Coverage Report - org.kuali.rice.kns.service.impl.BusinessObjectAuthorizationServiceImpl
 
Classes in this File Line Coverage Branch Coverage Complexity
BusinessObjectAuthorizationServiceImpl
0%
0/204
0%
0/114
4
 
 1   
 /*
 2   
  * Copyright 2007-2008 The Kuali Foundation
 3   
  *
 4   
  * Licensed under the Educational Community License, Version 2.0 (the "License");
 5   
  * you may not use this file except in compliance with the License.
 6   
  * You may obtain a copy of the License at
 7   
  *
 8   
  * http://www.opensource.org/licenses/ecl2.php
 9   
  *
 10   
  * Unless required by applicable law or agreed to in writing, software
 11   
  * distributed under the License is distributed on an "AS IS" BASIS,
 12   
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13   
  * See the License for the specific language governing permissions and
 14   
  * limitations under the License.
 15   
  */
 16   
 package org.kuali.rice.kns.service.impl;
 17   
 
 18   
 import org.apache.commons.beanutils.PropertyUtils;
 19   
 import org.apache.commons.lang.StringUtils;
 20   
 import org.kuali.rice.core.api.config.property.ConfigurationService;
 21   
 import org.kuali.rice.kim.api.services.KimApiServiceLocator;
 22   
 import org.kuali.rice.kim.bo.Person;
 23   
 import org.kuali.rice.kim.service.PermissionService;
 24   
 import org.kuali.rice.kim.util.KimConstants;
 25   
 import org.kuali.rice.kns.datadictionary.BusinessObjectEntry;
 26   
 import org.kuali.rice.kns.datadictionary.FieldDefinition;
 27   
 import org.kuali.rice.kns.datadictionary.InquiryCollectionDefinition;
 28   
 import org.kuali.rice.kns.datadictionary.InquirySectionDefinition;
 29   
 import org.kuali.rice.kns.datadictionary.MaintainableCollectionDefinition;
 30   
 import org.kuali.rice.kns.datadictionary.MaintainableItemDefinition;
 31   
 import org.kuali.rice.kns.datadictionary.MaintainableSectionDefinition;
 32   
 import org.kuali.rice.kns.datadictionary.MaintenanceDocumentEntry;
 33   
 import org.kuali.rice.kns.document.MaintenanceDocument;
 34   
 import org.kuali.rice.kns.document.authorization.BusinessObjectRestrictions;
 35   
 import org.kuali.rice.kns.document.authorization.BusinessObjectRestrictionsBase;
 36   
 import org.kuali.rice.kns.document.authorization.InquiryOrMaintenanceDocumentRestrictions;
 37   
 import org.kuali.rice.kns.document.authorization.InquiryOrMaintenanceDocumentRestrictionsBase;
 38   
 import org.kuali.rice.kns.document.authorization.MaintenanceDocumentRestrictions;
 39   
 import org.kuali.rice.kns.document.authorization.MaintenanceDocumentRestrictionsBase;
 40   
 import org.kuali.rice.kns.inquiry.InquiryRestrictions;
 41   
 import org.kuali.rice.kns.service.BusinessObjectAuthorizationService;
 42   
 import org.kuali.rice.kns.service.KNSServiceLocator;
 43   
 import org.kuali.rice.kns.service.MaintenanceDocumentDictionaryService;
 44   
 import org.kuali.rice.krad.authorization.BusinessObjectAuthorizer;
 45   
 import org.kuali.rice.krad.bo.BusinessObject;
 46   
 import org.kuali.rice.krad.bo.authorization.InquiryOrMaintenanceDocumentAuthorizer;
 47   
 import org.kuali.rice.krad.bo.authorization.InquiryOrMaintenanceDocumentPresentationController;
 48   
 import org.kuali.rice.krad.datadictionary.AttributeDefinition;
 49   
 import org.kuali.rice.krad.datadictionary.DataObjectEntry;
 50   
 import org.kuali.rice.krad.document.Document;
 51   
 import org.kuali.rice.krad.document.authorization.MaintenanceDocumentAuthorizer;
 52   
 import org.kuali.rice.krad.document.authorization.MaintenanceDocumentPresentationController;
 53   
 import org.kuali.rice.krad.inquiry.InquiryAuthorizer;
 54   
 import org.kuali.rice.krad.inquiry.InquiryPresentationController;
 55   
 import org.kuali.rice.krad.service.BusinessObjectDictionaryService;
 56   
 import org.kuali.rice.krad.service.DataDictionaryService;
 57   
 import org.kuali.rice.krad.service.DocumentHelperService;
 58   
 import org.kuali.rice.krad.service.KRADServiceLocator;
 59   
 import org.kuali.rice.krad.service.KRADServiceLocatorWeb;
 60   
 import org.kuali.rice.krad.service.impl.DataObjectAuthorizationServiceImpl;
 61   
 import org.kuali.rice.krad.util.KRADConstants;
 62   
 import org.kuali.rice.krad.util.KRADUtils;
 63   
 import org.kuali.rice.krad.util.ObjectUtils;
 64   
 
 65   
 import java.util.Collection;
 66   
 import java.util.HashMap;
 67   
 import java.util.Iterator;
 68   
 import java.util.List;
 69   
 import java.util.Map;
 70   
 
