Coverage Report - org.kuali.rice.kew.doctype.service.impl.DocumentTypePermissionServiceImpl
 
Classes in this File Line Coverage Branch Coverage Complexity
DocumentTypePermissionServiceImpl
0%
0/214
0%
0/122
3.548
 
 1   
 /*
 2   
  * Copyright 2007-2008 The Kuali Foundation
 3   
  *
 4   
  * Licensed under the Educational Community License, Version 2.0 (the "License");
 5   
  * you may not use this file except in compliance with the License.
 6   
  * You may obtain a copy of the License at
 7   
  *
 8   
  * http://www.opensource.org/licenses/ecl2.php
 9   
  *
 10   
  * Unless required by applicable law or agreed to in writing, software
 11   
  * distributed under the License is distributed on an "AS IS" BASIS,
 12   
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13   
  * See the License for the specific language governing permissions and
 14   
  * limitations under the License.
 15   
  */
 16   
 package org.kuali.rice.kew.doctype.service.impl;
 17   
 
 18   
 import java.util.ArrayList;
 19   
 import java.util.List;
 20   
 
 21   
 import org.apache.commons.lang.StringUtils;
 22   
 import org.kuali.rice.kew.doctype.DocumentTypePolicyEnum;
 23   
 import org.kuali.rice.kew.doctype.bo.DocumentType;
 24   
 import org.kuali.rice.kew.doctype.service.DocumentTypePermissionService;
 25   
 import org.kuali.rice.kew.routeheader.DocumentRouteHeaderValue;
 26   
 import org.kuali.rice.kew.service.KEWServiceLocator;
 27   
 import org.kuali.rice.kew.util.CodeTranslator;
 28   
 import org.kuali.rice.kew.util.KEWConstants;
 29   
 import org.kuali.rice.kim.bo.impl.KimAttributes;
 30   
 import org.kuali.rice.kim.bo.types.dto.AttributeSet;
 31   
 import org.kuali.rice.kim.service.IdentityManagementService;
 32   
 import org.kuali.rice.kim.service.KIMServiceLocator;
 33   
 import org.kuali.rice.kim.service.PermissionService;
 34   
 import org.kuali.rice.kim.util.KimCommonUtils;
 35   
 import org.kuali.rice.kns.bo.Parameter;
 36   
 import org.kuali.rice.kns.datadictionary.DocumentEntry;
 37   
 import org.kuali.rice.kns.datadictionary.MaintenanceDocumentEntry;
 38   
 import org.kuali.rice.kns.document.Document;
 39   
 import org.kuali.rice.kns.document.MaintenanceDocument;
 40   
 import org.kuali.rice.kns.document.authorization.DocumentAuthorizerBase;
 41   
 import org.kuali.rice.kns.service.KNSServiceLocator;
 42   
 import org.kuali.rice.kns.util.KNSConstants;
 43   
 import org.kuali.rice.ksb.cache.RiceCacheAdministrator;
 44   
 
 45   
 /**
 46   
  * Implementation of the DocumentTypePermissionService.
 47   
  *
 48   
  * @author Kuali Rice Team (rice.collab@kuali.org)
 49   
  *
 50   
  */
 51  0 
 public class DocumentTypePermissionServiceImpl implements DocumentTypePermissionService {
 52  0 
         private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(DocumentTypePermissionServiceImpl.class);
 53   
 
 54   
         public static final String DOC_TYPE_PERM_CACHE_PREFIX = DOC_TYPE_PERM_CACHE_GROUP + ":";
 55   
         public static final String BLANKET_APPROVE_CACHE_PREFIX = DOC_TYPE_PERM_CACHE_PREFIX + "BlanketApprove:";
 56   
         public static final String PRINCIPAL_ADHOC_CACHE_PREFIX = DOC_TYPE_PERM_CACHE_PREFIX + "PrincipalAdhoc:";
 57   
         public static final String GROUP_ADHOC_CACHE_PREFIX = DOC_TYPE_PERM_CACHE_PREFIX + "GroupAdhoc:";
 58   
         public static final String ADMIN_ROUTING_CACHE_PREFIX = DOC_TYPE_PERM_CACHE_PREFIX + "AdminRouting:";
 59   
         public static final String CANCEL_CACHE_PREFIX = DOC_TYPE_PERM_CACHE_PREFIX + "Cancel:";
 60   
 
