificationsMatch, getDefaultRoleTypeId, getRoleMembershipForMemberType, getRoleQualifiersFromSecurityModelDefinition, refresh, updateSecurityModelRoleMember

Methods inherited from class org.kuali.ole.sys.document.FinancialSystemMaintainable

answerSplitNodeQuestion, populateChartOfAccountsCodeFields, processAfterPost, processBeforeAddLine, refreshReferences, saveBusinessObject

Methods inherited from class org.kuali.rice.kns.maintenance.KualiMaintainableImpl

addMultipleValueLookupResults, addNewLineToCollection, clearBusinessObjectOfRestrictedValues, clearCollectionRestrictedValues, clearFieldRestrictedValues, decryptEncryptedData, deleteBusinessObject, generateAllAffectedReferences, getAffectedReferencesFromLookup, getAllRefreshableReferences, getBoClass, getBusinessObject, getBusinessObjectAuthorizationService, getBusinessObjectDictionaryService, getBusinessObjectMetaDataService, getCoreSections, getDocumentHelperService, getDocumentTitle, getDuplicateIdentifierFieldsFromDataDictionary, getInactiveRecordDisplay, getMaintainableTitle, getMaintenanceDocumentDictionaryService, getMultiValueIdentifierList, getNewCollectionLine, getPersonService, getSections, getShowInactiveRecords, hasBusinessObjectExisted, initNewCollectionLine, isBoNotesEnabled, isExternalBusinessObject, isNotesEnabled, isOldBusinessObjectInDocument, isRelationshipRefreshable, performCollectionForceUpperCase, performFieldForceUpperCase, performFieldForceUpperCase, performForceUpperCase, populateBusinessObject, populateNewCollectionLines, populateNewSubCollectionLines, prepareBusinessObject, prepareBusinessObjectForAdditionFromMultipleValueLookup, processAfterAddLine, processAfterEdit, processAfterNew, saveDataObject, setBoClass, setBusinessObject, setBusinessObjectAuthorizationService, setBusinessObjectDictionaryService, setBusinessObjectMetaDataService, setDataObject, setDocumentHelperService, setGenerateBlankRequiredValues, setGenerateDefaultValues, setMaintenanceDocumentDictionaryService, setNewCollectionLineDefaultValues, setPersonService, setShowInactiveRecords, setupNewFromExisting, shouldFieldBeEncrypted

Methods inherited from class org.kuali.rice.krad.maintenance.MaintainableImpl

deleteDataObject, generateMaintenanceLocks, getCustomLockDescriptor, getDataObject, getDataObjectAuthorizationService, getDataObjectClass, getDataObjectMetaDataService, getDocumentDictionaryService, getDocumentNumber, getDocumentTitle, getDocumentTypeName, getEncryptionService, getLockingDocumentId, getLookupService, getMaintenanceAction, getMaintenanceDocumentService, getPersistableBusinessObject, getWorkflowEngineDocumentIdsToLock, isLockable, isOldDataObjectInDocument, prepareExternalBusinessObject, prepareForSave, processAfterAddLine, processAfterCopy, processAfterDeleteLine, processAfterEdit, processAfterNew, processAfterPost, processAfterRetrieve, retrieveObjectForEditOrCopy, setDataObjectAuthorizationService, setDataObjectClass, setDataObjectMetaDataService, setDocumentDictionaryService, setDocumentNumber, setEncryptionService, setLookupService, setMaintenanceAction, setMaintenanceDocumentService, setupNewFromExisting, useCustomLockDescriptors

Methods inherited from class org.kuali.rice.krad.uif.service.impl.ViewHelperServiceImpl

