Coverage Report

Coverage Report - org.kuali.rice.kns.uif.authorization.AuthorizerBase

Classes in this File

Line Coverage

Branch Coverage

Complexity

AuthorizerBase

0/56

0/16

1.381

 /*
  * Copyright 2011 The Kuali Foundation
  * 
  * Licensed under the Educational Community License, Version 1.0 (the
  * "License"); you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  * 
  * http://www.opensource.org/licenses/ecl1.php
  * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  * License for the specific language governing permissions and limitations under
  * the License.
  */
 package org.kuali.rice.kns.uif.authorization;
 
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 
 import org.kuali.rice.core.util.AttributeSet;
 import org.kuali.rice.kim.api.services.IdentityManagementService;
 import org.kuali.rice.kim.api.services.KimApiServiceLocator;
 import org.kuali.rice.kim.bo.Person;
 import org.kuali.rice.kim.service.PersonService;
 import org.kuali.rice.kim.util.KimConstants;
 import org.kuali.rice.kns.service.DataDictionaryService;
 import org.kuali.rice.kns.service.KNSServiceLocatorWeb;
 import org.kuali.rice.kns.service.KualiModuleService;
 import org.kuali.rice.kns.util.GlobalVariables;
 import org.kuali.rice.kns.util.KNSUtils;
 import org.kuali.rice.kns.web.spring.form.UifFormBase;
 
 /**
  * @author Kuali Rice Team (rice.collab@kuali.org)
  */
 public class AuthorizerBase implements Authorizer {
 
     private static IdentityManagementService identityManagementService;
     private static PersonService personService;
     private static KualiModuleService kualiModuleService;
     private static DataDictionaryService dataDictionaryService;
 
     /**
      * @see org.kuali.rice.kns.uif.authorization.Authorizer#getActionFlags(org.kuali.rice.kns.web.spring.form.UifFormBase,
      *      org.kuali.rice.kim.bo.Person, java.util.Set)
      */
     public Set<String> getActionFlags(UifFormBase model, Person user, Set<String> documentActions) {
         return documentActions;
     }
 
     /**
      * @see org.kuali.rice.kns.uif.authorization.Authorizer#getEditModes(org.kuali.rice.kns.web.spring.form.UifFormBase,
      *      org.kuali.rice.kim.bo.Person, java.util.Set)
      */
     public Set<String> getEditModes(UifFormBase model, Person user, Set<String> editModes) {
         return editModes;
     }
 
     /**
      * @see org.kuali.rice.kns.uif.authorization.Authorizer#getSecurePotentiallyHiddenGroupIds()
      */
     public Set<String> getSecurePotentiallyHiddenGroupIds() {
         return new HashSet<String>();
     }
 
     /**
      * @see org.kuali.rice.kns.uif.authorization.Authorizer#getSecurePotentiallyReadOnlyGroupIds()
      */
     public Set<String> getSecurePotentiallyReadOnlyGroupIds() {
         return new HashSet<String>();
     }
 
     /**
      * Override this method to populate the role qualifier attributes from the
      * primary data object or document. This will only be called once per
      * request.
      * 
      * @param primaryDataObjectOrDocument
      *            - the primary data object (i.e. the main object instance
      *            behind the lookup result row or inquiry) or the document
      * @param attributes
      *            - role qualifiers will be added to this map
      */
     protected void addRoleQualification(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
         addStandardAttributes(primaryDataObjectOrDocument, attributes);
     }
 
     /**
      * Override this method to populate the permission details from the primary
      * data object or document. This will only be called once per request.
      * 
      * @param primaryDataObjectOrDocument
      *            - the primary data object (i.e. the main object instance
      *            behind the lookup result row or inquiry) or the document
      * @param attributes
      *            - permission details will be added to this map
      */
     protected void addPermissionDetails(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
         addStandardAttributes(primaryDataObjectOrDocument, attributes);
     }
 
