View Javadoc

1   /**
2    * Copyright 2005-2011 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.uif.authorization;
17  
18  import org.apache.commons.logging.Log;
19  import org.apache.commons.logging.LogFactory;
20  import org.kuali.rice.kew.api.KewApiServiceLocator;
21  import org.kuali.rice.kew.api.WorkflowDocument;
22  import org.kuali.rice.kew.api.doctype.ProcessDefinition;
23  import org.kuali.rice.kew.api.doctype.RoutePath;
24  import org.kuali.rice.kew.api.KewApiConstants;
25  import org.kuali.rice.kim.api.KimConstants;
26  import org.kuali.rice.kim.api.identity.Person;
27  import org.kuali.rice.krad.document.Document;
28  import org.kuali.rice.krad.service.KRADServiceLocatorWeb;
29  import org.kuali.rice.krad.util.KRADConstants;
30  import org.kuali.rice.krad.web.form.DocumentFormBase;
31  import org.kuali.rice.krad.web.form.UifFormBase;
32  
33  import java.util.Collections;
34  import java.util.HashMap;
35  import java.util.Map;
36  import java.util.Set;
37  
38  /**
39   * @author Kuali Rice Team (rice.collab@kuali.org)
40   */
41  public class DocumentAuthorizerBase extends AuthorizerBase {
42      protected static Log LOG = LogFactory.getLog(DocumentAuthorizerBase.class);
43  
44      public static final String PRE_ROUTING_ROUTE_NAME = "PreRoute";
45      public static final String EDIT_MODE_DEFAULT_TRUE_VALUE = "TRUE";
46      public static final String USER_SESSION_METHOD_TO_CALL_OBJECT_KEY = "METHOD_TO_CALL_KEYS_METHOD_OBJECT_KEY";
47      public static final String USER_SESSION_METHOD_TO_CALL_COMPLETE_OBJECT_KEY =
48              "METHOD_TO_CALL_KEYS_COMPLETE_OBJECT_KEY";
49  
50      @Override
51      public Set<String> getActionFlags(UifFormBase model, Person user, Set<String> documentActions) {
52          Document document = ((DocumentFormBase) model).getDocument();
53  
54          if (LOG.isDebugEnabled()) {
55              LOG.debug("calling DocumentAuthorizerBase.getDocumentActionFlags for document '"
56                      + document.getDocumentNumber()
57                      + "'. user '"
58                      + user.getPrincipalName()
59                      + "'");
60          }
61  
62          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT) && !isAuthorizedByTemplate(document,
63                  KRADConstants.KRAD_NAMESPACE, KimConstants.PermissionTemplateNames.EDIT_DOCUMENT,
64                  user.getPrincipalId())) {
65              documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT);
66          }
67  
68          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_COPY) && !isAuthorizedByTemplate(document,
69                  KRADConstants.KRAD_NAMESPACE, KimConstants.PermissionTemplateNames.COPY_DOCUMENT,
70                  user.getPrincipalId())) {
71              documentActions.remove(KRADConstants.KUALI_ACTION_CAN_COPY);
72          }
73  
74          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE) && !isAuthorizedByTemplate(
75                  document, KRADConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
76                  KimConstants.PermissionTemplateNames.BLANKET_APPROVE_DOCUMENT, user.getPrincipalId())) {
77              documentActions.remove(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE);
78          }
79  
80          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_CANCEL) && !isAuthorizedByTemplate(document,
81                  KRADConstants.KUALI_RICE_WORKFLOW_NAMESPACE, KimConstants.PermissionTemplateNames.CANCEL_DOCUMENT,
82                  user.getPrincipalId())) {
83              documentActions.remove(KRADConstants.KUALI_ACTION_CAN_CANCEL);
84          }
85  
86          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SAVE) && !isAuthorizedByTemplate(document,
87                  KRADConstants.KUALI_RICE_WORKFLOW_NAMESPACE, KimConstants.PermissionTemplateNames.SAVE_DOCUMENT,
88                  user.getPrincipalId())) {
89              documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SAVE);
90          }
91  
92          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ROUTE) && !isAuthorizedByTemplate(document,
93                  KRADConstants.KUALI_RICE_WORKFLOW_NAMESPACE, KimConstants.PermissionTemplateNames.ROUTE_DOCUMENT,
94                  user.getPrincipalId())) {
95              documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ROUTE);
96          }
97  
98          if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE) && !canTakeRequestedAction(document,
99                  KewApiConstants.ACTION_REQUEST_ACKNOWLEDGE_REQ, user)) {
100             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE);
101         }
102 
103         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_FYI) && !canTakeRequestedAction(document,