 71   
 @Deprecated
 72  0 
 public class BusinessObjectAuthorizationServiceImpl extends DataObjectAuthorizationServiceImpl implements BusinessObjectAuthorizationService {
 73   
         private DataDictionaryService dataDictionaryService;
 74   
         private PermissionService permissionService;
 75   
         private BusinessObjectDictionaryService businessObjectDictionaryService;
 76   
         private DocumentHelperService documentHelperService;
 77   
         private MaintenanceDocumentDictionaryService maintenanceDocumentDictionaryService;
 78   
         private ConfigurationService kualiConfigurationService;
 79   
 
 80   
         public BusinessObjectRestrictions getLookupResultRestrictions(
 81   
                         Object dataObject, Person user) {
 82  0 
                 BusinessObjectRestrictions businessObjectRestrictions = new BusinessObjectRestrictionsBase();
 83  0 
                 considerBusinessObjectFieldUnmaskAuthorization(dataObject, user,
 84   
                                 businessObjectRestrictions, "", null);
 85  0 
                 return businessObjectRestrictions;
 86   
         }
 87   
 
 88   
         public InquiryRestrictions getInquiryRestrictions(
 89   
                         BusinessObject businessObject, Person user) {
 90  0 
                 InquiryRestrictions inquiryRestrictions = new InquiryOrMaintenanceDocumentRestrictionsBase();
 91  0 
                 BusinessObjectEntry businessObjectEntry = (BusinessObjectEntry) getDataDictionaryService()
 92   
                                 .getDataDictionary().getBusinessObjectEntry(
 93   
                                                 businessObject.getClass().getName());
 94  0 
                 InquiryPresentationController inquiryPresentationController = getBusinessObjectDictionaryService()
 95   
                                 .getInquiryPresentationController(businessObject.getClass());
 96  0 
                 InquiryAuthorizer inquiryAuthorizer = getBusinessObjectDictionaryService()
 97   
                                 .getInquiryAuthorizer(businessObject.getClass());
 98  0 
                 considerBusinessObjectFieldUnmaskAuthorization(businessObject, user,
 99   
                                 inquiryRestrictions, "", null);
 100  0 
                 considerBusinessObjectFieldViewAuthorization(businessObjectEntry,
 101   
                                 businessObject, null, user, inquiryAuthorizer, inquiryRestrictions,
 102   
                                 "");
 103  0 
                 considerInquiryOrMaintenanceDocumentPresentationController(
 104   
                                 inquiryPresentationController, businessObject,
 105   
                                 inquiryRestrictions);
 106  0 
                 considerInquiryOrMaintenanceDocumentAuthorizer(inquiryAuthorizer,
 107   
                                 businessObject, user, inquiryRestrictions);
 108  0 
                 for (InquirySectionDefinition inquirySectionDefinition : businessObjectEntry.getInquiryDefinition().getInquirySections()) {
 109  0 
                         if (inquirySectionDefinition.getInquiryCollections() != null) {
 110  0 
                                 addInquirableItemRestrictions(inquirySectionDefinition.getInquiryCollections().values(), inquiryAuthorizer,
 111   
                                                 inquiryRestrictions, businessObject, businessObject, "", user);
 112   
                         }
 113   
                         // Collections may also be stored in the inquiry fields, so we need to parse through that
 114  0 
                         List<FieldDefinition> inquiryFields = inquirySectionDefinition.getInquiryFields();
 115  0 
                         if (inquiryFields != null) {
 116  0 
                                 for (FieldDefinition fieldDefinition : inquiryFields) {
 117  0 
                                         addInquirableItemRestrictions(inquiryFields, inquiryAuthorizer,
 118   
                                                         inquiryRestrictions, businessObject, businessObject, "", user);
 119   
                                 }
 120   
                         }
 121  0 
                 }
 122   
 
 123  0 
                 return inquiryRestrictions;
 124   
         }
 125   
 
 126   
         public MaintenanceDocumentRestrictions getMaintenanceDocumentRestrictions(
 127   
                         MaintenanceDocument maintenanceDocument, Person user) {
 128   
 
 129  0 
                 MaintenanceDocumentRestrictions maintenanceDocumentRestrictions = new MaintenanceDocumentRestrictionsBase();
 130  0 
                 DataObjectEntry dataObjectEntry = getDataDictionaryService()
 131   
                                 .getDataDictionary().getDataObjectEntry(
 132   
                                                 maintenanceDocument.getNewMaintainableObject()
 133   
                                                                 .getDataObject().getClass().getName());
 134  0 
                 MaintenanceDocumentPresentationController maintenanceDocumentPresentationController = (MaintenanceDocumentPresentationController) getDocumentHelperService()
 135   
                                 .getDocumentPresentationController(maintenanceDocument);
 136  0 
                 MaintenanceDocumentAuthorizer maintenanceDocumentAuthorizer = (MaintenanceDocumentAuthorizer) getDocumentHelperService()
 137   
                                 .getDocumentAuthorizer(maintenanceDocument);
 138  0 
                 considerBusinessObjectFieldUnmaskAuthorization(maintenanceDocument
 139   
                                 .getNewMaintainableObject().getDataObject(), user,
 140   
                                 maintenanceDocumentRestrictions, "", maintenanceDocument );
 141  0 
                 considerBusinessObjectFieldViewAuthorization(dataObjectEntry,
 142   
                                 maintenanceDocument.getNewMaintainableObject().getDataObject(),
 143   
                                 null, user, maintenanceDocumentAuthorizer,
 144   
                                 maintenanceDocumentRestrictions, "");
 145  0 
                 considerBusinessObjectFieldModifyAuthorization(dataObjectEntry,
 146   
                                 maintenanceDocument.getNewMaintainableObject().getDataObject(),
 147   
                                 null, user, maintenanceDocumentAuthorizer,
 148   
                                 maintenanceDocumentRestrictions, "");
 149  0 
                 considerCustomButtonFieldAuthorization(dataObjectEntry,
 150   
                                 maintenanceDocument.getNewMaintainableObject().getDataObject(),
 151   
                                 null, user, maintenanceDocumentAuthorizer,
 152   
                                 maintenanceDocumentRestrictions, "");
 153  0 
                 considerInquiryOrMaintenanceDocumentPresentationController(
 154   
                                 maintenanceDocumentPresentationController, maintenanceDocument,
 155   
                                 maintenanceDocumentRestrictions);
 156  0 
                 considerInquiryOrMaintenanceDocumentAuthorizer(
 157   
                                 maintenanceDocumentAuthorizer, maintenanceDocument, user,
 158   
                                 maintenanceDocumentRestrictions);
 159  0 
                 considerMaintenanceDocumentPresentationController(
 160   
                                 maintenanceDocumentPresentationController, maintenanceDocument,
 161   
                                 maintenanceDocumentRestrictions);
 162  0 
                 considerMaintenanceDocumentAuthorizer(maintenanceDocumentAuthorizer,
 163   
                                 maintenanceDocument, user, maintenanceDocumentRestrictions);
 164   
 