 61   
         private RiceCacheAdministrator cacheAdministrator;
 62  0 
         private final AttributeSet EMPTY_ROLE_QUALIFIERS = new AttributeSet(0);
 63   
 
 64   
         protected RiceCacheAdministrator getCacheAdministrator() {
 65  0 
                 if ( cacheAdministrator == null ) {
 66  0 
                         cacheAdministrator = KEWServiceLocator.getCacheAdministrator();
 67   
                 }
 68  0 
                 return cacheAdministrator;
 69   
         }
 70   
 
 71   
         public boolean canBlanketApprove(String principalId, DocumentType documentType, String documentStatus, String initiatorPrincipalId) {
 72  0 
                 validatePrincipalId(principalId);
 73  0 
                 validateDocumentType(documentType);
 74  0 
                 validateDocumentStatus(documentStatus);
 75  0 
                 validatePrincipalId(initiatorPrincipalId);
 76   
 
 77  0 
                 String cacheKey = buildBlanketApproveCacheKey(principalId, documentType, documentStatus, initiatorPrincipalId);
 78  0 
                 Boolean result = (Boolean)getCacheAdministrator().getFromCache(cacheKey);
 79  0 
                 if ( result == null ) {
 80  0 
                         if (documentType.isBlanketApproveGroupDefined()) {
 81  0 
                                 boolean initiatorAuthorized = true;
 82  0 
                                 if (documentType.getInitiatorMustBlanketApprovePolicy().getPolicyValue()) {
 83  0 
                                         initiatorAuthorized = executeInitiatorPolicyCheck(principalId, initiatorPrincipalId, documentStatus);
 84   
                                 }
 85  0 
                                 result = initiatorAuthorized && documentType.isBlanketApprover(principalId);
 86  0 
                         } else {
 87  0 
                                 AttributeSet permissionDetails = buildDocumentTypePermissionDetails(documentType);
 88  0 
                                 result = getIdentityManagementService().isAuthorizedByTemplateName(principalId, KEWConstants.KEW_NAMESPACE, KEWConstants.BLANKET_APPROVE_PERMISSION, permissionDetails, EMPTY_ROLE_QUALIFIERS);
 89   
                         }
 90  0 
                         getCacheAdministrator().putInCache(cacheKey, result, DOC_TYPE_PERM_CACHE_GROUP);
 91   
                 }
 92  0 
                 return result;
 93   
         }
 94   
 
 95   
         protected String buildBlanketApproveCacheKey( String principalId, DocumentType documentType, String documentStatus, String initiatorPrincipalId ) {
 96  0 
                 return BLANKET_APPROVE_CACHE_PREFIX + documentType.getName() + "/" + documentStatus + "/" + principalId + "/" + initiatorPrincipalId;
 97   
         }
 98   
 
 99   
         public boolean canReceiveAdHocRequest(String principalId, DocumentType documentType, String actionRequestType) {
 100  0 
                 validatePrincipalId(principalId);
 101  0 
                 validateDocumentType(documentType);
 102  0 
                 validateActionRequestType(actionRequestType);
 103   
 
 104  0 
                 String cacheKey = buildPrincipalAdhocCacheKey(principalId, documentType, actionRequestType );
 105  0 
                 Boolean result = (Boolean)getCacheAdministrator().getFromCache(cacheKey);
 106   
 
 107  0 
                 if ( result == null ) {
 108  0 
                         AttributeSet permissionDetails = buildDocumentTypeActionRequestPermissionDetails(documentType, actionRequestType);
 109  0 
                         if (useKimPermission(KEWConstants.KEW_NAMESPACE, KEWConstants.AD_HOC_REVIEW_PERMISSION, permissionDetails)) {
 110  0 
                                 result = getIdentityManagementService().isAuthorizedByTemplateName(principalId, KEWConstants.KEW_NAMESPACE, KEWConstants.AD_HOC_REVIEW_PERMISSION, permissionDetails, EMPTY_ROLE_QUALIFIERS);
 111   
                         } else {
 112  0 
                                 result = Boolean.TRUE;
 113   
                         }
 114  0 
                         getCacheAdministrator().putInCache(cacheKey, result, DOC_TYPE_PERM_CACHE_GROUP);
 115   
                 }
 116  0 
                 return result;
 117   
         }
 118   
 
