View Javadoc

1   /**
2    * Copyright 2005-2011 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.uif.authorization;
17  
18  import org.kuali.rice.kim.api.KimConstants;
19  import org.kuali.rice.kim.api.identity.Person;
20  import org.kuali.rice.kim.api.identity.PersonService;
21  import org.kuali.rice.kim.api.permission.PermissionService;
22  import org.kuali.rice.kim.api.services.KimApiServiceLocator;
23  import org.kuali.rice.krad.service.DataDictionaryService;
24  import org.kuali.rice.krad.service.KRADServiceLocatorWeb;
25  import org.kuali.rice.krad.service.KualiModuleService;
26  import org.kuali.rice.krad.util.GlobalVariables;
27  import org.kuali.rice.krad.util.KRADUtils;
28  import org.kuali.rice.krad.web.form.UifFormBase;
29  
30  import java.util.HashMap;
31  import java.util.HashSet;
32  import java.util.Map;
33  import java.util.Set;
34  
35  /**
36   * @author Kuali Rice Team (rice.collab@kuali.org)
37   */
38  public class AuthorizerBase implements Authorizer {
39  
40      private static PermissionService permissionService;
41      private static PersonService personService;
42      private static KualiModuleService kualiModuleService;
43      private static DataDictionaryService dataDictionaryService;
44  
45      /**
46       * @see org.kuali.rice.krad.uif.authorization.Authorizer#getActionFlags(org.kuali.rice.krad.web.form.UifFormBase,
47       *      org.kuali.rice.kim.api.identity.Person, java.util.Set)
48       */
49      public Set<String> getActionFlags(UifFormBase model, Person user, Set<String> documentActions) {
50          return documentActions;
51      }
52  
53      /**
54       * @see org.kuali.rice.krad.uif.authorization.Authorizer#getEditModes(org.kuali.rice.krad.web.form.UifFormBase,
55       *      org.kuali.rice.kim.api.identity.Person, java.util.Set)
56       */
57      public Set<String> getEditModes(UifFormBase model, Person user, Set<String> editModes) {
58          return editModes;
59      }
60  
61      /**
62       * @see org.kuali.rice.krad.uif.authorization.Authorizer#getSecurePotentiallyHiddenGroupIds()
63       */
64      public Set<String> getSecurePotentiallyHiddenGroupIds() {
65          return new HashSet<String>();
66      }
67  
68      /**
69       * @see org.kuali.rice.krad.uif.authorization.Authorizer#getSecurePotentiallyReadOnlyGroupIds()
70       */
71      public Set<String> getSecurePotentiallyReadOnlyGroupIds() {
72          return new HashSet<String>();
73      }
74  
75      /**
76       * Override this method to populate the role qualifier attributes from the
77       * primary data object or document. This will only be called once per
78       * request.
79       * 
80       * @param primaryDataObjectOrDocument
81       *            - the primary data object (i.e. the main object instance
82       *            behind the lookup result row or inquiry) or the document
83       * @param attributes
84       *            - role qualifiers will be added to this map
85       */
86      protected void addRoleQualification(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
87          addStandardAttributes(primaryDataObjectOrDocument, attributes);
88      }
89  
90      /**
91       * Override this method to populate the permission details from the primary
92       * data object or document. This will only be called once per request.