     /**
      * @param primaryDataObjectOrDocument
      *            - the primary data object (i.e. the main object instance
      *            behind the lookup result row or inquiry) or the document
      * @param attributes
      *            - attributes (i.e. role qualifications or permission details)
      *            will be added to this map
      */
     private void addStandardAttributes(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
         attributes.putAll(KNSUtils.getNamespaceAndComponentSimpleName(primaryDataObjectOrDocument.getClass()));
     }
 
     protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
             String permissionTemplateName) {
         return getIdentityManagementService().isPermissionDefinedForTemplateName(namespaceCode, permissionTemplateName,
                 new AttributeSet(getPermissionDetailValues(dataObject)));
     }
 
     protected final boolean permissionExistsByTemplate(String namespaceCode, String permissionTemplateName,
             Map<String, String> permissionDetails) {
         return getIdentityManagementService().isPermissionDefinedForTemplateName(namespaceCode, permissionTemplateName,
                 new AttributeSet(permissionDetails));
     }
 
     protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
             String permissionTemplateName, Map<String, String> permissionDetails) {
         AttributeSet combinedPermissionDetails = new AttributeSet(getPermissionDetailValues(dataObject));
         combinedPermissionDetails.putAll(permissionDetails);
 
         return getIdentityManagementService().isPermissionDefinedForTemplateName(namespaceCode, permissionTemplateName,
                 combinedPermissionDetails);
     }
 
     public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName, String principalId) {
         return getIdentityManagementService().isAuthorized(principalId, namespaceCode, permissionName,
                 new AttributeSet(getPermissionDetailValues(dataObject)),
                 new AttributeSet(getRoleQualification(dataObject, principalId)));
     }
 
     public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
             String principalId) {
         return getIdentityManagementService().isAuthorizedByTemplateName(principalId, namespaceCode,
                 permissionTemplateName, new AttributeSet(getPermissionDetailValues(dataObject)),
                 new AttributeSet(getRoleQualification(dataObject, principalId)));
     }
 
     public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,
             String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
             Map<String, String> collectionOrFieldLevelRoleQualification) {
         AttributeSet roleQualifiers = null;
         AttributeSet permissionDetails = null;
         if (collectionOrFieldLevelRoleQualification != null) {
             roleQualifiers = new AttributeSet(getRoleQualification(dataObject, principalId));
             roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
         }
         else {
             roleQualifiers = new AttributeSet(getRoleQualification(dataObject, principalId));
         }
         if (collectionOrFieldLevelPermissionDetails != null) {
             permissionDetails = new AttributeSet(getPermissionDetailValues(dataObject));
             permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
         }
         else {
             permissionDetails = new AttributeSet(getPermissionDetailValues(dataObject));
         }
 
         return getIdentityManagementService().isAuthorized(principalId, namespaceCode, permissionName,
                 permissionDetails, roleQualifiers);
     }
 
     public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
             String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
             Map<String, String> collectionOrFieldLevelRoleQualification) {
         AttributeSet roleQualifiers = new AttributeSet(getRoleQualification(dataObject, principalId));
         AttributeSet permissionDetails = new AttributeSet(getPermissionDetailValues(dataObject));
 
         if (collectionOrFieldLevelRoleQualification != null) {
             roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
         }
         if (collectionOrFieldLevelPermissionDetails != null) {
             permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
         }
 
         return getIdentityManagementService().isAuthorizedByTemplateName(principalId, namespaceCode,
                 permissionTemplateName, permissionDetails, roleQualifiers);
     }
 
     /**
      * Returns a role qualification map based off data from the primary business
      * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
      * 
      * @param primaryDataObjectOrDocument
      *            the primary data object (i.e. the main object instance behind
      *            the lookup result row or inquiry) or the document
      * @return a Map containing role qualifications
      */
     protected final Map<String, String> getRoleQualification(Object primaryDataObjectOrDocument) {
         return getRoleQualification(primaryDataObjectOrDocument, GlobalVariables.getUserSession().getPerson()
                 .getPrincipalId());
     }
 
