View Javadoc
1   /*
2    * Copyright 2009 The Kuali Foundation.
3    * 
4    * Licensed under the Educational Community License, Version 1.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    * http://www.opensource.org/licenses/ecl1.php
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.ole.sec.service;
17  
18  import java.util.Collection;
19  import java.util.List;
20  import java.util.Map;
21  
22  import org.kuali.ole.sec.businessobject.AccessSecurityRestrictionInfo;
23  import org.kuali.ole.sys.businessobject.AccountingLine;
24  import org.kuali.ole.sys.businessobject.GeneralLedgerPendingEntry;
25  import org.kuali.ole.sys.document.AccountingDocument;
26  import org.kuali.rice.kim.api.common.template.Template;
27  import org.kuali.rice.kim.api.identity.Person;
28  import org.kuali.rice.krad.bo.BusinessObject;
29  import org.kuali.rice.krad.document.Document;
30  
31  
32  /**
33   * Exposes methods to apply access security restrictions to business objects from the various framework points (lookups, inquiries,
34   * document accounting lines)
35   */
36  public interface AccessSecurityService {
37  
38      /**
39       * Retrieves any setup security permissions (with lookup template) for the given person and evaluates against List of business
40       * objects. Any instances not passing validation are removed from given list.
41       * 
42       * @param results List of business object instances with data to check
43       * @param person Person to apply security for
44       */
45      public void applySecurityRestrictionsForLookup(List<? extends BusinessObject> results, Person person);
46  
47      /**
48       * Retrieves any setup security permissions (with gl inquiry template) for the given person and evaluates against List of
49       * business objects. Any instances not passing validation are removed from given list.
50       * 
51       * @param results List of business object instances with data to check
52       * @param person Person to apply security for
53       */
54      public void applySecurityRestrictionsForGLInquiry(List<? extends BusinessObject> results, Person person);
55  
56      /**
57       * Retrieves any setup security permissions for the given person and evaluates against List of business objects. Any instances not passing validation are removed from given
58       * list.
59       * 
60       * @param results List of business object instances with data to check
61       * @param person Person to apply security for
62       * @param templateId KIM template id for permissions to check
63       * @param additionalPermissionDetails Any additional details that should be matched on when retrieving permissions
64       */
65      public void applySecurityRestrictions(List<? extends BusinessObject> results, Person person, Template permissionTemplate, Map<String,String> additionalPermissionDetails);
66  
67      /**
68       * Checks any view access security permissions setup for the user and for accounting lines of the given document type
69       * 
70       * @param document AccountingDocument that contains the line to be validated, doc type of instance is used for retrieving
71       *        permissions
72       * @param accountingLine AccountingLine instance with values to check
73       * @param person the user who we are checking access for
74       * @return boolean true if user has view access for the accounting line, false otherwise
75       */
76      public boolean canViewDocumentAccountingLine(AccountingDocument document, AccountingLine accountingLine, Person person);
77  
78      /**
79       * Checks any edit access security permissions setup for the user and for accounting lines of the given document type
80       * 
81       * @param document AccountingDocument instance that contains the line to be validated, doc type of instance is used for
82       *        retrieving permissions
83       * @param accountingLine AccountingLine instance with values to check
84       * @param person the user who we are checking access for
85       * @return boolean true if user has edit access for the accounting line, false otherwise
86       */
87      public boolean canEditDocumentAccountingLine(AccountingDocument document, AccountingLine accountingLine, Person person);
88  
89      /**
90       * Checks any edit access security permissions setup for the user and for accounting lines of the given document type
91       * 
92       * @param document AccountingDocument instance that contains the line to be validated, doc type of instance is used for
93       *        retrieving permissions
94       * @param accountingLine AccountingLine instance with values to check
95       * @param person the user who we are checking access for
