View Javadoc

1   /*
2    * Copyright 2007-2009 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kim.document.authorization;
17  
18  import java.util.HashMap;
19  import java.util.HashSet;
20  import java.util.Map;
21  import java.util.Set;
22  
23  import org.kuali.rice.kim.bo.Person;
24  import org.kuali.rice.kim.bo.impl.KimAttributes;
25  import org.kuali.rice.kim.bo.ui.PersonDocumentGroup;
26  import org.kuali.rice.kim.bo.ui.PersonDocumentRole;
27  import org.kuali.rice.kim.document.IdentityManagementPersonDocument;
28  import org.kuali.rice.kim.util.KimConstants;
29  import org.kuali.rice.kns.document.Document;
30  import org.kuali.rice.kns.document.authorization.TransactionalDocumentAuthorizerBase;
31  
32  /**
33   * This is a description of what this class does - shyu don't forget to fill this in. 
34   * 
35   * @author Kuali Rice Team (rice.collab@kuali.org)
36   *
37   */
38  public class IdentityManagementKimDocumentAuthorizer extends TransactionalDocumentAuthorizerBase {
39  	
40  	public Map<String,Set<String>> getUnpopulateableGroups(Document document, Person user) {
41  		Map<String,Set<String>> unpopulateableGroups = new HashMap<String,Set<String>>();
42  		for (PersonDocumentGroup personDocumentGroup : ((IdentityManagementPersonDocument)document).getGroups()) {
43  			Map<String,String> collectionOrFieldLevelPermissionDetails = new HashMap<String,String>();
44  			collectionOrFieldLevelPermissionDetails.put(KimAttributes.NAMESPACE_CODE, personDocumentGroup.getNamespaceCode());
45  			collectionOrFieldLevelPermissionDetails.put(KimAttributes.GROUP_NAME, personDocumentGroup.getGroupName());
46  			if (!isAuthorizedByTemplate(document, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.POPULATE_GROUP, user.getPrincipalId(), collectionOrFieldLevelPermissionDetails, null)) {
47  				if (!unpopulateableGroups.containsKey(personDocumentGroup.getNamespaceCode())) {
48  					unpopulateableGroups.put(personDocumentGroup.getNamespaceCode(), new HashSet<String>());
49  				}
50  				unpopulateableGroups.get(personDocumentGroup.getNamespaceCode()).add(personDocumentGroup.getGroupName());
51  			}
52  		}
53  		return unpopulateableGroups;
54  	}
55  	
56  	public Map<String,Set<String>> getUnassignableRoles(Document document, Person user) {
57  		Map<String,Set<String>> unassignableRoles = new HashMap<String,Set<String>>();
58  		for (PersonDocumentRole personDocumentRole : ((IdentityManagementPersonDocument)document).getRoles()) {
59  			Map<String,String> collectionOrFieldLevelPermissionDetails = new HashMap<String,String>();
60  			collectionOrFieldLevelPermissionDetails.put(KimAttributes.NAMESPACE_CODE, personDocumentRole.getNamespaceCode());
61  			collectionOrFieldLevelPermissionDetails.put(KimAttributes.ROLE_NAME, personDocumentRole.getRoleName());
62  			if (!isAuthorizedByTemplate(document, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.ASSIGN_ROLE, user.getPrincipalId(), collectionOrFieldLevelPermissionDetails, null)) {
63  				if (!unassignableRoles.containsKey(personDocumentRole.getNamespaceCode())) {
64  					unassignableRoles.put(personDocumentRole.getNamespaceCode(), new HashSet<String>());
65  				}
66  				unassignableRoles.get(personDocumentRole.getNamespaceCode()).add(personDocumentRole.getRoleName());
67  			}
68  		}
69  		return unassignableRoles;
70  	}
71  }