001/* 002 * Copyright 2009 The Kuali Foundation. 003 * 004 * Licensed under the Educational Community License, Version 1.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl1.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.kuali.ole.sec.document.validation.impl; 017 018import org.kuali.ole.sec.SecKeyConstants; 019import org.kuali.ole.sec.businessobject.AccessSecurityRestrictionInfo; 020import org.kuali.ole.sec.service.AccessSecurityService; 021import org.kuali.ole.sys.businessobject.AccountingLine; 022import org.kuali.ole.sys.context.SpringContext; 023import org.kuali.ole.sys.document.AccountingDocument; 024import org.kuali.ole.sys.document.validation.event.AccountingLineEvent; 025import org.kuali.ole.sys.document.validation.event.AddAccountingLineEvent; 026import org.kuali.ole.sys.document.validation.event.AttributedDocumentEvent; 027import org.kuali.ole.sys.document.validation.event.UpdateAccountingLineEvent; 028import org.kuali.ole.sys.document.validation.impl.AccountingRuleEngineRuleBase; 029import org.kuali.rice.krad.util.GlobalVariables; 030 031 032/** 033 * Hooks into rules to make access security checks for accounting documents 034 */ 035public class AccessSecurityAccountingDocumentRuleBase extends AccountingRuleEngineRuleBase { 036 037 /** 038 * For add or update accounting line events checks the given user has access permissions for the line 039 * 040 * @see org.kuali.ole.sys.document.validation.impl.AccountingRuleEngineRuleBase#validateForEvent(org.kuali.ole.sys.document.validation.event.AttributedDocumentEvent) 041 */ 042 @Override 043 public boolean validateForEvent(AttributedDocumentEvent event) { 044 boolean isValid = super.validateForEvent(event); 045 046 if (isValid && (event instanceof AddAccountingLineEvent || event instanceof UpdateAccountingLineEvent)) { 047 AccountingLineEvent accountingLineEvent = (AccountingLineEvent) event; 048 isValid = checkEditAccessForAccountingLine((AccountingDocument) accountingLineEvent.getDocument(), accountingLineEvent.getAccountingLine()); 049 } 050 051 return isValid; 052 } 053 054 /** 055 * Calls AccessSecurityService to check access edit permissions on accounting line for the current user 056 * 057 * @param document AccountingDocument containing the line to check 058 * @param line AccountingLine to check access on 059 * @return boolean true if user is allowed to edit the accounting line, false if the user is not allowed to 060 */ 061 protected boolean checkEditAccessForAccountingLine(AccountingDocument document, AccountingLine line) { 062 boolean editAccessAllowed = true; 063 064 AccessSecurityRestrictionInfo restrictionInfo = new AccessSecurityRestrictionInfo(); 065 boolean hasEditAccessPermission = getAccessSecurityService().canEditDocumentAccountingLine(document, line, GlobalVariables.getUserSession().getPerson(), restrictionInfo); 066 067 if (!hasEditAccessPermission) { 068 GlobalVariables.getMessageMap().putError(restrictionInfo.getPropertyName(), SecKeyConstants.ERROR_ACCOUNTING_LINE_ADD_OR_UPDATE, restrictionInfo.getPropertyLabel(), restrictionInfo.getRetrictedValue()); 069 editAccessAllowed = false; 070 } 071 072 return editAccessAllowed; 073 } 074 private static AccessSecurityService accessSecurityService; 075 protected AccessSecurityService getAccessSecurityService() { 076 if ( accessSecurityService == null ) { 077 accessSecurityService = SpringContext.getBean(AccessSecurityService.class); 078 } 079 return accessSecurityService; 080 } 081}