View Javadoc

1   /*
2    * Copyright 2007-2009 The Kuali Foundation
3    * 
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    * http://www.opensource.org/licenses/ecl2.php
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kns.authorization;
17  
18  import java.util.HashMap;
19  import java.util.Map;
20  
21  import org.kuali.rice.kim.bo.Person;
22  import org.kuali.rice.kim.bo.impl.KimAttributes;
23  import org.kuali.rice.kim.bo.types.dto.AttributeSet;
24  import org.kuali.rice.kim.service.IdentityManagementService;
25  import org.kuali.rice.kim.service.KIMServiceLocator;
26  import org.kuali.rice.kim.service.PersonService;
27  import org.kuali.rice.kim.util.KimCommonUtils;
28  import org.kuali.rice.kns.bo.BusinessObject;
29  import org.kuali.rice.kns.service.DataDictionaryService;
30  import org.kuali.rice.kns.service.KNSServiceLocator;
31  import org.kuali.rice.kns.service.KualiModuleService;
32  import org.kuali.rice.kns.service.PersistenceStructureService;
33  import org.kuali.rice.kns.util.GlobalVariables;
34  
35  public class BusinessObjectAuthorizerBase implements BusinessObjectAuthorizer {
36  //	private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger
37  //			.getLogger(BusinessObjectAuthorizerBase.class);
38  
39  	private static IdentityManagementService identityManagementService;
40  	private static PersonService<Person> personService;
41  	private static KualiModuleService kualiModuleService;
42  	private static DataDictionaryService dataDictionaryService;
43  	private static PersistenceStructureService persistenceStructureService;
44  
45  	/**
46  	 * Override this method to populate the role qualifier attributes from the
47  	 * primary business object or document. This will only be called once per
48  	 * request.
49  	 * 
50  	 * @param primaryBusinessObjectOrDocument
51  	 *            the primary business object (i.e. the main BO instance behind
52  	 *            the lookup result row or inquiry) or the document
53  	 * @param attributes
54  	 *            role qualifiers will be added to this map
55  	 */
56  	protected void addRoleQualification(
57  			BusinessObject primaryBusinessObjectOrDocument,
58  			Map<String, String> attributes) {
59  		addStandardAttributes(primaryBusinessObjectOrDocument, attributes);
60  	}
61  
62  	/**
63  	 * Override this method to populate the permission details from the primary
64  	 * business object or document. This will only be called once per request.
65  	 * 
66  	 * @param primaryBusinessObjectOrDocument
67  	 *            the primary business object (i.e. the main BO instance behind
68  	 *            the lookup result row or inquiry) or the document
69  	 * @param attributes
70  	 *            permission details will be added to this map
71  	 */
72  	protected void addPermissionDetails(
73  			BusinessObject primaryBusinessObjectOrDocument,
74  			Map<String, String> attributes) {
75  		addStandardAttributes(primaryBusinessObjectOrDocument, attributes);
76  	}
77  
78  	/**
79  	 * @param primaryBusinessObjectOrDocument
80  	 *            the primary business object (i.e. the main BO instance behind
81  	 *            the lookup result row or inquiry) or the document
82  	 * @param attributes
83  	 *            attributes (i.e. role qualifications or permission details)
84  	 *            will be added to this map
85  	 */
86  	private void addStandardAttributes(
87  			BusinessObject primaryBusinessObjectOrDocument,
88  			Map<String, String> attributes) {
89  		attributes
90  				.putAll(KimCommonUtils
91  						.getNamespaceAndComponentSimpleName(primaryBusinessObjectOrDocument
92  								.getClass()));
93  	}
94  
95  	protected final boolean permissionExistsByTemplate(
96  			BusinessObject businessObject, String namespaceCode,
97  			String permissionTemplateName) {
98  		return getIdentityManagementService()
99  				.isPermissionDefinedForTemplateName(
100 						namespaceCode,
101 						permissionTemplateName,
102 						new AttributeSet(
103 								getPermissionDetailValues(businessObject)));
104 	}
105 
106 	protected final boolean permissionExistsByTemplate(String namespaceCode,
107 			String permissionTemplateName, Map<String, String> permissionDetails) {
108 		return getIdentityManagementService()
109 				.isPermissionDefinedForTemplateName(namespaceCode,
110 						permissionTemplateName,
111 						new AttributeSet(permissionDetails));
112 	}
113 
114 	protected final boolean permissionExistsByTemplate(
115 			BusinessObject businessObject, String namespaceCode,
116 			String permissionTemplateName, Map<String, String> permissionDetails) {
117 		AttributeSet combinedPermissionDetails = new AttributeSet(
118 				getPermissionDetailValues(businessObject));
119 		combinedPermissionDetails.putAll(permissionDetails);
120 		return getIdentityManagementService()
121 				.isPermissionDefinedForTemplateName(namespaceCode,
122 						permissionTemplateName, combinedPermissionDetails);
123 	}
124 
125 	public final boolean isAuthorized(BusinessObject businessObject,
126 			String namespaceCode, String permissionName, String principalId) {
127 		return getIdentityManagementService().isAuthorized(principalId,
128 				namespaceCode, permissionName,
129 				new AttributeSet(getPermissionDetailValues(businessObject)),
130 				new AttributeSet(getRoleQualification(businessObject, principalId)));
131 	}
132 
133 	public final boolean isAuthorizedByTemplate(BusinessObject businessObject,
134 			String namespaceCode, String permissionTemplateName,
135 			String principalId) {
136 		return getIdentityManagementService().isAuthorizedByTemplateName(
137 				principalId, namespaceCode, permissionTemplateName,
138 				new AttributeSet(getPermissionDetailValues(businessObject)),