104                 KewApiConstants.ACTION_REQUEST_FYI_REQ, user)) {
105             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_FYI);
106         }
107 
108         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_APPROVE) || documentActions.contains(
109                 KRADConstants.KUALI_ACTION_CAN_DISAPPROVE)) {
110             if (!canTakeRequestedAction(document, KewApiConstants.ACTION_REQUEST_APPROVE_REQ, user)) {
111                 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
112                 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
113             }
114         }
115 
116         if (!canSendAnyTypeAdHocRequests(document, user)) {
117             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ADD_ADHOC_REQUESTS);
118             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_ADHOC_REQUESTS);
119             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
120         }
121 
122         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI) && !canSendAdHocRequests(document,
123                 KewApiConstants.ACTION_REQUEST_FYI_REQ, user)) {
124             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
125         }
126 
127         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ANNOTATE) && !documentActions.contains(
128                 KRADConstants.KUALI_ACTION_CAN_EDIT)) {
129             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ANNOTATE);
130         }
131 
132         if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT__DOCUMENT_OVERVIEW)
133                 && !canEditDocumentOverview(document, user)) {
134             documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT__DOCUMENT_OVERVIEW);
135         }
136 
137         return documentActions;
138     }
139 
140     public final boolean canInitiate(String documentTypeName, Person user) {
141         String nameSpaceCode = KRADConstants.KUALI_RICE_SYSTEM_NAMESPACE;
142         Map<String, String> permissionDetails = new HashMap<String, String>();
143         permissionDetails.put(KimConstants.AttributeConstants.DOCUMENT_TYPE_NAME, documentTypeName);
144         return getPermissionService().isAuthorizedByTemplateName(user.getPrincipalId(), nameSpaceCode,
145                 KimConstants.PermissionTemplateNames.INITIATE_DOCUMENT, permissionDetails,
146                 Collections.<String, String>emptyMap());
147     }
148 
149     public final boolean canReceiveAdHoc(Document document, Person user, String actionRequestCode) {
150         Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
151         additionalPermissionDetails.put(KimConstants.AttributeConstants.ACTION_REQUEST_CD, actionRequestCode);
152         return isAuthorizedByTemplate(document, KRADConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
153                 KimConstants.PermissionTemplateNames.AD_HOC_REVIEW_DOCUMENT, user.getPrincipalId(),
154                 additionalPermissionDetails, null);
155     }
156 
157     public final boolean canOpen(Document document, Person user) {
158         return isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
159                 KimConstants.PermissionTemplateNames.OPEN_DOCUMENT, user.getPrincipalId());
160     }
161 
162     public final boolean canAddNoteAttachment(Document document, String attachmentTypeCode, Person user) {
163         Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
164         if (attachmentTypeCode != null) {
165             additionalPermissionDetails.put(KimConstants.AttributeConstants.ATTACHMENT_TYPE_CODE, attachmentTypeCode);
166         }
167         return isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
168                 KimConstants.PermissionTemplateNames.ADD_NOTE_ATTACHMENT, user.getPrincipalId(),
169                 additionalPermissionDetails, null);
170     }
171 
172     public final boolean canDeleteNoteAttachment(Document document, String attachmentTypeCode, String createdBySelfOnly,
173             Person user) {
174         Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
175         if (attachmentTypeCode != null) {
176             additionalPermissionDetails.put(KimConstants.AttributeConstants.ATTACHMENT_TYPE_CODE, attachmentTypeCode);
177         }
178         additionalPermissionDetails.put(KimConstants.AttributeConstants.CREATED_BY_SELF, createdBySelfOnly);
179         return isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
180                 KimConstants.PermissionTemplateNames.DELETE_NOTE_ATTACHMENT, user.getPrincipalId(),
181                 additionalPermissionDetails, null);
182     }
183 
184     public final boolean canViewNoteAttachment(Document document, String attachmentTypeCode, Person user) {
185         Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