 165  0 
                 MaintenanceDocumentEntry maintenanceDocumentEntry = getMaintenanceDocumentDictionaryService().getMaintenanceDocumentEntry(maintenanceDocument
 166   
                                 .getDocumentHeader().getWorkflowDocument().getDocumentTypeName());
 167  0 
                 for (MaintainableSectionDefinition maintainableSectionDefinition : maintenanceDocumentEntry.getMaintainableSections()) {
 168  0 
                         addMaintainableItemRestrictions(maintainableSectionDefinition.getMaintainableItems(), maintenanceDocumentAuthorizer, maintenanceDocumentRestrictions,
 169   
                                         maintenanceDocument, maintenanceDocument.getNewMaintainableObject().getBusinessObject(), "", user);
 170   
                 }
 171  0 
                 return maintenanceDocumentRestrictions;
 172   
         }
 173   
 
 174   
         protected void considerBusinessObjectFieldUnmaskAuthorization(Object dataObject, Person user, BusinessObjectRestrictions businessObjectRestrictions, String propertyPrefix, Document document) {
 175  0 
                 DataObjectEntry objectEntry = getDataDictionaryService().getDataDictionary().getDataObjectEntry(dataObject.getClass().getName());
 176  0 
                 for (String attributeName : objectEntry.getAttributeNames()) {
 177  0 
                         AttributeDefinition attributeDefinition = objectEntry.getAttributeDefinition(attributeName);
 178  0 
                         if (attributeDefinition.getAttributeSecurity() != null) {
 179  0 
                                 if (attributeDefinition.getAttributeSecurity().isMask() &&
 180   
                                                 !canFullyUnmaskField(user, dataObject.getClass(), attributeName, document)) {
 181  0 
                                         businessObjectRestrictions.addFullyMaskedField(propertyPrefix + attributeName, attributeDefinition.getAttributeSecurity().getMaskFormatter());
 182   
                                 }
 183  0 
                                 if (attributeDefinition.getAttributeSecurity().isPartialMask() &&
 184   
                                                 !canPartiallyUnmaskField(user, dataObject.getClass(), attributeName, document)) {
 185  0 
                                         businessObjectRestrictions.addPartiallyMaskedField(propertyPrefix + attributeName, attributeDefinition.getAttributeSecurity().getPartialMaskFormatter());
 186   
                                 }
 187   
                         }
 188  0 
                 }
 189  0 
         }
 190   
 
 191   
         /**
 192   
          * @param dataObjectEntry if collectionItemBusinessObject is not null, then it is the DD entry for collectionItemBusinessObject.
 193   
          * Otherwise, it is the entry for primaryBusinessObject
 194   
          * @param primaryDataObject the top-level BO that is being inquiried or maintained
 195   
          * @param collectionItemBusinessObject an element of a collection under the primaryBusinessObject that we are evaluating view auths for
 196   
          * @param user the logged in user
 197   
          * @param businessObjectAuthorizer
 198   
          * @param inquiryOrMaintenanceDocumentRestrictions
 199   
          * @param propertyPrefix
 200   
          */
 201   
         protected void considerBusinessObjectFieldViewAuthorization(
 202   
                         DataObjectEntry dataObjectEntry,
 203   
                         Object primaryDataObject,
 204   
                         BusinessObject collectionItemBusinessObject,
 205   
                         Person user,
 206   
                         BusinessObjectAuthorizer businessObjectAuthorizer,
 207   
                         InquiryOrMaintenanceDocumentRestrictions inquiryOrMaintenanceDocumentRestrictions,
 208   
                         String propertyPrefix) {
 209  0 
                 for (String attributeName : dataObjectEntry.getAttributeNames()) {
 210  0 
                         AttributeDefinition attributeDefinition = dataObjectEntry
 211   
                                         .getAttributeDefinition(attributeName);
 212  0 
                         if (attributeDefinition.getAttributeSecurity() != null) {
 213  0 
                                 if (attributeDefinition.getAttributeSecurity().isHide()) {
 214  0 
                                         Map<String, String> collectionItemPermissionDetails = new HashMap<String, String>();
 215  0 
                                         Map<String, String> collectionItemRoleQualifications = null;
 216  0 
                                         if (ObjectUtils.isNotNull(collectionItemBusinessObject)) {
 217  0 
                                                 collectionItemPermissionDetails.putAll(getFieldPermissionDetails(collectionItemBusinessObject, attributeName));
 218  0 
                                                 collectionItemPermissionDetails.putAll(businessObjectAuthorizer.
 219   
                                                                 getCollectionItemPermissionDetails(collectionItemBusinessObject));
 220  0 
                                                 collectionItemRoleQualifications = new HashMap<String, String>(businessObjectAuthorizer.
 221   
                                                                 getCollectionItemRoleQualifications(collectionItemBusinessObject));
 222   
                                         }
 223   
                                         else {
 224  0 
                                                 collectionItemPermissionDetails.putAll(getFieldPermissionDetails(primaryDataObject, attributeName));
 225   
                                         }
 226  0 
                                         if (!businessObjectAuthorizer
 227   
                                                         .isAuthorizedByTemplate(
 228   
                                                                         primaryDataObject,
 229   
                                                                         KRADConstants.KRAD_NAMESPACE,
 230   
                                                                         KimConstants.PermissionTemplateNames.VIEW_FIELD,
 231   
                                                                         user.getPrincipalId(),
 232   
                                                                         collectionItemPermissionDetails,
 233   
                                                                         collectionItemRoleQualifications)) {
 234  0 
                                                 inquiryOrMaintenanceDocumentRestrictions
 235   
                                                                 .addHiddenField(propertyPrefix + attributeName);
 236   
                                         }
 237   
                                 }
 238   
                         }
 239  0 
                 }
 240  0 
         }
 241   
 