 119   
         protected String buildPrincipalAdhocCacheKey( String principalId, DocumentType documentType, String actionRequestType ) {
 120  0 
                 return PRINCIPAL_ADHOC_CACHE_PREFIX + documentType.getName() + "/" + actionRequestType + "/" + principalId;
 121   
         }
 122   
 
 123   
         public boolean canGroupReceiveAdHocRequest(String groupId, DocumentType documentType, String actionRequestType) {
 124  0 
                 validateGroupId(groupId);
 125  0 
                 validateDocumentType(documentType);
 126  0 
                 validateActionRequestType(actionRequestType);
 127   
 
 128  0 
                 String cacheKey = buildGroupAdhocCacheKey(groupId, documentType, actionRequestType );
 129  0 
                 Boolean result = (Boolean)getCacheAdministrator().getFromCache(cacheKey);
 130   
 
 131  0 
                 if ( result == null ) {
 132  0 
                         result = Boolean.TRUE;
 133  0 
                         AttributeSet permissionDetails = buildDocumentTypeActionRequestPermissionDetails(documentType, actionRequestType);
 134  0 
                         if (useKimPermission(KEWConstants.KEW_NAMESPACE, KEWConstants.AD_HOC_REVIEW_PERMISSION, permissionDetails)) {
 135  0 
                                 List<String> principalIds = getIdentityManagementService().getGroupMemberPrincipalIds(groupId);
 136   
                                 // if any member of the group is not allowed to receive the request, then the group may not receive it
 137  0 
                                 for (String principalId : principalIds) {
 138  0 
                                         if (!getIdentityManagementService().isAuthorizedByTemplateName(principalId, KEWConstants.KEW_NAMESPACE, KEWConstants.AD_HOC_REVIEW_PERMISSION, permissionDetails, EMPTY_ROLE_QUALIFIERS)) {
 139  0 
                                                 result = Boolean.FALSE;
 140  0 
                                                 break;
 141   
                                         }
 142   
                                 }
 143   
                         }
 144  0 
                         getCacheAdministrator().putInCache(cacheKey, result, DOC_TYPE_PERM_CACHE_GROUP);
 145   
                 }
 146  0 
                 return result;
 147   
         }
 148   
 
 149   
         protected String buildGroupAdhocCacheKey( String groupId, DocumentType documentType, String actionRequestType ) {
 150  0 
                 return GROUP_ADHOC_CACHE_PREFIX + documentType.getName() + "/" + actionRequestType + "/" + groupId;
 151   
         }
 152   
 
 153   
         public boolean canAdministerRouting(String principalId, DocumentType documentType) {
 154  0 
                 validatePrincipalId(principalId);
 155  0 
                 validateDocumentType(documentType);
 156   
 
 157  0 
                 String cacheKey = buildAdminRoutingCacheKey(principalId, documentType );
 158  0 
                 Boolean result = (Boolean)getCacheAdministrator().getFromCache(cacheKey);
 159   
 
 160  0 
                 if ( result == null ) {
 161  0 
                         if (documentType.isSuperUserGroupDefined()) {
 162  0 
                                 result = documentType.isSuperUser(principalId);
 163   
                         } else {
 164  0 
                                 AttributeSet permissionDetails = buildDocumentTypePermissionDetails(documentType);
 165  0 
                                 result = getIdentityManagementService().isAuthorizedByTemplateName(principalId, KEWConstants.KEW_NAMESPACE, KEWConstants.ADMINISTER_ROUTING_PERMISSION, permissionDetails, EMPTY_ROLE_QUALIFIERS);
 166   
                         }
 167  0 
                         getCacheAdministrator().putInCache(cacheKey, result, DOC_TYPE_PERM_CACHE_GROUP);
 168   
                 }
 169   
 
