View Javadoc

1   /**
2    * Copyright 2005-2012 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.bo;
17  
18  import org.kuali.rice.kim.api.KimConstants;
19  import org.kuali.rice.kim.api.identity.PersonService;
20  import org.kuali.rice.kim.api.permission.PermissionService;
21  import org.kuali.rice.kim.api.services.KimApiServiceLocator;
22  import org.kuali.rice.krad.util.KRADUtils;
23  
24  import java.io.Serializable;
25  import java.util.HashMap;
26  import java.util.Map;
27  
28  /**
29   * @author Kuali Rice Team (rice.collab@kuali.org)
30   */
31  public class DataObjectAuthorizerBase implements DataObjectAuthorizer, Serializable {
32      private static final long serialVersionUID = 3987953326458974964L;
33  
34      /**
35       * @see DataObjectAuthorizer#isAuthorized(java.lang.Object, java.lang.String, java.lang.String, java.lang.String)
36       */
37      public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,
38              String principalId) {
39          return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName,
40                  new HashMap<String, String>(getPermissionDetailValues(dataObject)), new HashMap<String, String>(
41                  getRoleQualification(dataObject, principalId)));
42      }
43  
44      /**
45       * @see DataObjectAuthorizer#isAuthorizedByTemplate(java.lang.Object, java.lang.String, java.lang.String,
46       * java.lang.String)
47       */
48      public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
49              String principalId) {
50          return getPermissionService().isAuthorizedByTemplateName(principalId, namespaceCode, permissionTemplateName,
51                  new HashMap<String, String>(getPermissionDetailValues(dataObject)), new HashMap<String, String>(
52                  (getRoleQualification(dataObject, principalId))));
53      }
54  
55      /**
56       * @see DataObjectAuthorizer#isAuthorized(java.lang.Object, java.lang.String, java.lang.String, java.lang.String)
57       */
58      public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,
59              String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
60              Map<String, String> collectionOrFieldLevelRoleQualification) {
61          Map<String, String> roleQualifiers;
62          Map<String, String> permissionDetails;
63          if (collectionOrFieldLevelRoleQualification != null) {
64              roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
65              roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
66          } else {
67              roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
68          }
69  
70          if (collectionOrFieldLevelPermissionDetails != null) {
71              permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
72              permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
73          } else {
74              permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
75          }
76  
77          return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName, permissionDetails,
78                  roleQualifiers);
79      }
80  
81      /**
82       * @see DataObjectAuthorizer#isAuthorizedByTemplate(java.lang.Object, java.lang.String, java.lang.String,
83       * java.lang.String)
84       */
85      public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
86              String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
87              Map<String, String> collectionOrFieldLevelRoleQualification) {
88          Map<String, String> roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
89          Map<String, String> permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
90  
91          if (collectionOrFieldLevelRoleQualification != null) {
92              roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
93          }
94  
95          if (collectionOrFieldLevelPermissionDetails != null) {
96              permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
97          }
98  
99          return getPermissionService().isAuthorizedByTemplateName(principalId, namespaceCode, permissionTemplateName,
100                 permissionDetails, roleQualifiers);
101     }
102 
103     /**
104      * Override this method to populate the role qualifier attributes from the
105      * primary data object or document. This will only be called once per
106      * request.
107      *
108      * @param primaryDataObjectOrDocument - the primary data object (i.e. the main object instance
109      * behind the lookup result row or inquiry) or the document
110      * @param attributes - role qualifiers will be added to this map
111      */
112     protected void addRoleQualification(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
113         addStandardAttributes(primaryDataObjectOrDocument, attributes);
114     }
115 
116     /**
117      * Override this method to populate the permission details from the primary
118      * data object or document. This will only be called once per request.
119      *
120      * @param primaryDataObjectOrDocument - the primary data object (i.e. the main object instance
121      * behind the lookup result row or inquiry) or the document
122      * @param attributes - permission details will be added to this map
123      */
124     protected void addPermissionDetails(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
125         addStandardAttributes(primaryDataObjectOrDocument, attributes);
126     }
127 
128     /**
129      * @param primaryDataObjectOrDocument - the primary data object (i.e. the main object instance
130      * behind the lookup result row or inquiry) or the document
131      * @param attributes - attributes (i.e. role qualifications or permission details)
132      * will be added to this map
133      */
134     private void addStandardAttributes(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
135         attributes.putAll(KRADUtils.getNamespaceAndComponentSimpleName(primaryDataObjectOrDocument.getClass()));
136     }
137 
138     protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
139             String permissionTemplateName) {
140         return getPermissionService().isPermissionDefinedByTemplateName(namespaceCode, permissionTemplateName,
141                 new HashMap<String, String>(getPermissionDetailValues(dataObject)));
142     }
143 
144     protected final boolean permissionExistsByTemplate(String namespaceCode, String permissionTemplateName,
145             Map<String, String> permissionDetails) {
146         return getPermissionService().isPermissionDefinedByTemplateName(namespaceCode, permissionTemplateName,
147                 new HashMap<String, String>(permissionDetails));
148     }
149 
150     protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
151             String permissionTemplateName, Map<String, String> permissionDetails) {
152         Map<String, String> combinedPermissionDetails = new HashMap<String, String>(getPermissionDetailValues(
153                 dataObject));
154         combinedPermissionDetails.putAll(permissionDetails);
155 
156         return getPermissionService().isPermissionDefinedByTemplateName(namespaceCode, permissionTemplateName,
157                 combinedPermissionDetails);
158     }
159 
160     /**
161      * Returns a role qualification map based off data from the primary business
162      * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
163      *
164      * @param primaryDataObjectOrDocument the primary data object (i.e. the main object instance behind
165      * the lookup result row or inquiry) or the document
166      * @return a Map containing role qualifications
167      */
168     protected final Map<String, String> getRoleQualification(Object primaryDataObjectOrDocument, String principalId) {
169         Map<String, String> roleQualification = new HashMap<String, String>();
170         addRoleQualification(primaryDataObjectOrDocument, roleQualification);
171         roleQualification.put(KimConstants.AttributeConstants.PRINCIPAL_ID, principalId);
172 
173         return roleQualification;
174     }
175 
176     /**
177      * Returns a permission details map based off data from the primary business
178      * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
179      *
180      * @param primaryDataObjectOrDocument the primary data object (i.e. the main object instance behind
181      * the lookup result row or inquiry) or the document
182      * @return a Map containing permission details
183      */
184     protected final Map<String, String> getPermissionDetailValues(Object primaryDataObjectOrDocument) {
185         Map<String, String> permissionDetails = new HashMap<String, String>();
186         addPermissionDetails(primaryDataObjectOrDocument, permissionDetails);
187 
188         return permissionDetails;
189     }
190 
191     protected static PermissionService getPermissionService() {
192         return KimApiServiceLocator.getPermissionService();
193     }
194 
195     protected static PersonService getPersonService() {
196         return KimApiServiceLocator.getPersonService();
197     }
198 }