186         if (attachmentTypeCode != null) {
187             additionalPermissionDetails.put(KimConstants.AttributeConstants.ATTACHMENT_TYPE_CODE, attachmentTypeCode);
188         }
189         return isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
190                 KimConstants.PermissionTemplateNames.VIEW_NOTE_ATTACHMENT, user.getPrincipalId(),
191                 additionalPermissionDetails, null);
192     }
193 
194     public final boolean canSendAdHocRequests(Document document, String actionRequestCd, Person user) {
195         Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
196         if (actionRequestCd != null) {
197             additionalPermissionDetails.put(KimConstants.AttributeConstants.ACTION_REQUEST_CD, actionRequestCd);
198         }
199         return isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
200                 KimConstants.PermissionTemplateNames.SEND_AD_HOC_REQUEST, user.getPrincipalId(),
201                 additionalPermissionDetails, null);
202     }
203 
204     public boolean canEditDocumentOverview(Document document, Person user) {
205         return isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
206                 KimConstants.PermissionTemplateNames.EDIT_DOCUMENT, user.getPrincipalId()) && this.isDocumentInitiator(
207                 document, user);
208     }
209 
210     protected final boolean canSendAnyTypeAdHocRequests(Document document, Person user) {
211         if (canSendAdHocRequests(document, KewApiConstants.ACTION_REQUEST_FYI_REQ, user)) {
212             RoutePath routePath = KewApiServiceLocator.getDocumentTypeService().getRoutePathForDocumentTypeName(
213                     document.getDocumentHeader().getWorkflowDocument().getDocumentTypeName());
214             ProcessDefinition processDefinition = routePath.getPrimaryProcess();
215             if (processDefinition != null) {
216                 if (processDefinition.getInitialRouteNode() == null) {
217                     return false;
218                 }
219             } else {
220                 return false;
221             }
222             return true;
223         } else if (canSendAdHocRequests(document, KewApiConstants.ACTION_REQUEST_ACKNOWLEDGE_REQ, user)) {
224             return true;
225         }
226         return canSendAdHocRequests(document, KewApiConstants.ACTION_REQUEST_APPROVE_REQ, user);
227     }
228 
229     protected boolean canTakeRequestedAction(Document document, String actionRequestCode, Person user) {
230         Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
231         additionalPermissionDetails.put(KimConstants.AttributeConstants.ACTION_REQUEST_CD, actionRequestCode);
232         return isAuthorizedByTemplate(document, KRADConstants.KRAD_NAMESPACE,
233                 KimConstants.PermissionTemplateNames.TAKE_REQUESTED_ACTION, user.getPrincipalId(),
234                 additionalPermissionDetails, null);
235     }
236 
237     @Override
238     protected void addPermissionDetails(Object dataObject, Map<String, String> attributes) {
239         super.addPermissionDetails(dataObject, attributes);
240         if (dataObject instanceof Document) {
241             addStandardAttributes((Document) dataObject, attributes);
242         }
243     }
244 
245     @Override
246     protected void addRoleQualification(Object dataObject, Map<String, String> attributes) {
247         super.addRoleQualification(dataObject, attributes);
248         if (dataObject instanceof Document) {
249             addStandardAttributes((Document) dataObject, attributes);
250         }
251     }
252 
253     protected void addStandardAttributes(Document document, Map<String, String> attributes) {
254         WorkflowDocument wd = document.getDocumentHeader().getWorkflowDocument();
255         attributes.put(KimConstants.AttributeConstants.DOCUMENT_NUMBER, document.getDocumentNumber());
256         attributes.put(KimConstants.AttributeConstants.DOCUMENT_TYPE_NAME, wd.getDocumentTypeName());
257         if (wd.isInitiated() || wd.isSaved()) {
258             attributes.put(KimConstants.AttributeConstants.ROUTE_NODE_NAME, PRE_ROUTING_ROUTE_NAME);
259         } else {
260             attributes.put(KimConstants.AttributeConstants.ROUTE_NODE_NAME,
261                     KRADServiceLocatorWeb.getWorkflowDocumentService().getCurrentRouteNodeNames(wd));
262         }
263         attributes.put(KimConstants.AttributeConstants.ROUTE_STATUS_CODE, wd.getStatus().getCode());
264     }
265 
266     protected boolean isDocumentInitiator(Document document, Person user) {
267         WorkflowDocument workflowDocument = document.getDocumentHeader().getWorkflowDocument();
268         return workflowDocument.getInitiatorPrincipalId().equalsIgnoreCase(user.getPrincipalId());
269     }
270 
271 }