139 				new AttributeSet(getRoleQualification(businessObject, principalId)));
140 	}
141 
142 	public final boolean isAuthorized(BusinessObject businessObject,
143 			String namespaceCode, String permissionName, String principalId,
144 			Map<String, String> collectionOrFieldLevelPermissionDetails,
145 			Map<String, String> collectionOrFieldLevelRoleQualification) {
146 		AttributeSet roleQualifiers = null;
147 		AttributeSet permissionDetails = null;
148 		if (collectionOrFieldLevelRoleQualification != null) {
149 			roleQualifiers = new AttributeSet(
150 					getRoleQualification(businessObject, principalId));
151 			roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
152 		} else {
153 			roleQualifiers = new AttributeSet(
154 					getRoleQualification(businessObject, principalId));
155 		}
156 		if (collectionOrFieldLevelPermissionDetails != null) {
157 			permissionDetails = new AttributeSet(
158 					getPermissionDetailValues(businessObject));
159 			permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
160 		} else {
161 			permissionDetails = new AttributeSet(
162 					getPermissionDetailValues(businessObject));
163 		}
164 		return getIdentityManagementService().isAuthorized(principalId,
165 				namespaceCode, permissionName, permissionDetails,
166 				roleQualifiers);
167 	}
168 
169 	public final boolean isAuthorizedByTemplate(BusinessObject businessObject,
170 			String namespaceCode, String permissionTemplateName,
171 			String principalId,
172 			Map<String, String> collectionOrFieldLevelPermissionDetails,
173 			Map<String, String> collectionOrFieldLevelRoleQualification) {
174 		AttributeSet roleQualifiers = new AttributeSet(
175 				getRoleQualification(businessObject, principalId));
176 		AttributeSet permissionDetails = new AttributeSet(
177 				getPermissionDetailValues(businessObject));
178 		if (collectionOrFieldLevelRoleQualification != null) {
179 			roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
180 		}
181 		if (collectionOrFieldLevelPermissionDetails != null) {
182 			permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
183 		}
184 		return getIdentityManagementService().isAuthorizedByTemplateName(
185 				principalId, namespaceCode, permissionTemplateName,
186 				permissionDetails, roleQualifiers);
187 	}
188 
189 	/**
190 	 * Returns a role qualification map based off data from the primary business
191 	 * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
192 	 * 
193 	 * @param primaryBusinessObjectOrDocument
194 	 *            the primary business object (i.e. the main BO instance behind
195 	 *            the lookup result row or inquiry) or the document
196 	 * @return a Map containing role qualifications
197 	 */
198 	protected final Map<String, String> getRoleQualification(
199 			BusinessObject primaryBusinessObjectOrDocument) {
200 		return getRoleQualification(primaryBusinessObjectOrDocument, GlobalVariables
201 					.getUserSession().getPerson().getPrincipalId());
202 	}
203 	
204 	protected final Map<String, String> getRoleQualification(
205 			BusinessObject primaryBusinessObjectOrDocument, String principalId) {
206 			Map<String, String> roleQualification = new HashMap<String, String>();
207 			addRoleQualification(primaryBusinessObjectOrDocument,
208 					roleQualification);
209 			roleQualification.put(KimAttributes.PRINCIPAL_ID, principalId);
210 		return roleQualification;
211 	}
212 
213 
214 	/**
215 	 * @see org.kuali.rice.kns.authorization.BusinessObjectAuthorizer#getCollectionItemPermissionDetails(org.kuali.rice.kns.bo.BusinessObject)
216 	 */
217 	public Map<String, String> getCollectionItemPermissionDetails(
218 			BusinessObject collectionItemBusinessObject) {
219 		return new AttributeSet();
220 	}
221 
222 	/**
223 	 * @see org.kuali.rice.kns.authorization.BusinessObjectAuthorizer#getCollectionItemRoleQualifications(org.kuali.rice.kns.bo.BusinessObject)
224 	 */
225 	public Map<String, String> getCollectionItemRoleQualifications(
226 			BusinessObject collectionItemBusinessObject) {
227 		return new AttributeSet();
228 	}
229 
230 	/**
231 	 * Returns a permission details map based off data from the primary business
232 	 * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
233 	 * 
234 	 * @param primaryBusinessObjectOrDocument
235 	 *            the primary business object (i.e. the main BO instance behind
236 	 *            the lookup result row or inquiry) or the document
237 	 * @return a Map containing permission details
238 	 */
239 	protected final Map<String, String> getPermissionDetailValues(
240 			BusinessObject businessObject) {
241 		Map<String, String> permissionDetails = new HashMap<String, String>();
242 		addPermissionDetails(businessObject, permissionDetails);
243 		return permissionDetails;
244 	}
245 
246 	protected static final IdentityManagementService getIdentityManagementService() {
247 		if (identityManagementService == null) {
248 			identityManagementService = KIMServiceLocator
249 					.getIdentityManagementService();
250 		}
251 		return identityManagementService;
252 	}
253 
254 	protected static final PersonService<Person> getPersonService() {
255 		if (personService == null) {
256 			personService = KIMServiceLocator.getPersonService();
257 		}
258 		return personService;
259 	}
260 
261 	protected static final KualiModuleService getKualiModuleService() {
262 		if (kualiModuleService == null) {
263 			kualiModuleService = KNSServiceLocator.getKualiModuleService();
264 		}
265 		return kualiModuleService;
266 	}
267 
268 	protected static final DataDictionaryService getDataDictionaryService() {
269 		if (dataDictionaryService == null) {
270 			dataDictionaryService = KNSServiceLocator
271 					.getDataDictionaryService();
272 		}
273 		return dataDictionaryService;
274 	}
275 }