001/*
002 * Copyright 2009 The Kuali Foundation
003 * 
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 * 
008 * http://www.opensource.org/licenses/ecl2.php
009 * 
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.ole.sys.document.workflow;
017
018import java.util.List;
019
020import org.kuali.ole.sys.context.SpringContext;
021import org.kuali.ole.sys.document.datadictionary.FinancialSystemTransactionalDocumentEntry;
022import org.kuali.rice.kew.api.KewApiServiceLocator;
023import org.kuali.rice.kew.api.document.WorkflowDocumentService;
024import org.kuali.rice.kew.api.exception.WorkflowException;
025import org.kuali.rice.kew.framework.document.security.DocumentSecurityAttribute;
026import org.kuali.rice.kim.api.services.KimApiServiceLocator;
027import org.kuali.rice.kns.service.DataDictionaryService;
028import org.kuali.rice.kns.service.DocumentHelperService;
029import org.kuali.rice.krad.datadictionary.DocumentEntry;
030import org.kuali.rice.krad.document.DocumentAuthorizer;
031import org.kuali.rice.krad.service.KRADServiceLocatorWeb;
032
033/**
034 * This class...
035 */
036public class SensitiveDataSecurityAttribute implements DocumentSecurityAttribute {
037    private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(SensitiveDataSecurityAttribute.class);
038
039
040    @Override
041    public boolean isAuthorizedForDocument(String principalId, org.kuali.rice.kew.api.document.Document document) {
042        String docTypeName = document.getDocumentTypeName();
043        DocumentEntry docEntry = SpringContext.getBean(DataDictionaryService.class).getDataDictionary().getDocumentEntry(docTypeName);
044        if (docEntry instanceof FinancialSystemTransactionalDocumentEntry) {
045            if (((FinancialSystemTransactionalDocumentEntry)docEntry).isPotentiallySensitive()) {
046
047                WorkflowDocumentService workflowDocService = KewApiServiceLocator.getWorkflowDocumentService();
048                List<String> sensitiveDataCodeArray = workflowDocService.getSearchableAttributeStringValuesByKey(document.getDocumentId(),"sensitive");
049                if (sensitiveDataCodeArray != null && sensitiveDataCodeArray.size() > 0) {
050                    List<String> sensitiveDataCode = sensitiveDataCodeArray;
051                    if ( sensitiveDataCode != null && sensitiveDataCode.contains("Y")) {
052    
053                        DocumentAuthorizer docAuthorizer = SpringContext.getBean(DocumentHelperService.class).getDocumentAuthorizer(docTypeName);
054                        try {
055                            return docAuthorizer.canOpen(KRADServiceLocatorWeb.getDocumentService().getByDocumentHeaderIdSessionless(document.getDocumentId()), KimApiServiceLocator.getPersonService().getPerson(principalId));
056                        }
057                        catch (WorkflowException ex) {
058                            LOG.error( "Exception while testing if user can open document: " + document, ex);
059                            return false;
060                        }
061                    }
062                }
063            }
064        }
065        return true;
066        
067    }
068
069}