 170  0 
                 return result;
 171   
         }
 172   
 
 173   
         protected String buildAdminRoutingCacheKey( String principalId, DocumentType documentType ) {
 174  0 
                 return ADMIN_ROUTING_CACHE_PREFIX + documentType.getName() + "/" + principalId;
 175   
         }
 176   
 
 177   
         public boolean canCancel(String principalId, String routeHeaderId, DocumentType documentType, List<String> routeNodeNames, String documentStatus, String initiatorPrincipalId) {
 178  0 
                 validatePrincipalId(principalId);
 179  0 
                 validateDocumentType(documentType);
 180  0 
                 validateRouteNodeNames(routeNodeNames);
 181  0 
                 validateDocumentStatus(documentStatus);
 182  0 
                 validatePrincipalId(initiatorPrincipalId);
 183   
 
 184  0 
                         if (!documentType.isPolicyDefined(DocumentTypePolicyEnum.INITIATOR_MUST_CANCEL)) {
 185  0 
                                 List<AttributeSet> permissionDetailList = buildDocumentTypePermissionDetails(documentType, routeNodeNames, documentStatus);
 186  0 
             AttributeSet roleQualifiers = buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers(documentType, documentStatus, routeHeaderId);
 187   
 
 188  0 
                                 boolean foundAtLeastOnePermission = false;
 189   
                                 // loop over permission details, only one of them needs to be authorized
 190  0 
                                 for (AttributeSet permissionDetails : permissionDetailList) {
 191  0 
                                         if (useKimPermission(KEWConstants.KEW_NAMESPACE, KEWConstants.CANCEL_PERMISSION, permissionDetails)) {
 192  0 
                                                 foundAtLeastOnePermission = true;
 193  0 
                                         if (getIdentityManagementService().isAuthorizedByTemplateName(principalId, KEWConstants.KEW_NAMESPACE, KEWConstants.CANCEL_PERMISSION, permissionDetails, roleQualifiers)) {
 194  0 
                                                         return true;
 195   
                                                 }
 196   
                                         }
 197   
                                 }
 198   
                                 // if we found defined KIM permissions, but not of them have authorized this user, return false
 199  0 
                                 if (foundAtLeastOnePermission) {
 200  0 
                                         return false;
 201   
                                 }
 202   
                         }
 203   
 
 204  0 
                         if (documentType.getInitiatorMustCancelPolicy().getPolicyValue()) {
 205  0 
                         return executeInitiatorPolicyCheck(principalId, initiatorPrincipalId, documentStatus);
 206   
                         } else {
 207  0 
                         return true;
 208   
                         }
 209   
         }
 210   
 
 211   
         public boolean canInitiate(String principalId, DocumentType documentType) {
 212  0 
                 validatePrincipalId(principalId);
 213  0 
                 validateDocumentType(documentType);
 214   
 
 215  0 
                 AttributeSet permissionDetails = buildDocumentTypePermissionDetails(documentType);
 216  0 
                 if (useKimPermission(KNSConstants.KUALI_RICE_SYSTEM_NAMESPACE, KEWConstants.INITIATE_PERMISSION, permissionDetails)) {
 217  0 
                         return getIdentityManagementService().isAuthorizedByTemplateName(principalId, KNSConstants.KUALI_RICE_SYSTEM_NAMESPACE, KEWConstants.INITIATE_PERMISSION, permissionDetails, EMPTY_ROLE_QUALIFIERS);
 218   
                 }
 219  0 
                 return true;
 220   
         }
 221   
 
 222   
         public boolean canRoute(String principalId, DocumentRouteHeaderValue documentRouteHeaderValue) {
 223  0 
                 return canRoute(principalId, documentRouteHeaderValue.getRouteHeaderId().toString(), documentRouteHeaderValue.getDocumentType(),
 224   
                                 documentRouteHeaderValue.getDocRouteStatus(), documentRouteHeaderValue.getInitiatorWorkflowId());
 225   
         }
 226   
 