     protected final Map<String, String> getRoleQualification(Object primaryDataObjectOrDocument, String principalId) {
         Map<String, String> roleQualification = new HashMap<String, String>();
         addRoleQualification(primaryDataObjectOrDocument, roleQualification);
         roleQualification.put(KimConstants.AttributeConstants.PRINCIPAL_ID, principalId);
 
         return roleQualification;
     }
 
     /**
      * Returns a permission details map based off data from the primary business
      * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
      * 
      * @param primaryDataObjectOrDocument
      *            the primary data object (i.e. the main object instance behind
      *            the lookup result row or inquiry) or the document
      * @return a Map containing permission details
      */
     protected final Map<String, String> getPermissionDetailValues(Object primaryDataObjectOrDocument) {
         Map<String, String> permissionDetails = new HashMap<String, String>();
         addPermissionDetails(primaryDataObjectOrDocument, permissionDetails);
 
         return permissionDetails;
     }
 
     protected static final IdentityManagementService getIdentityManagementService() {
         if (identityManagementService == null) {
             identityManagementService = KimApiServiceLocator.getIdentityManagementService();
         }
         return identityManagementService;
     }
 
     protected static final PersonService getPersonService() {
         if (personService == null) {
             personService = KimApiServiceLocator.getPersonService();
         }
         return personService;
     }
 
     protected static final KualiModuleService getKualiModuleService() {
         if (kualiModuleService == null) {
             kualiModuleService = KNSServiceLocatorWeb.getKualiModuleService();
         }
         return kualiModuleService;
     }
 
     protected static final DataDictionaryService getDataDictionaryService() {
         if (dataDictionaryService == null) {
             dataDictionaryService = KNSServiceLocatorWeb.getDataDictionaryService();
         }
         return dataDictionaryService;
     }
 
