View Javadoc

1   /**
2    * Copyright 2005-2011 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.uif.authorization;
17  
18  import org.apache.commons.logging.Log;
19  import org.apache.commons.logging.LogFactory;
20  import org.kuali.rice.kew.api.KewApiServiceLocator;
21  import org.kuali.rice.kew.api.WorkflowDocument;
22  import org.kuali.rice.kew.api.doctype.ProcessDefinition;
23  import org.kuali.rice.kew.api.doctype.RoutePath;
24  import org.kuali.rice.kew.api.KewApiConstants;
25  import org.kuali.rice.kim.api.KimConstants;
26  import org.kuali.rice.kim.api.identity.Person;
27  import org.kuali.rice.krad.document.Document;
28  import org.kuali.rice.krad.service.KRADServiceLocatorWeb;
29  import org.kuali.rice.krad.util.KRADConstants;
30  import org.kuali.rice.krad.web.form.DocumentFormBase;
31  import org.kuali.rice.krad.web.form.UifFormBase;
32  
33  import java.util.Collections;
34  import java.util.HashMap;
35  import java.util.Map;
36  import java.util.Set;
37  
38  /**
39   * @author Kuali Rice Team (rice.collab@kuali.org)
40   */
41  public class DocumentAuthorizerBase extends AuthorizerBase {
42      protected static Log LOG = LogFactory.getLog(DocumentAuthorizerBase.class);
43  
44      public static final String PRE_ROUTING_ROUTE_NAME = "PreRoute";
45      public static final String EDIT_MODE_DEFAULT_TRUE_VALUE = "TRUE";
46      public static final String USER_SESSION_METHOD_TO_CALL_OBJECT_KEY = "METHOD_TO_CALL_KEYS_METHOD_OBJECT_KEY";
47      public static final String USER_SESSION_METHOD_TO_CALL_COMPLETE_OBJECT_KEY = "METHOD_TO_CALL_KEYS_COMPLETE_OBJECT_KEY";
48  
49      @Override
50      public Set<String> getActionFlags(UifFormBase model, Person user, Set<String> documentActions) {
51          Document document = ((DocumentFormBase) model).getDocument();
52  
53          if (LOG.isDebugEnabled()) {
54              LOG.debug("calling DocumentAuthorizerBase.getDocumentActionFlags for document '"
55                      + document.getDocumentNumber() + "'. user '" + user.getPrincipalName() + "'");
56          }
57  
58          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT)
59                  && !isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
60                          KimConstants.PermissionTemplateNames.EDIT_DOCUMENT, user.getPrincipalId())) {
61              documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT);
62          }
63  
64          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_COPY)
65                  && !isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
66                          KimConstants.PermissionTemplateNames.COPY_DOCUMENT, user.getPrincipalId())) {
67              documentActions.remove(KRADConstants.KUALI_ACTION_CAN_COPY);
68          }
69  
70          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE)
71                  && !isAuthorizedByTemplate(document, KRADConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
72                          KimConstants.PermissionTemplateNames.BLANKET_APPROVE_DOCUMENT, user.getPrincipalId())) {
73              documentActions.remove(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE);
74          }
75  
76          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_CANCEL)
77                  && !isAuthorizedByTemplate(document, KRADConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
78                          KimConstants.PermissionTemplateNames.CANCEL_DOCUMENT, user.getPrincipalId())) {
79              documentActions.remove(KRADConstants.KUALI_ACTION_CAN_CANCEL);
80          }
81  
82          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SAVE)
83                  && !isAuthorizedByTemplate(document, KRADConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
84                          KimConstants.PermissionTemplateNames.SAVE_DOCUMENT, user.getPrincipalId())) {
85              documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SAVE);
86          }
87  
88          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ROUTE)
89                  && !isAuthorizedByTemplate(document, KRADConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
90                          KimConstants.PermissionTemplateNames.ROUTE_DOCUMENT, user.getPrincipalId())) {
91              documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ROUTE);
92          }
93  
94          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE)
95                  && !canTakeRequestedAction(document, KewApiConstants.ACTION_REQUEST_ACKNOWLEDGE_REQ, user)) {
96              documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE);