 242   
         /**
 243   
          * @param dataObjectEntry if collectionItemBusinessObject is not null, then it is the DD entry for collectionItemBusinessObject.
 244   
          * Otherwise, it is the entry for primaryBusinessObject
 245   
          * @param primaryDataObject the top-level BO that is being inquiried or maintained
 246   
          * @param collectionItemBusinessObject an element of a collection under the primaryBusinessObject that we are evaluating view auths for
 247   
          * @param user the logged in user
 248   
          * @param businessObjectAuthorizer
 249   
          * @param inquiryOrMaintenanceDocumentRestrictions
 250   
          * @param propertyPrefix
 251   
          */
 252   
         protected void considerBusinessObjectFieldModifyAuthorization(
 253   
                         DataObjectEntry dataObjectEntry,
 254   
                         Object primaryDataObject,
 255   
                         BusinessObject collectionItemBusinessObject, Person user,
 256   
                         BusinessObjectAuthorizer businessObjectAuthorizer,
 257   
                         MaintenanceDocumentRestrictions maintenanceDocumentRestrictions,
 258   
                         String propertyPrefix) {
 259  0 
                 for (String attributeName : dataObjectEntry.getAttributeNames()) {
 260  0 
                         AttributeDefinition attributeDefinition = dataObjectEntry
 261   
                                         .getAttributeDefinition(attributeName);
 262  0 
                         if (attributeDefinition.getAttributeSecurity() != null) {
 263  0 
                                 Map<String, String> collectionItemPermissionDetails = new HashMap<String, String>();
 264  0 
                                 Map<String, String> collectionItemRoleQualifications = null;
 265  0 
                                 if (ObjectUtils.isNotNull(collectionItemBusinessObject)) {
 266  0 
                                         collectionItemPermissionDetails.putAll(getFieldPermissionDetails(collectionItemBusinessObject, attributeName));
 267  0 
                                         collectionItemPermissionDetails.putAll(businessObjectAuthorizer.
 268   
                                                         getCollectionItemPermissionDetails(collectionItemBusinessObject));
 269  0 
                                         collectionItemRoleQualifications = new HashMap<String, String>(businessObjectAuthorizer.
 270   
                                                         getCollectionItemRoleQualifications(collectionItemBusinessObject));
 271   
                                 }
 272   
                                 else {
 273  0 
                                         collectionItemPermissionDetails.putAll(getFieldPermissionDetails(primaryDataObject, attributeName));
 274   
                                 }
 275  0 
                                 if (attributeDefinition.getAttributeSecurity().isReadOnly()) {
 276  0 
                                         if (!businessObjectAuthorizer
 277   
                                                                 .isAuthorizedByTemplate(
 278   
                                                                                 primaryDataObject,
 279   
                                                                                 KRADConstants.KRAD_NAMESPACE,
 280   
                                                                                 KimConstants.PermissionTemplateNames.MODIFY_FIELD,
 281   
                                                                                 user.getPrincipalId(),
 282   
                                                                                 collectionItemPermissionDetails,
 283   
                                                                                 collectionItemRoleQualifications)) {
 284  0 
                                                 maintenanceDocumentRestrictions
 285   
                                                                 .addReadOnlyField(propertyPrefix + attributeName);
 286   
                                         }
 287   
                                 }
 288   
                         }
 289  0 
                 }
 290  0 
         }
 291   
 