 }

1		/*
2		* Copyright 2011 The Kuali Foundation
3		*
4		* Licensed under the Educational Community License, Version 1.0 (the
5		* "License"); you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.opensource.org/licenses/ecl1.php
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12		* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13		* License for the specific language governing permissions and limitations under
14		* the License.
15		*/
16		package org.kuali.rice.kns.uif.authorization;
17
18		import java.util.HashMap;
19		import java.util.HashSet;
20		import java.util.Map;
21		import java.util.Set;
22
23		import org.kuali.rice.core.util.AttributeSet;
24		import org.kuali.rice.kim.api.services.IdentityManagementService;
25		import org.kuali.rice.kim.api.services.KimApiServiceLocator;
26		import org.kuali.rice.kim.bo.Person;
27		import org.kuali.rice.kim.service.PersonService;
28		import org.kuali.rice.kim.util.KimConstants;
29		import org.kuali.rice.kns.service.DataDictionaryService;
30		import org.kuali.rice.kns.service.KNSServiceLocatorWeb;
31		import org.kuali.rice.kns.service.KualiModuleService;
32		import org.kuali.rice.kns.util.GlobalVariables;
33		import org.kuali.rice.kns.util.KNSUtils;
34		import org.kuali.rice.kns.web.spring.form.UifFormBase;
35
36		/**
37		* @author Kuali Rice Team (rice.collab@kuali.org)
38		*/
39	0	public class AuthorizerBase implements Authorizer {
40
41		private static IdentityManagementService identityManagementService;
42		private static PersonService personService;
43		private static KualiModuleService kualiModuleService;
44		private static DataDictionaryService dataDictionaryService;
45
46		/**
47		* @see org.kuali.rice.kns.uif.authorization.Authorizer#getActionFlags(org.kuali.rice.kns.web.spring.form.UifFormBase,
48		* org.kuali.rice.kim.bo.Person, java.util.Set)
49		*/
50		public Set<String> getActionFlags(UifFormBase model, Person user, Set<String> documentActions) {
51	0	return documentActions;
52		}
53
54		/**
55		* @see org.kuali.rice.kns.uif.authorization.Authorizer#getEditModes(org.kuali.rice.kns.web.spring.form.UifFormBase,
56		* org.kuali.rice.kim.bo.Person, java.util.Set)
57		*/
58		public Set<String> getEditModes(UifFormBase model, Person user, Set<String> editModes) {
59	0	return editModes;
60		}
61
62		/**
63		* @see org.kuali.rice.kns.uif.authorization.Authorizer#getSecurePotentiallyHiddenGroupIds()
64		*/
65		public Set<String> getSecurePotentiallyHiddenGroupIds() {
66	0	return new HashSet<String>();
67		}
68
69		/**
70		* @see org.kuali.rice.kns.uif.authorization.Authorizer#getSecurePotentiallyReadOnlyGroupIds()
71		*/
72		public Set<String> getSecurePotentiallyReadOnlyGroupIds() {
73	0	return new HashSet<String>();
74		}
75
76		/**
77		* Override this method to populate the role qualifier attributes from the
78		* primary data object or document. This will only be called once per
79		* request.
80		*
81		* @param primaryDataObjectOrDocument
82		* - the primary data object (i.e. the main object instance
83		* behind the lookup result row or inquiry) or the document
84		* @param attributes
85		* - role qualifiers will be added to this map
86		*/
87		protected void addRoleQualification(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
88	0	addStandardAttributes(primaryDataObjectOrDocument, attributes);
89	0	}
90
91		/**
92		* Override this method to populate the permission details from the primary
93		* data object or document. This will only be called once per request.
94		*
95		* @param primaryDataObjectOrDocument
96		* - the primary data object (i.e. the main object instance
97		* behind the lookup result row or inquiry) or the document
98		* @param attributes
99		* - permission details will be added to this map
100		*/
101		protected void addPermissionDetails(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
102	0	addStandardAttributes(primaryDataObjectOrDocument, attributes);
103	0	}
104
105		/**
106		* @param primaryDataObjectOrDocument
107		* - the primary data object (i.e. the main object instance
108		* behind the lookup result row or inquiry) or the document
109		* @param attributes
110		* - attributes (i.e. role qualifications or permission details)
111		* will be added to this map
112		*/
113		private void addStandardAttributes(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
114	0	attributes.putAll(KNSUtils.getNamespaceAndComponentSimpleName(primaryDataObjectOrDocument.getClass()));
115	0	}
116
117		protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
118		String permissionTemplateName) {
119	0	return getIdentityManagementService().isPermissionDefinedForTemplateName(namespaceCode, permissionTemplateName,
120		new AttributeSet(getPermissionDetailValues(dataObject)));
121		}
122
123		protected final boolean permissionExistsByTemplate(String namespaceCode, String permissionTemplateName,
124		Map<String, String> permissionDetails) {
125	0	return getIdentityManagementService().isPermissionDefinedForTemplateName(namespaceCode, permissionTemplateName,
126		new AttributeSet(permissionDetails));
127		}
128
129		protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
130		String permissionTemplateName, Map<String, String> permissionDetails) {
131	0	AttributeSet combinedPermissionDetails = new AttributeSet(getPermissionDetailValues(dataObject));
132	0	combinedPermissionDetails.putAll(permissionDetails);
133
