View Javadoc

1   /**
2    * Copyright 2005-2015 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.uif.view;
17  
18  import org.kuali.rice.kim.api.identity.Person;
19  import org.kuali.rice.krad.uif.container.CollectionGroup;
20  import org.kuali.rice.krad.uif.container.Group;
21  import org.kuali.rice.krad.uif.field.ActionField;
22  import org.kuali.rice.krad.uif.field.DataField;
23  import org.kuali.rice.krad.uif.field.Field;
24  import org.kuali.rice.krad.uif.field.InputField;
25  import org.kuali.rice.krad.uif.widget.Widget;
26  import org.kuali.rice.krad.web.form.UifFormBase;
27  
28  import java.util.Set;
29  
30  /**
31   * Performs user based authorization for actions and components contained in a {@link View}
32   *
33   * <p>
34   * Note only user authorization is done by the authorizer class. For non-user based logic, use the
35   * {@link ViewPresentationController}
36   * </p>
37   *
38   * @author Kuali Rice Team (rice.collab@kuali.org)
39   */
40  public interface ViewAuthorizer {
41  
42      /**
43       * Returns the set of action flags that are authorized for the given user
44       *
45       * <p>
46       * Action flags are created for views to indicate some action or feature should be enabled. These flags can be
47       * used within expressions for configuring the view content.
48       *
49       * For example:
50       * <bean parent="ActionField" p:methodToCall="save" p:actionLabel="save"
51       * p:render="@{#actionFlags[#Constants.KUALI_ACTION_CAN_SAVE]}"/>
52       * </p>
53       *
54       * <p>
55       * For each action flag, KIM is consulted to determine if a permission exist for the template associated with
56       * the action flag. If so, a check is then made to determine if the user has that permission. If the permission
57       * fails for the user, the action flag is removed from the returned set.
58       * </p>
59       *
60       * <p>
61       * The Set of available action flags should first be exported by the
62       * {@link ViewPresentationController#getActionFlags(View, org.kuali.rice.krad.web.form.UifFormBase)} method. The
63       * set returned from this method will be passed as the method argument here by the framework.
64       * </p>
65       *
66       * @param view - view instance the action flags apply to
67       * @param model - object containing the view data
68       * @param user - user we are authorizing the actions for
69       * @param actions - set of action flags to authorize
70       * @return Set<String> set of action flags that have been authorized, this will be equal to or a subset of the
71       *         actions passed in
72       */
73      public Set<String> getActionFlags(View view, ViewModel model, Person user, Set<String> actions);
74  
75      /**
76       * Returns the set of edit modes that are authorized for the given user
77       *
78       * <p>
79       * An edit mode is a string that identifies a set of editable fields within the view. These are generally used
80       * when the entire view is not editable, but only certain fields. A field can be associated with an edit mode in
81       * two ways. The first is by using the edit mode in an expression when setting the field readOnly property.
82       *
83       * For example:
84       * <property name="readOnly" value="@{!#editModes['specialEdit'] and !fullEdit}" />
85       *
86       * The second way is with the
87       * {@link ViewPresentationController#canEditField(View, ViewModel, org.kuali.rice.krad.uif.field.Field, String)}
88       * method which can look at the edit modes map on the view to determine if the given field should be editable.
89       * </p>
90       *
91       * <p>
92       * For each edit mode, KIM is consulted to determine if a permission exist for the 'Use View' template and
93       * the edit mode detail. If so, a check is then made to determine if the user has that permission. If the
94       * permission
95       * fails for the user, the edit mode is removed from the returned set.
96       * </p>
97       *
98       * <p>
99       * The Set of available edit modes should first be exported by the
100      * {@link ViewPresentationController#getEditModes(View, org.kuali.rice.krad.web.form.UifFormBase)} method. The
101      * set returned from this method will be passed as the method argument here by the framework.
102      * </p>
103      *
104      * @param view - view instance the edit modes apply to
105      * @param model - object containing the view data
106      * @param user - user we are authorizing the actions for
107      * @param editModes - set of edit modes to authorize
108      * @return Set<String> set of edit modes that have been authorized, this will be equal to or a subset of the
109      *         edit mode set passed in
110      */
111     public Set<String> getEditModes(View view, ViewModel model, Person user, Set<String> editModes);
112 
113     /**
114      * Determines if the given user is authorized to open the given view
115      *
116      * @param view - view instance to check authorization for
117      * @param model - object containing the view data
118      * @param user - user to authorize
119      * @return boolean true if the user is authorized to open the view, false otherwise
120      */
121     public boolean canOpenView(View view, ViewModel model, Person user);
122 
123     /**
124      * Determines if the given user is authorized to edit the given view
125      *
126      * @param view - view instance to check authorization for
127      * @param model - object containing the view data
128      * @param user - user to authorize
129      * @return boolean true if the user is authorized to edit the view, false otherwise
130      */
131     public boolean canEditView(View view, ViewModel model, Person user);
132 
133     /**
134      * Checks whether the mask authorization exists for the given property and if so whether the given user has the
135      * ability to unmask the value
136      *
137      * @param view - view instance the field belongs to
138      * @param model - object containing the view data
139      * @param field - field associated for the property and from which the
140      * {@link org.kuali.rice.krad.uif.component.ComponentSecurity} will be retrieved
141      * @param propertyName - name of the property associated with the field
142      * @param user - user we are authorizing
143      * @return boolean true if the value can be unmasked, false if it should be masked
144      */
145     public boolean canUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user);
146 
147     /**
148      * Checks whether the partial mask authorization exists for the given property and if so whether the given user
149      * has the ability to unmask the value
150      *
151      * @param view - view instance the field belongs to
152      * @param model - object containing the view data
153      * @param field - field associated for the property and from which the
154      * {@link org.kuali.rice.krad.uif.component.ComponentSecurity} will be retrieved
155      * @param propertyName - name of the property associated with the field
156      * @param user - user we are authorizing
157      * @return boolean true if the value can be unmasked, false if it should be partially masked
158      */
159     public boolean canPartialUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user);
160 
161     public boolean canEditField(View view, ViewModel model, Field field, String propertyName, Person user);
162 
163     public boolean canViewField(View view, ViewModel model, Field field, String propertyName, Person user);
164 
165     public boolean canEditGroup(View view, ViewModel model, Group group, String groupId, Person user);
166 
167     public boolean canViewGroup(View view, ViewModel model, Group group, String groupId, Person user);
168 
169     public boolean canEditWidget(View view, ViewModel model, Widget widget, String widgetId, Person user);
170 
171     public boolean canViewWidget(View view, ViewModel model, Widget widget, String widgetId, Person user);
172 
173     public boolean canPerformAction(View view, ViewModel model, ActionField actionField, String actionEvent,
174             String actionId, Person user);
175 
176     public boolean canEditLine(View view, ViewModel model, CollectionGroup collectionGroup,
177             String collectionPropertyName, Object line, Person user);
178 
179     public boolean canViewLine(View view, ViewModel model, CollectionGroup collectionGroup,
180             String collectionPropertyName, Object line, Person user);
181 
182     public boolean canEditLineField(View view, ViewModel model, CollectionGroup collectionGroup,
183             String collectionPropertyName, Object line, Field field, String propertyName, Person user);
184 
185     public boolean canViewLineField(View view, ViewModel model, CollectionGroup collectionGroup,
186             String collectionPropertyName, Object line, Field field, String propertyName, Person user);
187 
188     public boolean canPerformLineAction(View view, ViewModel model, CollectionGroup collectionGroup,
189             String collectionPropertyName, Object line, ActionField actionField, String actionEvent, String actionId,
190             Person user);
191 
192 }