 292   
         /**
 293   
          * @param dataObjectEntry if collectionItemBusinessObject is not null, then it is the DD entry for collectionItemBusinessObject.
 294   
          * Otherwise, it is the entry for primaryBusinessObject
 295   
          * @param primaryDataObject the top-level BO that is being inquiried or maintained
 296   
          * @param collectionItemBusinessObject an element of a collection under the primaryBusinessObject that we are evaluating view auths for
 297   
          * @param user the logged in user
 298   
          * @param businessObjectAuthorizer
 299   
          * @param inquiryOrMaintenanceDocumentRestrictions
 300   
          * @param propertyPrefix
 301   
          */
 302   
         protected void considerCustomButtonFieldAuthorization(
 303   
                         DataObjectEntry dataObjectEntry,
 304   
                         Object primaryDataObject,
 305   
                         BusinessObject collectionItemBusinessObject,
 306   
                         Person user,
 307   
                         BusinessObjectAuthorizer businessObjectAuthorizer,
 308   
                         MaintenanceDocumentRestrictions maintenanceDocumentRestrictions,
 309   
                         String propertyPrefix) {
 310  0 
                 for (String attributeName : dataObjectEntry.getAttributeNames()) {
 311  0 
                         AttributeDefinition attributeDefinition = dataObjectEntry
 312   
                                         .getAttributeDefinition(attributeName);
 313   
                         // TODO what is the equivalent of control.isButton in KRAD
 314  0 
                         if (attributeDefinition.getControl() != null &&
 315   
                                 attributeDefinition.getControl().isButton()) {
 316  0 
                                 Map<String, String> collectionItemPermissionDetails = new HashMap<String, String>();
 317  0 
                                 Map<String, String> collectionItemRoleQualifications = null;
 318  0 
                                 if (ObjectUtils.isNotNull(collectionItemBusinessObject)) {
 319  0 
                                         collectionItemPermissionDetails.putAll(getButtonFieldPermissionDetails(collectionItemBusinessObject, attributeName));
 320  0 
                                         collectionItemPermissionDetails.putAll(businessObjectAuthorizer.
 321   
                                                         getCollectionItemPermissionDetails(collectionItemBusinessObject));
 322  0 
                                         collectionItemRoleQualifications = new HashMap<String, String>(businessObjectAuthorizer.
 323   
                                                         getCollectionItemRoleQualifications(collectionItemBusinessObject));
 324   
                                 }
 325   
                                 else {
 326  0 
                                         getButtonFieldPermissionDetails(primaryDataObject, attributeName);
 327   
                                 }
 328   
 
 329  0 
                                 if (!businessObjectAuthorizer
 330   
                                                 .isAuthorizedByTemplate(
 331   
                                                                 primaryDataObject,
 332   
                                                                 KRADConstants.KRAD_NAMESPACE,
 333   
                                                                 KimConstants.PermissionTemplateNames.PERFORM_CUSTOM_MAINTENANCE_DOCUMENT_FUNCTION,
 334   
                                                                 user.getPrincipalId(),
 335   
                                                                 collectionItemPermissionDetails,
 336   
                                                                 collectionItemRoleQualifications)) {
 337  0 
                                         maintenanceDocumentRestrictions
 338   
                                                         .addHiddenField(propertyPrefix + attributeName);
 339   
                                 }
 340   
                         }
 341  0 
                 }
 342  0 
         }
 343   
 
 344   
         protected void considerInquiryOrMaintenanceDocumentPresentationController(
 345   
                         InquiryOrMaintenanceDocumentPresentationController businessObjectPresentationController,
 346   
                         BusinessObject businessObject,
 347   
                         InquiryOrMaintenanceDocumentRestrictions inquiryOrMaintenanceDocumentRestrictions) {
 348  0 
                 for (String attributeName : businessObjectPresentationController
 349   
                                 .getConditionallyHiddenPropertyNames(businessObject)) {
 350  0 
                         inquiryOrMaintenanceDocumentRestrictions
 351   
                                         .addHiddenField(attributeName);
 352   
                 }
 353  0 
                 for (String sectionId : businessObjectPresentationController
 354   
                                 .getConditionallyHiddenSectionIds(businessObject)) {
 355  0 
                         inquiryOrMaintenanceDocumentRestrictions
 356   
                                         .addHiddenSectionId(sectionId);
 357   
                 }
 358  0 
         }
 359   
 
 360   
         protected void considerInquiryOrMaintenanceDocumentAuthorizer(
 361   
                         InquiryOrMaintenanceDocumentAuthorizer authorizer,
 362   
                         BusinessObject businessObject, Person user,
 363   
                         InquiryOrMaintenanceDocumentRestrictions restrictions) {
 364  0 
                 for (String sectionId : authorizer
 365   
                                 .getSecurePotentiallyHiddenSectionIds()) {
 366  0 
                         Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
 367  0 
                         additionalPermissionDetails
 368   
                                         .put(KimConstants.AttributeConstants.SECTION_ID, sectionId);
 369  0 
                         if (!authorizer.isAuthorizedByTemplate(businessObject,
 370   
                                         KRADConstants.KRAD_NAMESPACE,
 371   
                                         KimConstants.PermissionTemplateNames.VIEW_SECTION, user
 372   
                                                         .getPrincipalId(), additionalPermissionDetails,
 373   
                                         null)) {
 374  0 
                                 restrictions.addHiddenSectionId(sectionId);
 375   
                         }
 376  0 
                 }
 377  0 
         }
 378   
 
 379   
         protected void considerMaintenanceDocumentPresentationController(
 380   
                         MaintenanceDocumentPresentationController presentationController,
 381   
                         MaintenanceDocument document,
 382   
                         MaintenanceDocumentRestrictions restrictions) {
 383  0 
                 for (String attributeName : presentationController
 384   
                                 .getConditionallyReadOnlyPropertyNames(document)) {
 385  0 
                         restrictions.addReadOnlyField(attributeName);
 386   
                 }
 387  0 
                 for (String sectionId : presentationController
 388   
                                 .getConditionallyReadOnlySectionIds(document)) {
 389  0 
                         restrictions.addReadOnlySectionId(sectionId);
 390   
                 }
 391  0 
         }
 392   
 