 227   
         public boolean canRoute(String principalId,        String routeHeaderId, DocumentType documentType, String documentStatus, String initiatorPrincipalId) {
 228  0 
                 validatePrincipalId(principalId);
 229  0 
                 validateDocumentType(documentType);
 230  0 
                 validateDocumentStatus(documentStatus);
 231  0 
                 validatePrincipalId(initiatorPrincipalId);
 232   
 
 233  0 
                 if (!documentType.isPolicyDefined(DocumentTypePolicyEnum.INITIATOR_MUST_ROUTE)) {
 234  0 
                         AttributeSet permissionDetails = buildDocumentTypeDocumentStatusPermissionDetails(documentType, documentStatus);
 235  0 
                         AttributeSet roleQualifiers = buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers(documentType, documentStatus, routeHeaderId);
 236   
 
 237  0 
                         if (LOG.isDebugEnabled()) {
 238  0 
                                 LOG.debug("Permission details values: " + permissionDetails.formattedDump(10));
 239  0 
                                 LOG.debug("Role qualifiers values: " + roleQualifiers.formattedDump(10));
 240   
                         }
 241  0 
                         if (useKimPermission(KEWConstants.KEW_NAMESPACE, KEWConstants.ROUTE_PERMISSION, permissionDetails)) {
 242  0 
                                 return getIdentityManagementService().isAuthorizedByTemplateName(principalId, KEWConstants.KEW_NAMESPACE, KEWConstants.ROUTE_PERMISSION, permissionDetails, roleQualifiers);
 243   
                         }
 244   
                 }
 245   
 
 246  0 
                 if (documentType.getInitiatorMustRoutePolicy().getPolicyValue()) {
 247  0 
                         return executeInitiatorPolicyCheck(principalId, initiatorPrincipalId, documentStatus);
 248   
                 }
 249  0 
                 return true;
 250   
         }
 251   
 
 252   
         public boolean canAddRouteLogMessage(String principalId, DocumentRouteHeaderValue documentRouteHeaderValue) {
 253  0 
                 return canAddRouteLogMessage(principalId, documentRouteHeaderValue.getRouteHeaderId().toString(),
 254   
                                 documentRouteHeaderValue.getDocumentType(), documentRouteHeaderValue.getDocRouteStatus(),
 255   
                                 documentRouteHeaderValue.getInitiatorWorkflowId());
 256   
         }
 257   
 
 258   
         public boolean canAddRouteLogMessage(String principalId, String routeHeaderId, DocumentType documentType,
 259   
                         String documentStatus, String initiatorPrincipalId) {
 260  0 
                 validatePrincipalId(principalId);
 261  0 
                 validateDocumentType(documentType);
 262  0 
                 validateDocumentStatus(documentStatus);
 263  0 
                 validatePrincipalId(initiatorPrincipalId);
 264   
 
 265  0 
                 AttributeSet permissionDetails = buildDocumentTypeDocumentStatusPermissionDetails(documentType, documentStatus);
 266  0 
                 AttributeSet roleQualifiers = buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers(documentType,
 267   
                                 documentStatus, routeHeaderId);
 268   
 
 269  0 
                 if (LOG.isDebugEnabled()) {
 270  0 
                         LOG.debug("Permission details values: " + permissionDetails.formattedDump(10));
 271  0 
                         LOG.debug("Role qualifiers values: " + roleQualifiers.formattedDump(10));
 272   
                 }
 273   
 
 274  0 
                 if (useKimPermission(KEWConstants.KEW_NAMESPACE, KEWConstants.ADD_MESSAGE_TO_ROUTE_LOG, permissionDetails)) {
 275  0 
                         return getIdentityManagementService().isAuthorizedByTemplateName(principalId, KEWConstants.KEW_NAMESPACE,
 276   
                                         KEWConstants.ADD_MESSAGE_TO_ROUTE_LOG, permissionDetails, roleQualifiers);
 277   
                 }
 278   
 