addCustomContainerComponents, addLine, adjustIdIfNecessary, applyAuthorizationAndPresentationLogic, applyDefaultValues, applyDefaultValuesForCollectionLine, buildClientSideStateScript, buildExportTableData, buildExportTableRow, buildGrowlScript, buildInquiryLink, cleanViewAfterRender, findNestedDictionaryAttribute, getBusinessObjectService, getCommonContext, getConfigurationService, getDataDictionaryService, getExportTableFormatOptions, getExpressionEvaluator, getPersistenceService, getPersistenceStructureService, getPreModelContext, getViewDictionaryService, initializeDataFieldFromDataDictionary, invokeMethodFinalizer, logAndThrowRuntime, performAddLineValidation, performApplyModel, performComponentApplyModel, performComponentFinalize, performComponentInitialization, performComponentLifecycle, performCustomApplyModel, performCustomFinalize, performCustomInitialization, performDeleteLineValidation, performFinalize, performInitialization, populateDefaultValueForField, populateViewFromRequestParameters, processAfterSaveLine, processAnyRemoteFieldsHolder, processBeforeAddLine, processBeforeSaveLine, processCollectionAddBlankLine, processCollectionAddLine, processCollectionDeleteLine, processCollectionSaveLine, processMultipleValueLookupResults, refreshReferences, retrieveEditModesAndActionFlags, runComponentModifiers, setBusinessObjectService, setConfigurationService, setDataDictionaryService, setExpressionEvaluator, setPersistenceService, setPersistenceStructureService, setViewContext, setViewDictionaryService, spawnSubLifecyle, syncClientSideStateForComponent

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.kuali.rice.krad.maintenance.Maintainable

deleteDataObject, generateMaintenanceLocks, getCustomLockDescriptor, getDataObject, getDataObjectClass, getDocumentTitle, getLockingDocumentId, getMaintenanceAction, getPersistableBusinessObject, getWorkflowEngineDocumentIdsToLock, isLockable, isOldDataObjectInDocument, prepareExternalBusinessObject, prepareForSave, processAfterCopy, processAfterEdit, processAfterNew, processAfterPost, processAfterRetrieve, retrieveObjectForEditOrCopy, setDataObjectClass, setDocumentNumber, setMaintenanceAction, setupNewFromExisting, useCustomLockDescriptors

Methods inherited from interface org.kuali.rice.krad.uif.service.ViewHelperService

applyDefaultValuesForCollectionLine, buildExportTableData, buildInquiryLink, cleanViewAfterRender, getCommonContext, getExpressionEvaluator, performApplyModel, performComponentInitialization, performComponentLifecycle, performFinalize, performInitialization, populateViewFromRequestParameters, processCollectionAddBlankLine, processCollectionAddLine, processCollectionDeleteLine, processCollectionSaveLine, processMultipleValueLookupResults, refreshReferences, spawnSubLifecyle

Constructor Detail

SecurityDefinitionMaintainableImpl

public SecurityDefinitionMaintainableImpl()

Method Detail

doRouteStatusChange

public void doRouteStatusChange(org.kuali.rice.krad.bo.DocumentHeader documentHeader)

Specified by:

doRouteStatusChange in interface org.kuali.rice.krad.maintenance.Maintainable

Overrides:

doRouteStatusChange in class org.kuali.rice.krad.maintenance.MaintainableImpl

See Also:

MaintainableImpl.doRouteStatusChange(org.kuali.rice.krad.bo.DocumentHeader)

createOrUpdateDefinitionRole

protected void createOrUpdateDefinitionRole(SecurityDefinition oldSecurityDefinition,
                                SecurityDefinition newSecurityDefinition)

Creates a new role for the definition (if the definition is new), then grants to the role any new permissions granted for the definition. Also update role active indicator if indicator changed values on the definition

Parameters:

oldSecurityDefinition - SecurityDefinition record before updates

newSecurityDefinition - SecurityDefinition after updates

createOrUpdateDocumentPermissions

protected void createOrUpdateDocumentPermissions(SecurityDefinition securityDefinition)

Iterates through the document types and creates any new document permissions necessary or updates old permissions setting inactive if needed

Parameters:

oldSecurityDefinition - SecurityDefiniton record before requested changes (old side of maintenance document)

newSecurityDefinition - SecurityDefinition record with requested changes (new side of maintenance document)

newMaintenanceAction - Indicates whether this is a new maintenance record (old side in empty)

createOrUpdateLookupPermission

protected void createOrUpdateLookupPermission(SecurityDefinition securityDefinition)

First tries to retrieve a lookup permission previously setup for this definition. If old permission found it will be updated with the new details and its active indicator will be set based on the definition active indicator and restrict lookup indicator value. If old permission does not exist but restrict lookup indicator is true on new side then a new permission will be created and will be active if definition is active on new side.