 393   
         protected void considerMaintenanceDocumentAuthorizer(
 394   
                         MaintenanceDocumentAuthorizer authorizer,
 395   
                         MaintenanceDocument document, Person user,
 396   
                         MaintenanceDocumentRestrictions restrictions) {
 397  0 
                 for (String sectionId : authorizer
 398   
                                 .getSecurePotentiallyReadOnlySectionIds()) {
 399  0 
                         Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
 400  0 
                         additionalPermissionDetails
 401   
                                         .put(KimConstants.AttributeConstants.SECTION_ID, sectionId);
 402  0 
                         if (!authorizer.isAuthorizedByTemplate(document,
 403   
                                         KRADConstants.KRAD_NAMESPACE,
 404   
                                         KimConstants.PermissionTemplateNames.MODIFY_SECTION, user
 405   
                                                         .getPrincipalId(), additionalPermissionDetails,
 406   
                                         null)) {
 407  0 
                                 restrictions.addReadOnlySectionId(sectionId);
 408   
                         }
 409  0 
                 }
 410  0 
         }
 411   
 
 412   
         @SuppressWarnings("unchecked")
 413   
         protected void addInquirableItemRestrictions(Collection sectionDefinitions,
 414   
                         InquiryAuthorizer authorizer, InquiryRestrictions restrictions,
 415   
                         BusinessObject primaryBusinessObject,
 416   
                         BusinessObject businessObject, String propertyPrefix, Person user) {
 417  0 
                 for (Object inquirableItemDefinition : sectionDefinitions) {
 418  0 
                         if (inquirableItemDefinition instanceof InquiryCollectionDefinition) {
 419  0 
                                 InquiryCollectionDefinition inquiryCollectionDefinition = (InquiryCollectionDefinition) inquirableItemDefinition;
 420  0 
                                 BusinessObjectEntry collectionBusinessObjectEntry = (BusinessObjectEntry) getDataDictionaryService()
 421   
                                                 .getDataDictionary().getBusinessObjectEntry(
 422   
                                                                 inquiryCollectionDefinition.getBusinessObjectClass().getName());
 423   
 
 424   
                                 try {
 425  0 
                                         Collection<BusinessObject> collection = (Collection<BusinessObject>) PropertyUtils
 426   
                                                         .getProperty(businessObject,
 427   
                                                                         inquiryCollectionDefinition.getName());
 428  0 
                                         int i = 0;
 429  0 
                                         for (Iterator<BusinessObject> iterator = collection.iterator(); iterator
 430  0 
                                                         .hasNext();) {
 431  0 
                                                 String newPropertyPrefix = propertyPrefix + inquiryCollectionDefinition.getName() + "[" + i + "].";
 432  0 
                                                 BusinessObject collectionItemBusinessObject = iterator.next();
 433  0 
                                                 considerBusinessObjectFieldUnmaskAuthorization(
 434   
                                                                 collectionItemBusinessObject, user, restrictions,
 435   
                                                                 newPropertyPrefix, null);
 436  0 
                                                 considerBusinessObjectFieldViewAuthorization(
 437   
                                                                 collectionBusinessObjectEntry, primaryBusinessObject, collectionItemBusinessObject,
 438   
                                                                 user, authorizer, restrictions, newPropertyPrefix);
 439  0 
                                                 addInquirableItemRestrictions(
 440   
                                                                 inquiryCollectionDefinition
 441   
                                                                                 .getInquiryCollections(),
 442   
                                                                 authorizer,
 443   
                                                                 restrictions,
 444   
                                                                 primaryBusinessObject,
 445   
                                                                 collectionItemBusinessObject,
 446   
                                                                 newPropertyPrefix,
 447   
                                                                 user);
 448  0 
                                                 i++;
 449  0 
                                         }
 450  0 
                                 } catch (Exception e) {
 451  0 
                                         throw new RuntimeException(
 452   
                                                         "Unable to resolve collection property: "
 453   
                                                                         + businessObject.getClass() + ":"
 454   
                                                                         + inquiryCollectionDefinition.getName(), e);
 455  0 
                                 }
 456  0 
                         }
 457   
                 }
 458  0 
         }
 459   
 
 460   
         @SuppressWarnings("unchecked")
 461   
         protected void addMaintainableItemRestrictions(List<? extends MaintainableItemDefinition> itemDefinitions,
 462   
                         MaintenanceDocumentAuthorizer authorizer,
 463   
                         MaintenanceDocumentRestrictions restrictions,
 464   
                         MaintenanceDocument maintenanceDocument,
 465   
                         BusinessObject businessObject, String propertyPrefix, Person user) {
 466  0 
                 for (MaintainableItemDefinition maintainableItemDefinition : itemDefinitions) {
 467  0 
                         if (maintainableItemDefinition instanceof MaintainableCollectionDefinition) {
 468   
                                 try {
 469  0 
                                         MaintainableCollectionDefinition maintainableCollectionDefinition = (MaintainableCollectionDefinition) maintainableItemDefinition;
 470   
 