93       * 
94       * @param primaryDataObjectOrDocument
95       *            - the primary data object (i.e. the main object instance
96       *            behind the lookup result row or inquiry) or the document
97       * @param attributes
98       *            - permission details will be added to this map
99       */
100     protected void addPermissionDetails(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
101         addStandardAttributes(primaryDataObjectOrDocument, attributes);
102     }
103 
104     /**
105      * @param primaryDataObjectOrDocument
106      *            - the primary data object (i.e. the main object instance
107      *            behind the lookup result row or inquiry) or the document
108      * @param attributes
109      *            - attributes (i.e. role qualifications or permission details)
110      *            will be added to this map
111      */
112     private void addStandardAttributes(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
113         attributes.putAll(KRADUtils.getNamespaceAndComponentSimpleName(primaryDataObjectOrDocument.getClass()));
114     }
115 
116     protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
117             String permissionTemplateName) {
118         return getPermissionService().isPermissionDefinedByTemplateName(namespaceCode, permissionTemplateName,
119                 new HashMap<String, String>(getPermissionDetailValues(dataObject)));
120     }
121 
122     protected final boolean permissionExistsByTemplate(String namespaceCode, String permissionTemplateName,
123             Map<String, String> permissionDetails) {
124         return getPermissionService().isPermissionDefinedByTemplateName(namespaceCode, permissionTemplateName,
125                 new HashMap<String, String>(permissionDetails));
126     }
127 
128     protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
129             String permissionTemplateName, Map<String, String> permissionDetails) {
130         Map<String, String> combinedPermissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
131         combinedPermissionDetails.putAll(permissionDetails);
132 
133         return getPermissionService().isPermissionDefinedByTemplateName(namespaceCode, permissionTemplateName,
134                 combinedPermissionDetails);
135     }
136 
137     public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName, String principalId) {
138         return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName,
139                 new HashMap<String, String>(getPermissionDetailValues(dataObject)),
140                 new HashMap<String, String>(getRoleQualification(dataObject, principalId)));
141     }
142 
143     public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
144             String principalId) {
145         return getPermissionService().isAuthorizedByTemplateName(principalId, namespaceCode,
146                 permissionTemplateName, new HashMap<String, String>(getPermissionDetailValues(dataObject)),
147                 new HashMap<String, String>((getRoleQualification(dataObject, principalId))));
148     }
149 
150     public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,
151             String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
152             Map<String, String> collectionOrFieldLevelRoleQualification) {
153         Map<String, String> roleQualifiers;
154         Map<String, String> permissionDetails;
155         if (collectionOrFieldLevelRoleQualification != null) {
156             roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
157             roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
158         }
159         else {
160             roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
161         }
162         if (collectionOrFieldLevelPermissionDetails != null) {
163             permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
164             permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
165         }
166         else {
167             permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
168         }
169 
170         return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName,
171                 permissionDetails, roleQualifiers);
172     }
173 
174     public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
175             String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
176             Map<String, String> collectionOrFieldLevelRoleQualification) {
177         Map<String, String> roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
178         Map<String, String> permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
179 
180         if (collectionOrFieldLevelRoleQualification != null) {
181             roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
182         }
183         if (collectionOrFieldLevelPermissionDetails != null) {
184             permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
185         }
186 
187         return getPermissionService().isAuthorizedByTemplateName(principalId, namespaceCode,
188                 permissionTemplateName, permissionDetails, roleQualifiers);
189     }
190 
191     /**
192      * Returns a role qualification map based off data from the primary business
193      * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
194      * 
195      * @param primaryDataObjectOrDocument
196      *            the primary data object (i.e. the main object instance behind
197      *            the lookup result row or inquiry) or the document
198      * @return a Map containing role qualifications
199      */
200     protected final Map<String, String> getRoleQualification(Object primaryDataObjectOrDocument) {
201         return getRoleQualification(primaryDataObjectOrDocument, GlobalVariables.getUserSession().getPerson()
202                 .getPrincipalId());
203     }
204 
205     protected final Map<String, String> getRoleQualification(Object primaryDataObjectOrDocument, String principalId) {
206         Map<String, String> roleQualification = new HashMap<String, String>();
207         addRoleQualification(primaryDataObjectOrDocument, roleQualification);
208         roleQualification.put(KimConstants.AttributeConstants.PRINCIPAL_ID, principalId);
209 
210         return roleQualification;
211     }
212 
213     /**
214      * Returns a permission details map based off data from the primary business
215      * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
216      * 
217      * @param primaryDataObjectOrDocument
218      *            the primary data object (i.e. the main object instance behind
219      *            the lookup result row or inquiry) or the document
220      * @return a Map containing permission details
221      */
222     protected final Map<String, String> getPermissionDetailValues(Object primaryDataObjectOrDocument) {
223         Map<String, String> permissionDetails = new HashMap<String, String>();
224         addPermissionDetails(primaryDataObjectOrDocument, permissionDetails);
225 
226         return permissionDetails;
227     }
228 
229     protected static final PermissionService getPermissionService() {
230         if (permissionService == null) {
231             permissionService = KimApiServiceLocator.getPermissionService();
232         }
233         return permissionService;
234     }
235 
236     protected static final PersonService getPersonService() {
237         if (personService == null) {
238             personService = KimApiServiceLocator.getPersonService();
239         }
240         return personService;
241     }
242 
243     protected static final KualiModuleService getKualiModuleService() {
244         if (kualiModuleService == null) {
245             kualiModuleService = KRADServiceLocatorWeb.getKualiModuleService();
246         }
247         return kualiModuleService;
248     }
249 
250     protected static final DataDictionaryService getDataDictionaryService() {
251         if (dataDictionaryService == null) {
252             dataDictionaryService = KRADServiceLocatorWeb.getDataDictionaryService();
253         }
254         return dataDictionaryService;
255     }
256 
257 }