 279  0 
                 return false;
 280   
         }
 281   
 
 282   
         public boolean canSave(String principalId, String routeHeaderId, DocumentType documentType, List<String> routeNodeNames, String documentStatus, String initiatorPrincipalId) {
 283  0 
                 validatePrincipalId(principalId);
 284  0 
                 validateDocumentType(documentType);
 285  0 
                 validateRouteNodeNames(routeNodeNames);
 286  0 
                 validateDocumentStatus(documentStatus);
 287  0 
                 validatePrincipalId(initiatorPrincipalId);
 288   
 
 289  0 
                 if (!documentType.isPolicyDefined(DocumentTypePolicyEnum.INITIATOR_MUST_SAVE)) {
 290  0 
                         List<AttributeSet> permissionDetailList = buildDocumentTypePermissionDetails(documentType, routeNodeNames, documentStatus);
 291  0 
                         AttributeSet roleQualifiers = buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers(documentType, documentStatus, routeHeaderId);
 292   
 
 293  0 
                         boolean foundAtLeastOnePermission = false;
 294   
                         // loop over permission details, only one of them needs to be authorized
 295  0 
                         for (AttributeSet permissionDetails : permissionDetailList) {
 296  0 
                                 if (useKimPermission(KEWConstants.KEW_NAMESPACE, KEWConstants.SAVE_PERMISSION, permissionDetails)) {
 297  0 
                                         foundAtLeastOnePermission = true;
 298  0 
                                         if (getIdentityManagementService().isAuthorizedByTemplateName(principalId, KEWConstants.KEW_NAMESPACE, KEWConstants.SAVE_PERMISSION, permissionDetails, roleQualifiers)) {
 299  0 
                                                 return true;
 300   
                                         }
 301   
                                 }
 302   
                         }
 303   
                         // if we found defined KIM permissions, but not of them have authorized this user, return false
 304  0 
                         if (foundAtLeastOnePermission) {
 305  0 
                                 return false;
 306   
                         }
 307   
                 }
 308   
 
 309  0 
                 if (documentType.getInitiatorMustSavePolicy().getPolicyValue()) {
 310  0 
                         return executeInitiatorPolicyCheck(principalId, initiatorPrincipalId, documentStatus);
 311   
                 }
 312  0 
                 return true;
 313   
         }
 314   
 
 315   
         protected AttributeSet buildDocumentTypePermissionDetails(DocumentType documentType) {
 316  0 
                 AttributeSet details = new AttributeSet();
 317  0 
                 details.put(KEWConstants.DOCUMENT_TYPE_NAME_DETAIL, documentType.getName());
 318  0 
                 return details;
 319   
         }
 320   
 
 321   
         protected AttributeSet buildDocumentTypeActionRequestPermissionDetails(DocumentType documentType, String actionRequestCode) {
 322  0 
                 AttributeSet details = buildDocumentTypePermissionDetails(documentType);
 323  0 
                 if (!StringUtils.isBlank(actionRequestCode)) {
 324  0 
                         details.put(KEWConstants.ACTION_REQUEST_CD_DETAIL, actionRequestCode);
 325   
                 }
 326  0 
                 return details;
 327   
         }
 328   
 
 329   
         protected AttributeSet buildDocumentTypeDocumentStatusPermissionDetails(DocumentType documentType, String documentStatus) {
 330  0 
                 AttributeSet details = buildDocumentTypePermissionDetails(documentType);
 331  0 
                 if (!StringUtils.isBlank(documentStatus)) {
 332  0 
                         details.put(KEWConstants.DOCUMENT_STATUS_DETAIL, documentStatus);
 333   
                 }
 334  0 
                 return details;
 335   
         }
 336   
 