97          }
98  
99          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_FYI)
100                 && !canTakeRequestedAction(document, KewApiConstants.ACTION_REQUEST_FYI_REQ, user)) {
101             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_FYI);
102         }
103 
104         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_APPROVE)
105                 || documentActions.contains(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE)) {
106             if (!canTakeRequestedAction(document, KewApiConstants.ACTION_REQUEST_APPROVE_REQ, user)) {
107                 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
108                 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
109             }
110         }
111 
112         if (!canSendAnyTypeAdHocRequests(document, user)) {
113             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ADD_ADHOC_REQUESTS);
114             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_ADHOC_REQUESTS);
115             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
116         }
117 
118         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI)
119                 && !canSendAdHocRequests(document, KewApiConstants.ACTION_REQUEST_FYI_REQ, user)) {
120             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
121         }
122 
123         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ANNOTATE)
124                 && !documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT)) {
125             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ANNOTATE);
126         }
127 
128         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT__DOCUMENT_OVERVIEW)
129                 && !canEditDocumentOverview(document, user)) {
130             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT__DOCUMENT_OVERVIEW);
131         }
132 
133         return documentActions;
134     }
135 
136     public final boolean canInitiate(String documentTypeName, Person user) {
137 		String nameSpaceCode = KRADConstants.KUALI_RICE_SYSTEM_NAMESPACE;
138 		Map<String, String> permissionDetails = new HashMap<String, String>();
139 		permissionDetails.put(KimConstants.AttributeConstants.DOCUMENT_TYPE_NAME,
140 				documentTypeName);
141 		return getPermissionService().isAuthorizedByTemplateName(
142 				user.getPrincipalId(), nameSpaceCode,
143 				KimConstants.PermissionTemplateNames.INITIATE_DOCUMENT,
144 				permissionDetails, Collections.<String, String>emptyMap());
145 	}
146 
147 	public final boolean canReceiveAdHoc(Document document, Person user,
148 			String actionRequestCode) {
149 		Map<String,String> additionalPermissionDetails = new HashMap<String, String>();
150 		additionalPermissionDetails.put(KimConstants.AttributeConstants.ACTION_REQUEST_CD, actionRequestCode);
151 		return isAuthorizedByTemplate(document,
152 				KRADConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
153 				KimConstants.PermissionTemplateNames.AD_HOC_REVIEW_DOCUMENT,
154 				user.getPrincipalId(), additionalPermissionDetails, null );
155 	}
156 
157 	public final boolean canOpen(Document document, Person user) {
158 		return isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
159 				KimConstants.PermissionTemplateNames.OPEN_DOCUMENT, user
160 						.getPrincipalId());
161 	}
162 
163 	public final boolean canAddNoteAttachment(Document document,
164 			String attachmentTypeCode, Person user) {
165 		Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
166 		if (attachmentTypeCode != null) {
167 			additionalPermissionDetails.put(KimConstants.AttributeConstants.ATTACHMENT_TYPE_CODE,
168 					attachmentTypeCode);
169 		}
170 		return isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
171 				KimConstants.PermissionTemplateNames.ADD_NOTE_ATTACHMENT, user
172 						.getPrincipalId(), additionalPermissionDetails, null);
173 	}
174 
175 	public final boolean canDeleteNoteAttachment(Document document,
176 			String attachmentTypeCode, String createdBySelfOnly, Person user) {
177 		Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
178 		if (attachmentTypeCode != null) {
179 			additionalPermissionDetails.put(KimConstants.AttributeConstants.ATTACHMENT_TYPE_CODE,
180 					attachmentTypeCode);
181 		}
182 		additionalPermissionDetails.put(KimConstants.AttributeConstants.CREATED_BY_SELF,
183 				createdBySelfOnly);
184 		return isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
185 				KimConstants.PermissionTemplateNames.DELETE_NOTE_ATTACHMENT,
186 				user.getPrincipalId(), additionalPermissionDetails, null);