96       * @param restrictionInfo Object providing information on a restriction if one is found
97       * @return boolean true if user has edit access for the accounting line, false otherwise
98       */
99      public boolean canEditDocumentAccountingLine(AccountingDocument document, AccountingLine accountingLine, Person person, AccessSecurityRestrictionInfo restrictionInfo);
100 
101     /**
102      * Checks view access on all accounting lines contained on the document for given user
103      * 
104      * @param document AccountingDocument instance with accounting lines to check, doc type of instance is used for retrieving
105      *        permissions
106      * @param person the user who we are checking access for
107      * @param restrictionInfo Object providing information on a restriction if one is found
108      * @return boolean true if the user has view access for all accounting lines on the document, false if access is denied on one
109      *         or more lines
110      */
111     public boolean canViewDocument(AccountingDocument document, Person person, AccessSecurityRestrictionInfo restrictionInfo);
112 
113     /**
114      * Checks access is allowed to view document notes based on the document's accounting lines
115      * 
116      * @param document AccountingDocument instance with accounting lines to check, doc type of instance is used for retrieving
117      *        permissions
118      * @param person the user who we are checking access for
119      * @return boolean true if the user has permission to view the notes/attachments, false otherwise
120      */
121     public boolean canViewDocumentNotesAttachments(AccountingDocument document, Person person);
122 
123     /**
124      * Gets the View Document With Field Values template ID.
125      * 
126      * @return the View Document With Field Values template ID
127      */
128     public Template getViewDocumentWithFieldValueTemplate();
129 
130     /**
131      * Gets the View Accounting Line With Field Value Template Id.
132      * 
133      * @return the View Accounting Line With Field Value Template Id
134      */
135     public Template getViewAccountingLineWithFieldValueTemplate();
136 
137     /**
138      * Gets the View Notes Attachments With Field Value Template Id.
139      * 
140      * @return the View Notes Attachments With Field Value Template Id
141      */
142     public Template getViewNotesAttachmentsWithFieldValueTemplate();
143 
144     /**
145      * Gets the Edit Document With Field Value Template Id.
146      * 
147      * @return the Edit Document With Field Value Template Id
148      */
149     public Template getEditDocumentWithFieldValueTemplate();
150 
151     /**
152      * Gets the Edit Accounting Line With Field Value Template Id.
153      * 
154      * @return the Edit Accounting Line With Field Value Template Id
155      */
156     public Template getEditAccountingLineWithFieldValueTemplate();
157 
158     /**
159      * Gets the Lookup With Field Value Template Id.
160      * 
161      * @return the Lookup With Field Value Template Id
162      */
163     public Template getLookupWithFieldValueTemplate();
164 
165     /**
166      * Gets the Inquiry With Field Value Template Id.
167      * 
168      * @return the InquiryWithFieldValueTemplateId
169      */
170     public Template getInquiryWithFieldValueTemplate();
171 
172     /**
173      * Calls access security service to check view access on given GLPE for current user. Access to view the GLPE on the document should be related to the view permissions for an
174      * accounting line with the same account attributes. Called from generalLedgerPendingEntries.tag
175      *
176      * @param pendingEntry GeneralLedgerPendingEntry to check access for
177      * @return boolean true if given user has view permission, false otherwise
178      */
179     public boolean canViewGLPE(Document document, GeneralLedgerPendingEntry pendingEntry, Person person);
180 
181     /**
182      * Compares the size of the given list against the given previous size and if different adds an info message
183      *
184      * @param previousListSize int giving previous size of list to compare to
185      * @param results List to get size for and compare
186      * @param messageKey String key of message that should be added
187      */
188     public void compareListSizeAndAddMessageIfChanged(int previousListSize, List<?> results, String messageKey);
189 
190     /**
191      * Returns all the documents for which access security controls are in place.
192      *
193      */
194     public Collection<String> getAccessSecurityControlledDocumentTypeNames();
195 
196 
197    public boolean isAccessSecurityControlledDocumentType( String documentTypeName );
198 }