Parameters:

oldSecurityDefinition - SecurityDefiniton record before requested changes (old side of maintenance document)

newSecurityDefinition - SecurityDefinition record with requested changes (new side of maintenance document)

newMaintenanceAction - Indicates whether this is a new maintenance record (old side in empty)

createOrUpdateInquiryPermissions

protected void createOrUpdateInquiryPermissions(SecurityDefinition securityDefinition)

First tries to find inquiry permissions for GL namespace and LD namespace. If old permissions are found they will be updated with the new details and active indicator will be set based on the definition active indicator and restrict gl indicator (for gl inqury permission) and restrict ld inquiry (for ld inquiry permission). If an old permission does not exist for one or both of the namespaces and the corresponding indicators are set to true on new side then new permissions will be created with active indicator set to true if definition is active on new side.

Parameters:

oldSecurityDefinition - SecurityDefiniton record before requested changes (old side of maintenance document)

newSecurityDefinition - SecurityDefinition record with requested changes (new side of maintenance document)

newMaintenanceAction - Indicates whether this is a new maintenance record (old side in empty)

createOrUpdateDocumentTypePermissions

protected void createOrUpdateDocumentTypePermissions(String documentType,
                                         boolean active,
                                         SecurityDefinition securityDefinition)

For each of the document templates ids calls helper method to create or update corresponding permission

Parameters:

documentType - workflow document type name for permission detail

active - boolean indicating whether the permissions should be set to active (true) or non-active (false)

oldSecurityDefinition - SecurityDefiniton record before requested changes (old side of maintenance document)

newSecurityDefinition - SecurityDefinition record with requested changes (new side of maintenance document)

populateDocumentTypePermissionDetails

protected Map<String,String> populateDocumentTypePermissionDetails(String documentType,
                                                       SecurityDefinition securityDefinition)

Builds an Map populated from the given method parameters. Details are set based on the KIM 'Security Document Permission' type.

Parameters:

documentType - workflow document type name

securityDefinition - SecurityDefiniton record

Returns:

Map populated with document type name, property name, operator, and property value details

getLookupPermissionDetails

protected Map<String,String> getLookupPermissionDetails(SecurityDefinition securityDefinition)

Builds an Map populated from the given method parameters. Details are set based on the KIM 'Security Lookup Permission' type.

Parameters:

securityDefinition - SecurityDefiniton record

Returns:

Map populated with property name, operator, and property value details

getInquiryPermissionDetails

protected Map<String,String> getInquiryPermissionDetails(String namespaceCode,
                                             SecurityDefinition securityDefinition)

Builds an Map populated from the given method parameters. Details are set based on the KIM 'Security Inquiry Permission' type.

Parameters:

namespaceCode - KIM namespace code

securityDefinition - SecurityDefiniton record

Returns:

Map populated with namespace, property name, operator, and property value details

isDocumentTypeInDefinition

protected boolean isDocumentTypeInDefinition(String documentType,
                                 SecurityDefinition oldSecurityDefinition)

Determines whether a given document type name is included in the document type list for the given security definition

Parameters:

documentType - KEW document type name

oldSecurityDefinition - SecurityDefinition record

Returns:

boolean indicating whether the document type is associated with the given security definition

createOrUpdatePermissionAndAssignToRole

protected void createOrUpdatePermissionAndAssignToRole(String permissionName,
                                           String roleId,
                                           String permissionDescription,
                                           boolean active,
                                           org.kuali.rice.kim.api.common.template.Template permissionTemplate,
                                           Map<String,String> permissionDetails)

Calls PermissionUpdateService to save a permission.

Parameters:

securityDefinition - SecurityDefinition record

permissionId - ID for the permission being saved, or empty for new permission

permissionTemplateId - KIM template ID for permission to save

active - boolean indicating whether the permission should be set to active (true) or non-active (false)

permissionDetails - Map representing the permission details

See Also:

org.kuali.rice.kim.service.PermissionUpdateService#savePermission()

assignPermissionToRole

protected void assignPermissionToRole(org.kuali.rice.kim.api.permission.Permission perm,
                          String roleId)

processAfterCopy

public void processAfterCopy(org.kuali.rice.kns.document.MaintenanceDocument document,
                    Map<String,String[]> parameters)

Override to clear out KIM role id on copy

Overrides:

processAfterCopy in class org.kuali.rice.kns.maintenance.KualiMaintainableImpl

See Also:

KualiMaintainableImpl.processAfterCopy(org.kuali.rice.kns.document.MaintenanceDocument, java.util.Map)

getAccessSecurityService

public static AccessSecurityService getAccessSecurityService()