 337   
         protected AttributeSet buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers(DocumentType documentType, String documentStatus, String routeHeaderId) {
 338  0 
                 AttributeSet qualifiers = new AttributeSet();
 339  0 
                 qualifiers.put(KimAttributes.DOCUMENT_NUMBER, routeHeaderId);
 340  0 
                 if (!StringUtils.isBlank(documentStatus)) {
 341  0 
                         qualifiers.put(KEWConstants.DOCUMENT_STATUS_DETAIL, documentStatus);
 342  0 
                         if (KEWConstants.ROUTE_HEADER_INITIATED_CD.equals(documentStatus) || KEWConstants.ROUTE_HEADER_SAVED_CD.equals(documentStatus)) {
 343  0 
                                 qualifiers.put(KimAttributes.ROUTE_NODE_NAME, DocumentAuthorizerBase.PRE_ROUTING_ROUTE_NAME);
 344   
                         }
 345   
                         else {
 346  0 
                                 qualifiers.put(KimAttributes.ROUTE_NODE_NAME, CodeTranslator.getRouteStatusLabel(documentStatus));
 347   
                         }
 348   
                 }
 349  0 
                 qualifiers.put(KEWConstants.DOCUMENT_TYPE_NAME_DETAIL, documentType.getName());
 350   
 
 351  0 
                 DocumentEntry documentEntry = KNSServiceLocator.getDataDictionaryService().getDataDictionary().getDocumentEntry(documentType.getName());
 352  0 
                 if (documentEntry != null) {
 353  0 
                         Class<? extends Document> documentClass = documentEntry.getDocumentClass();
 354   
                         String namespaceCode;
 355  0 
                         if (MaintenanceDocument.class.isAssignableFrom(documentClass)) {
 356  0 
                                 MaintenanceDocumentEntry maintenanceDocumentEntry = (MaintenanceDocumentEntry) documentEntry;
 357  0 
                                 namespaceCode = KimCommonUtils.getNamespaceCode(maintenanceDocumentEntry.getBusinessObjectClass());
 358  0 
                         }
 359   
                         else {
 360  0 
                                 namespaceCode = KimCommonUtils.getNamespaceCode(documentClass);
 361   
                         }
 362  0 
                         qualifiers.put(KimAttributes.NAMESPACE_CODE, namespaceCode);
 363   
                 }
 364   
 
 365  0 
                 return qualifiers;
 366   
         }
 367   
 
 368   
         /**
 369   
          * This method generates the permission details for the given document.  Note that this has to match the reqired
 370   
          * data defined in krim_typ_attr_t for the krim_typ_t with
 371   
          * srvc_nm='documentTypeAndNodeOrStatePermissionTypeService'.
 372   
      * TODO: See KULRICE-3490, make assembly of permission details dynamic based on db config
 373   
          *
 374   
          * @param documentType
 375   
          * @param routeNodeNames
 376   
          * @param documentStatus
 377   
          * @return
 378   
          */
 379   
         protected List<AttributeSet> buildDocumentTypePermissionDetails(DocumentType documentType,
 380   
                         List<String> routeNodeNames, String documentStatus) {
 381  0 
                 List<AttributeSet> detailList = new ArrayList<AttributeSet>();
 382   
 
 383  0 
                 for (String routeNodeName : routeNodeNames) {
 384  0 
                         AttributeSet details = buildDocumentTypePermissionDetails(documentType);
 385  0 
                         if (KEWConstants.ROUTE_HEADER_INITIATED_CD.equals(documentStatus) ||
 386   
                                         KEWConstants.ROUTE_HEADER_SAVED_CD.equals(documentStatus)) {
 387  0 
                                 details.put(KEWConstants.ROUTE_NODE_NAME_DETAIL, DocumentAuthorizerBase.PRE_ROUTING_ROUTE_NAME);
 388  0 
                         } else if (!StringUtils.isBlank(routeNodeName)) {
 389  0 
                                 details.put(KEWConstants.ROUTE_NODE_NAME_DETAIL, routeNodeName);
 390   
                         }
 391  0 
                         if (!StringUtils.isBlank(documentStatus)) {
 392  0 
                                 details.put(KEWConstants.DOCUMENT_STATUS_DETAIL, documentStatus);
 393   
                         }
 394  0 
                         if (null != documentType) {
 395  0 
                                 details.put(KEWConstants.DOCUMENT_TYPE_NAME_DETAIL, documentType.getName());
 396   
                         }
 397  0 
                         detailList.add(details);
 398  0 
                 }
 399  0 
                 return detailList;
 400   
         }
 401   
 