 471  0 
                                         Collection<BusinessObject> collection = (Collection<BusinessObject>) ObjectUtils
 472   
                                                         .getNestedValue(businessObject,
 473   
                                                                         maintainableItemDefinition.getName());
 474  0 
                                         BusinessObjectEntry collectionBusinessObjectEntry = (BusinessObjectEntry) getDataDictionaryService()
 475   
                                                         .getDataDictionary().getBusinessObjectEntry(
 476   
                                                                         maintainableCollectionDefinition.getBusinessObjectClass().getName());
 477  0 
                                         if (collection != null) {
 478  0 
                                             int i = 0;
 479  0 
                                              for (Iterator<BusinessObject> iterator = collection.iterator(); iterator
 480  0 
                                                         .hasNext();) {
 481  0 
                                                      String newPropertyPrefix = propertyPrefix + maintainableItemDefinition.getName() + "[" + i + "].";
 482  0 
                                                     BusinessObject collectionBusinessObject = iterator.next();
 483  0 
                                                     considerBusinessObjectFieldUnmaskAuthorization(
 484   
                                                                 collectionBusinessObject, user, restrictions,
 485   
                                                                 newPropertyPrefix, maintenanceDocument);
 486  0 
                                                     considerBusinessObjectFieldViewAuthorization(
 487   
                                                                 collectionBusinessObjectEntry, maintenanceDocument, collectionBusinessObject, user,
 488   
                                                                 authorizer, restrictions, newPropertyPrefix);
 489  0 
                                                     considerBusinessObjectFieldModifyAuthorization(
 490   
                                                                 collectionBusinessObjectEntry, maintenanceDocument, collectionBusinessObject, user,
 491   
                                                                 authorizer, restrictions, newPropertyPrefix);
 492  0 
                                                     addMaintainableItemRestrictions(
 493   
                                                                 ((MaintainableCollectionDefinition) maintainableItemDefinition)
 494   
                                                                                 .getMaintainableCollections(),
 495   
                                                                 authorizer, restrictions, maintenanceDocument,
 496   
                                                                 collectionBusinessObject, newPropertyPrefix,
 497   
                                                                 user);
 498  0 
                                                      addMaintainableItemRestrictions(
 499   
                                                                 ((MaintainableCollectionDefinition) maintainableItemDefinition)
 500   
                                                                                 .getMaintainableFields(), authorizer,
 501   
                                                                 restrictions, maintenanceDocument,
 502   
                                                                 collectionBusinessObject, newPropertyPrefix,
 503   
                                                                 user);
 504  0 
                                                     i++;
 505  0 
                                             }
 506   
                                         }
 507  0 
                                 } catch (Exception e) {
 508  0 
                                         throw new RuntimeException(
 509   
                                                         "Unable to resolve collection property: "
 510   
                                                                         + businessObject.getClass() + ":"
 511   
                                                                         + maintainableItemDefinition.getName(), e);
 512  0 
                                 }
 513   
                         }
 514   
                 }
 515  0 
         }
 516   
 
 517   
         public boolean canFullyUnmaskField(Person user,
 518   
                         Class<?> dataObjectClass, String fieldName, Document document) {
 519   
                 // KFSMI-5095
 520  0 
                 if(isNonProductionEnvAndUnmaskingTurnedOff())
 521  0 
                         return false;
 522   
 
 523  0 
                 if(user==null || StringUtils.isEmpty(user.getPrincipalId()))
 524  0 
                         return false;
 525  0 
                 Boolean result = null;
 526  0 
                 if (document != null) { // if a document was passed, evaluate the permission in the context of a document
 527   
                         try { // try/catch and fallthrough is a fix for KULRICE-3365
 528  0 
                                 result = getDocumentHelperService().getDocumentAuthorizer( document )
 529   
                                 .isAuthorizedByTemplate( document,
 530   
                                                 KRADConstants.KRAD_NAMESPACE,
 531   
                                                 KimConstants.PermissionTemplateNames.FULL_UNMASK_FIELD,
 532   
                                                 user.getPrincipalId(), getFieldPermissionDetails(dataObjectClass, fieldName), null  );
 533  0 
                         } catch (IllegalArgumentException e) {
 534   
                                 // document didn't have needed metadata
 535   
                                 // TODO: this requires intimate knowledge of DocumentHelperServiceImpl
 536  0 
                         }
 537   
                 }
 538  0 
                 if (result == null) {
 539  0 
                         result = getPermissionService().isAuthorizedByTemplateName(
 540   
                                         user.getPrincipalId(),
 541   
                                         KRADConstants.KRAD_NAMESPACE,
 542   
                                         KimConstants.PermissionTemplateNames.FULL_UNMASK_FIELD,
 543   
                                         new HashMap<String, String>(getFieldPermissionDetails(dataObjectClass, fieldName)),
 544   
                                         null);
 545   
                 }
 546  0 
                 return result; // should be safe to return Boolean here since the only circumstances that
 547   
                                // will leave it null will result in an exception being thrown above.
 548   
         }
 549   
 
 550   
         public boolean canPartiallyUnmaskField(
 551   
                         Person user, Class<?> dataObjectClass, String fieldName, Document document) {
 552   
                 // KFSMI-5095
 553  0 
                 if(isNonProductionEnvAndUnmaskingTurnedOff())
 554  0 
                         return false;
 555   
 
 556  0 
                 if(user==null || StringUtils.isEmpty(user.getPrincipalId()))
 557  0 
                         return false;
 558   
 
