View Javadoc

1   /**
2    * Copyright 2005-2012 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kim.rules.ui;
17  
18  import org.apache.commons.lang.StringUtils;
19  import org.kuali.rice.core.api.util.RiceKeyConstants;
20  import org.kuali.rice.kim.api.KimConstants;
21  import org.kuali.rice.kim.api.permission.Permission;
22  import org.kuali.rice.kim.bo.ui.KimDocumentRolePermission;
23  import org.kuali.rice.kim.document.IdentityManagementRoleDocument;
24  import org.kuali.rice.kim.rule.event.ui.AddPermissionEvent;
25  import org.kuali.rice.kim.rule.ui.AddPermissionRule;
26  import org.kuali.rice.krad.rules.DocumentRuleBase;
27  import org.kuali.rice.krad.util.GlobalVariables;
28  
29  import java.util.HashMap;
30  import java.util.Map;
31  
32  /**
33   * This is a description of what this class does - shyu don't forget to fill this in. 
34   * 
35   * @author Kuali Rice Team (rice.collab@kuali.org)
36   *
37   */
38  public class KimDocumentPermissionRule extends DocumentRuleBase implements AddPermissionRule {
39  
40  	public static final String ERROR_PATH = "document.permission.permissionId";
41  	
42  	public boolean processAddPermission(AddPermissionEvent addPermissionEvent) {
43  		KimDocumentRolePermission newPermission = addPermissionEvent.getPermission();
44  		if(newPermission==null || StringUtils.isEmpty(newPermission.getPermissionId())){
45  			GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, new String[] {"Permission"});
46  			return false;
47  		}
48  
49  		Permission kimPermissionInfo = newPermission.getPermission();
50  		if(kimPermissionInfo==null){
51  			GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, new String[] {"Permission"});
52  			return false;
53  		}
54  	    boolean rulePassed = true;
55  		IdentityManagementRoleDocument document = (IdentityManagementRoleDocument)addPermissionEvent.getDocument();
56  		if(!hasPermissionToGrantPermission(kimPermissionInfo, document)){
57  	        GlobalVariables.getMessageMap().putError(KimDocumentPermissionRule.ERROR_PATH, RiceKeyConstants.ERROR_ASSIGN_PERMISSION, 
58  	        		new String[] {kimPermissionInfo.getNamespaceCode(), kimPermissionInfo.getTemplate().getName()});
59  	        return false;
60  		}
61  
62  		if (newPermission == null || StringUtils.isBlank(newPermission.getPermissionId())) {
63              rulePassed = false;
64              GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, new String[] {"Permission"});
65          } else {
66  		    int i = 0;
67          	for (KimDocumentRolePermission permission: document.getPermissions()) {
68  		    	if (permission.getPermissionId().equals(newPermission.getPermissionId())) {
69  		            rulePassed = false;
70  		            GlobalVariables.getMessageMap().putError("document.permissions["+i+"].permissionId", RiceKeyConstants.ERROR_DUPLICATE_ENTRY, new String[] {"Permission"});
71  		    	}
72  		    	i++;
73  		    }
74          }
75  		return rulePassed;
76  	} 
77  
78  	public boolean hasPermissionToGrantPermission(Permission kimPermissionInfo , IdentityManagementRoleDocument document){
79  		Map<String,String> permissionDetails = new HashMap<String,String>();
80  		permissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, kimPermissionInfo.getNamespaceCode());
81  		permissionDetails.put(KimConstants.AttributeConstants.PERMISSION_NAME, kimPermissionInfo.getTemplate().getName());
82  		if (!getDocumentDictionaryService().getDocumentAuthorizer(document).isAuthorizedByTemplate(
83  				document, 
84  				KimConstants.NAMESPACE_CODE, 
85  				KimConstants.PermissionTemplateNames.GRANT_PERMISSION,
86  				GlobalVariables.getUserSession().getPerson().getPrincipalId(), 
87  				permissionDetails, null)) {
88  	        return false;
89  		}
90  		return true;
91  	}
92  	
93  }