 402   
 
 403   
         protected boolean useKimPermission(String namespace, String permissionTemplateName, AttributeSet permissionDetails) {
 404  0 
                 Parameter kimPriorityParam = KNSServiceLocator.getParameterService().retrieveParameter(KEWConstants.KEW_NAMESPACE, KNSConstants.DetailTypes.ALL_DETAIL_TYPE, KEWConstants.KIM_PRIORITY_ON_DOC_TYP_PERMS_IND);
 405  0 
                 if (kimPriorityParam == null || "Y".equals(kimPriorityParam.getParameterValue())) {
 406  0 
                         return getIdentityManagementService().isPermissionDefinedForTemplateName(namespace, permissionTemplateName, permissionDetails);
 407   
                 }
 408  0 
                 return false;
 409   
         }
 410   
 
 411   
         private boolean executeInitiatorPolicyCheck(String principalId, String initiatorPrincipalId, String documentStatus) {
 412  0 
                 return principalId.equals(initiatorPrincipalId) || !(KEWConstants.ROUTE_HEADER_SAVED_CD.equals(documentStatus) || KEWConstants.ROUTE_HEADER_INITIATED_CD.equals(documentStatus));
 413   
         }
 414   
 
 415   
         private void validatePrincipalId(String principalId) {
 416  0 
                 if (StringUtils.isBlank(principalId)) {
 417  0 
                         throw new IllegalArgumentException("Invalid principal ID, value was empty");
 418   
                 }
 419  0 
         }
 420   
 
 421   
         private void validateGroupId(String groupId) {
 422  0 
                 if (StringUtils.isBlank(groupId)) {
 423  0 
                         throw new IllegalArgumentException("Invalid group ID, value was empty");
 424   
                 }
 425  0 
         }
 426   
 
 427   
         private void validateDocumentType(DocumentType documentType) {
 428  0 
                 if (documentType == null) {
 429  0 
                         throw new IllegalArgumentException("DocumentType cannot be null");
 430   
                 }
 431  0 
         }
 432   
 
 433   
         private void validateActionRequestType(String actionRequestType) {
 434  0 
                 if (StringUtils.isBlank(actionRequestType)) {
 435  0 
                         throw new IllegalArgumentException("Invalid action request type, value was empty");
 436   
                 }
 437  0 
                 if (!KEWConstants.ACTION_REQUEST_CODES.containsKey(actionRequestType)) {
 438  0 
                         throw new IllegalArgumentException("Invalid action request type was given, value was: " + actionRequestType);
 439   
                 }
 440  0 
         }
 441   
 
 442   
         private void validateRouteNodeNames(List<String> routeNodeNames) {
 443  0 
                 if (routeNodeNames.isEmpty()) {
 444  0 
                     return;
 445   
                         //throw new IllegalArgumentException("List of route node names was empty.");
 446   
                 }
 447  0 
                 for (String routeNodeName : routeNodeNames) {
 448  0 
                         if (StringUtils.isBlank(routeNodeName)) {
 449  0 
                                 throw new IllegalArgumentException("List of route node names contained an invalid route node name, value was empty");
 450   
                         }
 451   
                 }
 452  0 
         }
 453   
 
 454   
         private void validateDocumentStatus(String documentStatus) {
 455  0 
                 if (StringUtils.isBlank(documentStatus)) {
 456  0 
                         throw new IllegalArgumentException("Invalid document status, value was empty");
 457   
                 }
 458  0 
                 if (!KEWConstants.DOCUMENT_STATUSES.containsKey(documentStatus)) {
 459  0 
                         throw new IllegalArgumentException("Invalid document status was given, value was: " + documentStatus);
 460   
                 }
 461  0 
         }
 462   
 
 463   
         protected IdentityManagementService getIdentityManagementService() {
 464  0 
                 return KIMServiceLocator.getIdentityManagementService();
 465   
         }
 466   
 
 467   
         protected PermissionService getPermissionService() {
 468  0 
                 return KIMServiceLocator.getPermissionService();
 469   
         }
 470   
 
 471   
 }
Report generated by Cobertura 1.9.4.1 on 2/8/11 2:29 PM.