001 /**
002 * Copyright 2005-2012 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.rice.krad.bo;
017
018 import org.kuali.rice.kim.api.KimConstants;
019 import org.kuali.rice.kim.api.identity.PersonService;
020 import org.kuali.rice.kim.api.permission.PermissionService;
021 import org.kuali.rice.kim.api.services.KimApiServiceLocator;
022 import org.kuali.rice.krad.util.KRADUtils;
023
024 import java.io.Serializable;
025 import java.util.HashMap;
026 import java.util.Map;
027
028 /**
029 * @author Kuali Rice Team (rice.collab@kuali.org)
030 */
031 public class DataObjectAuthorizerBase implements DataObjectAuthorizer, Serializable {
032 private static final long serialVersionUID = 3987953326458974964L;
033
034 /**
035 * @see DataObjectAuthorizer#isAuthorized(java.lang.Object, java.lang.String, java.lang.String, java.lang.String)
036 */
037 public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,
038 String principalId) {
039 return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName,
040 new HashMap<String, String>(getRoleQualification(dataObject, principalId)));
041 }
042
043 /**
044 * @see DataObjectAuthorizer#isAuthorizedByTemplate(java.lang.Object, java.lang.String, java.lang.String,
045 * java.lang.String)
046 */
047 public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
048 String principalId) {
049 return getPermissionService().isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName,
050 new HashMap<String, String>(getPermissionDetailValues(dataObject)), new HashMap<String, String>(
051 (getRoleQualification(dataObject, principalId))));
052 }
053
054 /**
055 * @see DataObjectAuthorizer#isAuthorized(java.lang.Object, java.lang.String, java.lang.String, java.lang.String)
056 */
057 public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,
058 String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
059 Map<String, String> collectionOrFieldLevelRoleQualification) {
060 Map<String, String> roleQualifiers;
061 Map<String, String> permissionDetails;
062 if (collectionOrFieldLevelRoleQualification != null) {
063 roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
064 roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
065 } else {
066 roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
067 }
068
069 if (collectionOrFieldLevelPermissionDetails != null) {
070 permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
071 permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
072 } else {
073 permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
074 }
075
076 return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName, roleQualifiers);
077 }
078
079 /**
080 * @see DataObjectAuthorizer#isAuthorizedByTemplate(java.lang.Object, java.lang.String, java.lang.String,
081 * java.lang.String)
082 */
083 public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
084 String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
085 Map<String, String> collectionOrFieldLevelRoleQualification) {
086 Map<String, String> roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
087 Map<String, String> permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
088
089 if (collectionOrFieldLevelRoleQualification != null) {
090 roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
091 }
092
093 if (collectionOrFieldLevelPermissionDetails != null) {
094 permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
095 }
096
097 return getPermissionService().isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName,
098 permissionDetails, roleQualifiers);
099 }
100
101 /**
102 * Override this method to populate the role qualifier attributes from the
103 * primary data object or document. This will only be called once per
104 * request.
105 *
106 * @param primaryDataObjectOrDocument - the primary data object (i.e. the main object instance
107 * behind the lookup result row or inquiry) or the document
108 * @param attributes - role qualifiers will be added to this map
109 */
110 protected void addRoleQualification(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
111 addStandardAttributes(primaryDataObjectOrDocument, attributes);
112 }
113
114 /**
115 * Override this method to populate the permission details from the primary
116 * data object or document. This will only be called once per request.
117 *
118 * @param primaryDataObjectOrDocument - the primary data object (i.e. the main object instance
119 * behind the lookup result row or inquiry) or the document
120 * @param attributes - permission details will be added to this map
121 */
122 protected void addPermissionDetails(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
123 addStandardAttributes(primaryDataObjectOrDocument, attributes);
124 }
125
126 /**
127 * @param primaryDataObjectOrDocument - the primary data object (i.e. the main object instance
128 * behind the lookup result row or inquiry) or the document
129 * @param attributes - attributes (i.e. role qualifications or permission details)
130 * will be added to this map
131 */
132 private void addStandardAttributes(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
133 attributes.putAll(KRADUtils.getNamespaceAndComponentSimpleName(primaryDataObjectOrDocument.getClass()));
134 }
135
136 protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
137 String permissionTemplateName) {
138 return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
139 new HashMap<String, String>(getPermissionDetailValues(dataObject)));
140 }
141
142 protected final boolean permissionExistsByTemplate(String namespaceCode, String permissionTemplateName,
143 Map<String, String> permissionDetails) {
144 return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
145 new HashMap<String, String>(permissionDetails));
146 }
147
148 protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
149 String permissionTemplateName, Map<String, String> permissionDetails) {
150 Map<String, String> combinedPermissionDetails = new HashMap<String, String>(getPermissionDetailValues(
151 dataObject));
152 combinedPermissionDetails.putAll(permissionDetails);
153
154 return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
155 combinedPermissionDetails);
156 }
157
158 /**
159 * Returns a role qualification map based off data from the primary business
160 * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
161 *
162 * @param primaryDataObjectOrDocument the primary data object (i.e. the main object instance behind
163 * the lookup result row or inquiry) or the document
164 * @return a Map containing role qualifications
165 */
166 protected final Map<String, String> getRoleQualification(Object primaryDataObjectOrDocument, String principalId) {
167 Map<String, String> roleQualification = new HashMap<String, String>();
168 addRoleQualification(primaryDataObjectOrDocument, roleQualification);
169 roleQualification.put(KimConstants.AttributeConstants.PRINCIPAL_ID, principalId);
170
171 return roleQualification;
172 }
173
174 /**
175 * Returns a permission details map based off data from the primary business
176 * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
177 *
178 * @param primaryDataObjectOrDocument the primary data object (i.e. the main object instance behind
179 * the lookup result row or inquiry) or the document
180 * @return a Map containing permission details
181 */
182 protected final Map<String, String> getPermissionDetailValues(Object primaryDataObjectOrDocument) {
183 Map<String, String> permissionDetails = new HashMap<String, String>();
184 addPermissionDetails(primaryDataObjectOrDocument, permissionDetails);
185
186 return permissionDetails;
187 }
188
189 protected static PermissionService getPermissionService() {
190 return KimApiServiceLocator.getPermissionService();
191 }
192
193 protected static PersonService getPersonService() {
194 return KimApiServiceLocator.getPersonService();
195 }
196 }