001/* 002 * Copyright 2009 The Kuali Foundation 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.kuali.ole.sys.document.workflow; 017 018import java.util.List; 019 020import org.kuali.ole.sys.context.SpringContext; 021import org.kuali.ole.sys.document.datadictionary.FinancialSystemTransactionalDocumentEntry; 022import org.kuali.rice.kew.api.KewApiServiceLocator; 023import org.kuali.rice.kew.api.document.WorkflowDocumentService; 024import org.kuali.rice.kew.api.exception.WorkflowException; 025import org.kuali.rice.kew.framework.document.security.DocumentSecurityAttribute; 026import org.kuali.rice.kim.api.services.KimApiServiceLocator; 027import org.kuali.rice.kns.service.DataDictionaryService; 028import org.kuali.rice.kns.service.DocumentHelperService; 029import org.kuali.rice.krad.datadictionary.DocumentEntry; 030import org.kuali.rice.krad.document.DocumentAuthorizer; 031import org.kuali.rice.krad.service.KRADServiceLocatorWeb; 032 033/** 034 * This class... 035 */ 036public class SensitiveDataSecurityAttribute implements DocumentSecurityAttribute { 037 private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(SensitiveDataSecurityAttribute.class); 038 039 040 @Override 041 public boolean isAuthorizedForDocument(String principalId, org.kuali.rice.kew.api.document.Document document) { 042 String docTypeName = document.getDocumentTypeName(); 043 DocumentEntry docEntry = SpringContext.getBean(DataDictionaryService.class).getDataDictionary().getDocumentEntry(docTypeName); 044 if (docEntry instanceof FinancialSystemTransactionalDocumentEntry) { 045 if (((FinancialSystemTransactionalDocumentEntry)docEntry).isPotentiallySensitive()) { 046 047 WorkflowDocumentService workflowDocService = KewApiServiceLocator.getWorkflowDocumentService(); 048 List<String> sensitiveDataCodeArray = workflowDocService.getSearchableAttributeStringValuesByKey(document.getDocumentId(),"sensitive"); 049 if (sensitiveDataCodeArray != null && sensitiveDataCodeArray.size() > 0) { 050 List<String> sensitiveDataCode = sensitiveDataCodeArray; 051 if ( sensitiveDataCode != null && sensitiveDataCode.contains("Y")) { 052 053 DocumentAuthorizer docAuthorizer = SpringContext.getBean(DocumentHelperService.class).getDocumentAuthorizer(docTypeName); 054 try { 055 return docAuthorizer.canOpen(KRADServiceLocatorWeb.getDocumentService().getByDocumentHeaderIdSessionless(document.getDocumentId()), KimApiServiceLocator.getPersonService().getPerson(principalId)); 056 } 057 catch (WorkflowException ex) { 058 LOG.error( "Exception while testing if user can open document: " + document, ex); 059 return false; 060 } 061 } 062 } 063 } 064 } 065 return true; 066 067 } 068 069}