187 	}
188 
189 	public final boolean canViewNoteAttachment(Document document,
190 			String attachmentTypeCode, Person user) {
191 		Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
192 		if (attachmentTypeCode != null) {
193 			additionalPermissionDetails.put(KimConstants.AttributeConstants.ATTACHMENT_TYPE_CODE,
194 					attachmentTypeCode);
195 		}
196 		return isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
197 				KimConstants.PermissionTemplateNames.VIEW_NOTE_ATTACHMENT, user
198 						.getPrincipalId(), additionalPermissionDetails, null);
199 	}
200 	
201 	public final boolean canSendAdHocRequests(Document document,
202 			String actionRequestCd, Person user) {
203 		Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
204 		if (actionRequestCd != null) {
205 			additionalPermissionDetails.put(KimConstants.AttributeConstants.ACTION_REQUEST_CD,
206 					actionRequestCd);
207 		}
208 		return isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
209 				KimConstants.PermissionTemplateNames.SEND_AD_HOC_REQUEST, user
210 						.getPrincipalId(), additionalPermissionDetails, null);
211 	}
212 	
213 	public boolean canEditDocumentOverview(Document document, Person user){
214 		return isAuthorizedByTemplate(document,
215 				KRADConstants.KRAD_NAMESPACE,
216 				KimConstants.PermissionTemplateNames.EDIT_DOCUMENT,
217 				user.getPrincipalId()) && this.isDocumentInitiator(document, user);
218 	}
219 	
220 	protected final boolean canSendAnyTypeAdHocRequests(Document document, Person user) {
221 		if (canSendAdHocRequests(document, KewApiConstants.ACTION_REQUEST_FYI_REQ, user)) {
222 		    RoutePath routePath = KewApiServiceLocator.getDocumentTypeService().getRoutePathForDocumentTypeName(document.getDocumentHeader().getWorkflowDocument().getDocumentTypeName());
223 		    ProcessDefinition processDefinition = routePath.getPrimaryProcess();
224 		    if (processDefinition != null) {
225 		        if (processDefinition.getInitialRouteNode() == null) {
226 		            return false;
227 		        }
228 		    } else {
229 		        return false;
230 		    }
231 		    return true;
232 		} else if(canSendAdHocRequests(document, KewApiConstants.ACTION_REQUEST_ACKNOWLEDGE_REQ, user)){
233 			return true;
234 		}
235 		return canSendAdHocRequests(document, KewApiConstants.ACTION_REQUEST_APPROVE_REQ, user);
236 	}
237 
238 	protected boolean canTakeRequestedAction(Document document,
239 			String actionRequestCode, Person user) {
240 		Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
241 		additionalPermissionDetails.put(KimConstants.AttributeConstants.ACTION_REQUEST_CD,
242 				actionRequestCode);
243 		return isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
244 				KimConstants.PermissionTemplateNames.TAKE_REQUESTED_ACTION,
245 				user.getPrincipalId(), additionalPermissionDetails, null);
246 	}
247 
248 	@Override
249 	protected void addPermissionDetails(Object dataObject,
250 			Map<String, String> attributes) {
251 		super.addPermissionDetails(dataObject, attributes);
252 		if (dataObject instanceof Document) {
253 			addStandardAttributes((Document) dataObject, attributes);
254 		}
255 	}
256 
257 	@Override
258 	protected void addRoleQualification(Object dataObject,
259 			Map<String, String> attributes) {
260 		super.addRoleQualification(dataObject, attributes);
261 		if (dataObject instanceof Document) {
262 			addStandardAttributes((Document) dataObject, attributes);
263 		}
264 	}
265 
266 	protected void addStandardAttributes(Document document,
267 			Map<String, String> attributes) {
268 		WorkflowDocument wd = document.getDocumentHeader()
269 				.getWorkflowDocument();
270 		attributes.put(KimConstants.AttributeConstants.DOCUMENT_NUMBER, document
271 				.getDocumentNumber());
272 		attributes.put(KimConstants.AttributeConstants.DOCUMENT_TYPE_NAME, wd.getDocumentTypeName());
273 		if (wd.isInitiated() || wd.isSaved()) {
274 			attributes.put(KimConstants.AttributeConstants.ROUTE_NODE_NAME,
275 					PRE_ROUTING_ROUTE_NAME);
276 		} else {
277 			attributes.put(KimConstants.AttributeConstants.ROUTE_NODE_NAME, KRADServiceLocatorWeb.getWorkflowDocumentService().getCurrentRouteNodeNames(wd));
278 		}
279 		attributes.put(KimConstants.AttributeConstants.ROUTE_STATUS_CODE, wd.getStatus().getCode());
280 	}
281 	
282 	protected boolean isDocumentInitiator(Document document, Person user) {
283         WorkflowDocument workflowDocument = document.getDocumentHeader().getWorkflowDocument();
284         return workflowDocument.getInitiatorPrincipalId().equalsIgnoreCase(user.getPrincipalId());
285     }
286 
287 }