134	0	return getIdentityManagementService().isPermissionDefinedForTemplateName(namespaceCode, permissionTemplateName,
135		combinedPermissionDetails);
136		}
137
138		public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName, String principalId) {
139	0	return getIdentityManagementService().isAuthorized(principalId, namespaceCode, permissionName,
140		new AttributeSet(getPermissionDetailValues(dataObject)),
141		new AttributeSet(getRoleQualification(dataObject, principalId)));
142		}
143
144		public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
145		String principalId) {
146	0	return getIdentityManagementService().isAuthorizedByTemplateName(principalId, namespaceCode,
147		permissionTemplateName, new AttributeSet(getPermissionDetailValues(dataObject)),
148		new AttributeSet(getRoleQualification(dataObject, principalId)));
149		}
150
151		public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,
152		String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
153		Map<String, String> collectionOrFieldLevelRoleQualification) {
154	0	AttributeSet roleQualifiers = null;
155	0	AttributeSet permissionDetails = null;
156	0	if (collectionOrFieldLevelRoleQualification != null) {
157	0	roleQualifiers = new AttributeSet(getRoleQualification(dataObject, principalId));
158	0	roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
159		}
160		else {
161	0	roleQualifiers = new AttributeSet(getRoleQualification(dataObject, principalId));
162		}
163	0	if (collectionOrFieldLevelPermissionDetails != null) {
164	0	permissionDetails = new AttributeSet(getPermissionDetailValues(dataObject));
165	0	permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
166		}
167		else {
168	0	permissionDetails = new AttributeSet(getPermissionDetailValues(dataObject));
169		}
170
171	0	return getIdentityManagementService().isAuthorized(principalId, namespaceCode, permissionName,
172		permissionDetails, roleQualifiers);
173		}
174
175		public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
176		String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
177		Map<String, String> collectionOrFieldLevelRoleQualification) {
178	0	AttributeSet roleQualifiers = new AttributeSet(getRoleQualification(dataObject, principalId));
179	0	AttributeSet permissionDetails = new AttributeSet(getPermissionDetailValues(dataObject));
180
181	0	if (collectionOrFieldLevelRoleQualification != null) {
182	0	roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
183		}
184	0	if (collectionOrFieldLevelPermissionDetails != null) {
185	0	permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
186		}
187
188	0	return getIdentityManagementService().isAuthorizedByTemplateName(principalId, namespaceCode,
189		permissionTemplateName, permissionDetails, roleQualifiers);
190		}
191
192		/**
193		* Returns a role qualification map based off data from the primary business
194		* object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
195		*
196		* @param primaryDataObjectOrDocument
197		* the primary data object (i.e. the main object instance behind
198		* the lookup result row or inquiry) or the document
199		* @return a Map containing role qualifications
200		*/
201		protected final Map<String, String> getRoleQualification(Object primaryDataObjectOrDocument) {
202	0	return getRoleQualification(primaryDataObjectOrDocument, GlobalVariables.getUserSession().getPerson()
203		.getPrincipalId());
204		}
205
206		protected final Map<String, String> getRoleQualification(Object primaryDataObjectOrDocument, String principalId) {
207	0	Map<String, String> roleQualification = new HashMap<String, String>();
208	0	addRoleQualification(primaryDataObjectOrDocument, roleQualification);
209	0	roleQualification.put(KimConstants.AttributeConstants.PRINCIPAL_ID, principalId);
210
211	0	return roleQualification;
212		}
213
214		/**
215		* Returns a permission details map based off data from the primary business
216		* object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
217		*
218		* @param primaryDataObjectOrDocument
219		* the primary data object (i.e. the main object instance behind
220		* the lookup result row or inquiry) or the document
221		* @return a Map containing permission details
222		*/
223		protected final Map<String, String> getPermissionDetailValues(Object primaryDataObjectOrDocument) {
224	0	Map<String, String> permissionDetails = new HashMap<String, String>();
225	0	addPermissionDetails(primaryDataObjectOrDocument, permissionDetails);
226
227	0	return permissionDetails;
228		}
229
230		protected static final IdentityManagementService getIdentityManagementService() {
231	0	if (identityManagementService == null) {
232	0	identityManagementService = KimApiServiceLocator.getIdentityManagementService();
233		}
234	0	return identityManagementService;
235		}
236
237		protected static final PersonService getPersonService() {
238	0	if (personService == null) {
239	0	personService = KimApiServiceLocator.getPersonService();
240		}
241	0	return personService;
242		}
243
244		protected static final KualiModuleService getKualiModuleService() {
245	0	if (kualiModuleService == null) {
246	0	kualiModuleService = KNSServiceLocatorWeb.getKualiModuleService();
247		}
248	0	return kualiModuleService;
249		}
250
251		protected static final DataDictionaryService getDataDictionaryService() {
252	0	if (dataDictionaryService == null) {
253	0	dataDictionaryService = KNSServiceLocatorWeb.getDataDictionaryService();
254		}
255	0	return dataDictionaryService;
256		}
257
258		}