 559  0 
                 if ( document == null ) {
 560  0 
                         return getPermissionService().isAuthorizedByTemplateName(
 561   
                                         user.getPrincipalId(),
 562   
                                         KRADConstants.KRAD_NAMESPACE,
 563   
                                         KimConstants.PermissionTemplateNames.PARTIAL_UNMASK_FIELD,
 564   
                                         new HashMap<String, String>(getFieldPermissionDetails(dataObjectClass,fieldName)),
 565   
                                         null);
 566   
                 } else { // if a document was passed, evaluate the permission in the context of a document
 567  0 
                         return getDocumentHelperService().getDocumentAuthorizer( document )
 568   
                                         .isAuthorizedByTemplate( document,
 569   
                                                                                          KRADConstants.KRAD_NAMESPACE,
 570   
                                                                                          KimConstants.PermissionTemplateNames.PARTIAL_UNMASK_FIELD,
 571   
                                                                                          user.getPrincipalId(), getFieldPermissionDetails(dataObjectClass, fieldName), null  );
 572   
                 }
 573   
         }
 574   
 
 575   
         protected Map<String, String> getFieldPermissionDetails(
 576   
                         Class<?> dataObjectClass, String attributeName) {
 577   
                 try {
 578  0 
                         return getFieldPermissionDetails(dataObjectClass.newInstance(),
 579   
                                         attributeName);
 580  0 
                 } catch (Exception e) {
 581  0 
                         throw new RuntimeException(
 582   
                                         "The getPermissionDetails method of BusinessObjectAuthorizationServiceImpl was unable to instantiate the dataObjectClass"
 583   
                                                         + dataObjectClass, e);
 584   
                 }
 585   
         }
 586   
 
 587   
         protected Map<String, String> getFieldPermissionDetails(
 588   
                         Object dataObject, String attributeName) {
 589  0 
                 Map<String, String> permissionDetails = null;
 590  0 
                 String namespaceCode = null;
 591  0 
                 String componentName = null;
 592  0 
                 String propertyName = null;
 593   
                 // JHK: commenting out for KFSMI-2398 - permission checks need to be done at the level specified
 594   
                 // that is, if the parent object specifies the security, that object should be used for the
 595   
                 // component
 596   
 //                if (attributeName.contains(".")) {
 597   
 //                        try {
 598   
 //                                permissionDetails = KimCommonUtils
 599   
 //                                                .getNamespaceAndComponentSimpleName(PropertyUtils
 600   
 //                                                                .getPropertyType(businessObject, attributeName
 601   
 //                                                                                .substring(0, attributeName
 602   
 //                                                                                                .lastIndexOf("."))));
 603   
 //                        } catch (Exception e) {
 604   
 //                                throw new RuntimeException(
 605   
 //                                                "Unable to discover nested business object class: "
 606   
 //                                                                + businessObject.getClass() + " : "
 607   
 //                                                                + attributeName, e);
 608   
 //                        }
 609   
 //                        permissionDetails.put(KimAttributes.PROPERTY_NAME, attributeName
 610   
 //                                        .substring(attributeName.indexOf(".") + 1));
 611   
 //                } else {
 612  0 
                         permissionDetails = KRADUtils
 613   
                                         .getNamespaceAndComponentSimpleName(dataObject.getClass());
 614  0 
                         permissionDetails.put(KimConstants.AttributeConstants.PROPERTY_NAME, attributeName);
 615   
 //                }
 616  0 
                 return permissionDetails;
 617   
         }
 618   
 
 619   
         protected Map<String, String> getButtonFieldPermissionDetails(
 620   
                         Object businessObject, String attributeName) {
 621  0 
                 Map<String, String> permissionDetails = new HashMap<String, String>();
 622  0 
                 if (attributeName.contains(".")) {
 623  0 
                         permissionDetails.put(KimConstants.AttributeConstants.BUTTON_NAME, attributeName);
 624   
                 } else {
 625  0 
                         permissionDetails.put(KimConstants.AttributeConstants.BUTTON_NAME, attributeName);
 626   
                 }
 627  0 
                 return permissionDetails;
 628   
         }
 629   
 
 630   
         private PermissionService getPermissionService() {
 631  0 
                 if (permissionService == null) {
 632  0 
                         permissionService = KimApiServiceLocator
 633   
                                         .getPermissionService();
 634   
                 }
 635  0 
                 return permissionService;
 636   
         }
 637   
 
 638   
         private BusinessObjectDictionaryService getBusinessObjectDictionaryService() {
 639  0 
                 if (businessObjectDictionaryService == null) {
 640  0 
                         businessObjectDictionaryService = KRADServiceLocatorWeb
 641   
                                         .getBusinessObjectDictionaryService();
 642   
                 }
 643  0 
                 return businessObjectDictionaryService;
 644   
         }
 645   
 
 646   
         private MaintenanceDocumentDictionaryService getMaintenanceDocumentDictionaryService() {
 647  0 
                 if (maintenanceDocumentDictionaryService == null) {
 648  0 
                         maintenanceDocumentDictionaryService = KNSServiceLocator
 649   
                                         .getMaintenanceDocumentDictionaryService();
 650   
                 }
 651  0 
                 return maintenanceDocumentDictionaryService;
 652   
         }
 653   
 
 654   
         private ConfigurationService getKualiConfigurationService() {
 655  0 
                 if (kualiConfigurationService == null) {
 656  0 
                         kualiConfigurationService = KRADServiceLocator.getKualiConfigurationService();
 657   
                 }
 658  0 
                 return kualiConfigurationService;
 659   
         }
 660   
 
 661   
         private boolean isNonProductionEnvAndUnmaskingTurnedOff(){
 662  0 
                 return !getKualiConfigurationService().isProductionEnvironment() &&
 663   
                                 !getKualiConfigurationService().getPropertyAsBoolean(KRADConstants.ENABLE_NONPRODUCTION_UNMASKING);
 664   
         }
 665   
 
 666   
 }
Report generated by Cobertura 1.9.4.1 on 7/11/11 4:47 AM.