View Javadoc
1   /*
2    * Copyright 2009 The Kuali Foundation
3    * 
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    * http://www.opensource.org/licenses/ecl2.php
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.ole.sys.document.workflow;
17  
18  import java.util.List;
19  
20  import org.kuali.ole.sys.context.SpringContext;
21  import org.kuali.ole.sys.document.datadictionary.FinancialSystemTransactionalDocumentEntry;
22  import org.kuali.rice.kew.api.KewApiServiceLocator;
23  import org.kuali.rice.kew.api.document.WorkflowDocumentService;
24  import org.kuali.rice.kew.api.exception.WorkflowException;
25  import org.kuali.rice.kew.framework.document.security.DocumentSecurityAttribute;
26  import org.kuali.rice.kim.api.services.KimApiServiceLocator;
27  import org.kuali.rice.kns.service.DataDictionaryService;
28  import org.kuali.rice.kns.service.DocumentHelperService;
29  import org.kuali.rice.krad.datadictionary.DocumentEntry;
30  import org.kuali.rice.krad.document.DocumentAuthorizer;
31  import org.kuali.rice.krad.service.KRADServiceLocatorWeb;
32  
33  /**
34   * This class...
35   */
36  public class SensitiveDataSecurityAttribute implements DocumentSecurityAttribute {
37      private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(SensitiveDataSecurityAttribute.class);
38  
39  
40      @Override
41      public boolean isAuthorizedForDocument(String principalId, org.kuali.rice.kew.api.document.Document document) {
42          String docTypeName = document.getDocumentTypeName();
43          DocumentEntry docEntry = SpringContext.getBean(DataDictionaryService.class).getDataDictionary().getDocumentEntry(docTypeName);
44          if (docEntry instanceof FinancialSystemTransactionalDocumentEntry) {
45              if (((FinancialSystemTransactionalDocumentEntry)docEntry).isPotentiallySensitive()) {
46  
47                  WorkflowDocumentService workflowDocService = KewApiServiceLocator.getWorkflowDocumentService();
48                  List<String> sensitiveDataCodeArray = workflowDocService.getSearchableAttributeStringValuesByKey(document.getDocumentId(),"sensitive");
49                  if (sensitiveDataCodeArray != null && sensitiveDataCodeArray.size() > 0) {
50                      List<String> sensitiveDataCode = sensitiveDataCodeArray;
51                      if ( sensitiveDataCode != null && sensitiveDataCode.contains("Y")) {
52      
53                          DocumentAuthorizer docAuthorizer = SpringContext.getBean(DocumentHelperService.class).getDocumentAuthorizer(docTypeName);
54                          try {
55                              return docAuthorizer.canOpen(KRADServiceLocatorWeb.getDocumentService().getByDocumentHeaderIdSessionless(document.getDocumentId()), KimApiServiceLocator.getPersonService().getPerson(principalId));
56                          }
57                          catch (WorkflowException ex) {
58                              LOG.error( "Exception while testing if user can open document: " + document, ex);
59                              return false;
60                          }
61                      }
62                  }
63              }
64          }
65          return true;
66          
67      }
68  
69  }