View Javadoc

1   /*
2    * Copyright 2007-2009 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kim.rules.ui;
17  
18  import java.util.HashMap;
19  import java.util.Map;
20  
21  import org.apache.commons.lang.StringUtils;
22  import org.kuali.rice.kim.bo.impl.KimAttributes;
23  import org.kuali.rice.kim.bo.role.dto.KimPermissionInfo;
24  import org.kuali.rice.kim.bo.ui.KimDocumentRolePermission;
25  import org.kuali.rice.kim.document.IdentityManagementRoleDocument;
26  import org.kuali.rice.kim.rule.event.ui.AddPermissionEvent;
27  import org.kuali.rice.kim.rule.ui.AddPermissionRule;
28  import org.kuali.rice.kim.util.KimConstants;
29  import org.kuali.rice.kns.rules.DocumentRuleBase;
30  import org.kuali.rice.kns.util.GlobalVariables;
31  import org.kuali.rice.kns.util.RiceKeyConstants;
32  
33  /**
34   * This is a description of what this class does - shyu don't forget to fill this in. 
35   * 
36   * @author Kuali Rice Team (rice.collab@kuali.org)
37   *
38   */
39  public class KimDocumentPermissionRule extends DocumentRuleBase implements AddPermissionRule {
40  
41  	public static final String ERROR_PATH = "document.permission.permissionId";
42  	
43  	public boolean processAddPermission(AddPermissionEvent addPermissionEvent) {
44  		KimDocumentRolePermission newPermission = addPermissionEvent.getPermission();
45  		if(newPermission==null || StringUtils.isEmpty(newPermission.getPermissionId())){
46  			GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, new String[] {"Permission"});
47  			return false;
48  		}
49  
50  		KimPermissionInfo kimPermissionInfo = newPermission.getKimPermission();
51  		if(kimPermissionInfo==null){
52  			GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, new String[] {"Permission"});
53  			return false;
54  		}
55  	    boolean rulePassed = true;
56  		IdentityManagementRoleDocument document = (IdentityManagementRoleDocument)addPermissionEvent.getDocument();
57  		if(!hasPermissionToGrantPermission(kimPermissionInfo, document)){
58  	        GlobalVariables.getMessageMap().putError(KimDocumentPermissionRule.ERROR_PATH, RiceKeyConstants.ERROR_ASSIGN_PERMISSION, 
59  	        		new String[] {kimPermissionInfo.getNamespaceCode(), kimPermissionInfo.getTemplate().getName()});
60  	        return false;
61  		}
62  
63  		if (newPermission == null || StringUtils.isBlank(newPermission.getPermissionId())) {
64              rulePassed = false;
65              GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, new String[] {"Permission"});
66          } else {
67  		    int i = 0;
68          	for (KimDocumentRolePermission permission: document.getPermissions()) {
69  		    	if (permission.getPermissionId().equals(newPermission.getPermissionId())) {
70  		            rulePassed = false;
71  		            GlobalVariables.getMessageMap().putError("document.permissions["+i+"].permissionId", RiceKeyConstants.ERROR_DUPLICATE_ENTRY, new String[] {"Permission"});
72  		    	}
73  		    	i++;
74  		    }
75          }
76  		return rulePassed;
77  	} 
78  
79  	public boolean hasPermissionToGrantPermission(KimPermissionInfo kimPermissionInfo , IdentityManagementRoleDocument document){
80  		Map<String,String> permissionDetails = new HashMap<String,String>();
81  		permissionDetails.put(KimAttributes.NAMESPACE_CODE, kimPermissionInfo.getNamespaceCode());
82  		permissionDetails.put(KimAttributes.PERMISSION_NAME, kimPermissionInfo.getTemplate().getName());
83  		if (!getDocumentHelperService().getDocumentAuthorizer(document).isAuthorizedByTemplate(
84  				document, 
85  				KimConstants.NAMESPACE_CODE, 
86  				KimConstants.PermissionTemplateNames.GRANT_PERMISSION, 
87  				GlobalVariables.getUserSession().getPerson().getPrincipalId(), 
88  				permissionDetails, null)) {
89  	        return false;
90  		}
91  		return true;
92  	}
93  	
94  }