View Javadoc

1   /**
2    * Copyright 2005-2013 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kew.impl.document.security;
17  
18  import org.apache.commons.lang.StringUtils;
19  import org.kuali.rice.core.api.exception.RiceIllegalArgumentException;
20  import org.kuali.rice.kew.api.document.Document;
21  import org.kuali.rice.kew.api.extension.ExtensionDefinition;
22  import org.kuali.rice.kew.api.extension.ExtensionRepositoryService;
23  import org.kuali.rice.kew.api.extension.ExtensionUtils;
24  import org.kuali.rice.kew.framework.document.security.DocumentSecurityDirective;
25  import org.kuali.rice.kew.framework.document.security.DocumentSecurityHandlerService;
26  import org.kuali.rice.kew.framework.document.security.DocumentSecurityAttribute;
27  
28  import java.util.ArrayList;
29  import java.util.Collections;
30  import java.util.HashMap;
31  import java.util.List;
32  import java.util.Map;
33  
34  /**
35   * Reference implementation of the DocumentSecurityHandlerService.
36   *
37   * @author Kuali Rice Team (rice.collab@kuali.org)
38   */
39  public class DocumentSecurityHandlerServiceImpl implements DocumentSecurityHandlerService {
40  
41      private ExtensionRepositoryService extensionRepositoryService;
42  
43      @Override
44      public List<String> getAuthorizedDocumentIds(String principalId, List<DocumentSecurityDirective> documentSecurityDirectives ) {
45          if (StringUtils.isBlank(principalId)) {
46              throw new RiceIllegalArgumentException("principalId was null or blank");
47          }
48          if (documentSecurityDirectives == null) {
49              documentSecurityDirectives = Collections.emptyList();
50          }
51          List<String> authorizedDocumentIds = new ArrayList<String>();
52          Map<String, DocumentSecurityAttribute> securityAttributeCache = new HashMap<String, DocumentSecurityAttribute>();
53          for (DocumentSecurityDirective documentSecurityDirective : documentSecurityDirectives) {
54              List<DocumentSecurityAttribute> attributesToApply = loadSecurityAttributes(documentSecurityDirective, securityAttributeCache);
55              for (Document document : documentSecurityDirective.getDocuments()) {
56                  // if it's already authorized, we don't need to do anything
57                  if (!authorizedDocumentIds.contains(document.getDocumentId())) {
58                      for (DocumentSecurityAttribute securityAttribute : attributesToApply) {
59                          if (securityAttribute.isAuthorizedForDocument(principalId, document)) {
60                              authorizedDocumentIds.add(document.getDocumentId());
61                              break;
62                          }
63                      }
64                  }
65              }
66          }
67          return authorizedDocumentIds;
68      }
69  
70      protected List<DocumentSecurityAttribute> loadSecurityAttributes(DocumentSecurityDirective documentSecurityDirective,
71              Map<String, DocumentSecurityAttribute> securityAttributeCache) {
72          List<DocumentSecurityAttribute> securityAttributes = new ArrayList<DocumentSecurityAttribute>();
73          for (String documentSecurityAttributeName : documentSecurityDirective.getDocumentSecurityAttributeNames()) {
74              securityAttributes.add(loadAndCacheSecurityAttribute(documentSecurityAttributeName, securityAttributeCache));
75          }
76          return securityAttributes;
77      }
78  
79      protected DocumentSecurityAttribute loadAndCacheSecurityAttribute(String securityAttributeName, Map<String, DocumentSecurityAttribute> securityAttributeCache) {
80          if (securityAttributeCache.containsKey(securityAttributeName)) {
81              return securityAttributeCache.get(securityAttributeName);
82          }
83          ExtensionDefinition extensionDefinition = extensionRepositoryService.getExtensionByName(securityAttributeName);
84          if (extensionDefinition == null) {
85              throw new RiceIllegalArgumentException("Failed to locate a SecurityAttribute with the given name: " + securityAttributeName);
86          }
87          DocumentSecurityAttribute securityAttribute = loadSecurityAttribute(extensionDefinition);
88          securityAttributeCache.put(securityAttributeName, securityAttribute);
89          return securityAttribute;
90      }
91  
92      protected DocumentSecurityAttribute loadSecurityAttribute(ExtensionDefinition extensionDefinition) {
93          Object securityAttribute = ExtensionUtils.loadExtension(extensionDefinition);
94          if (securityAttribute == null) {
95              throw new RiceIllegalArgumentException("Failed to load SecurityAttribute for: " + extensionDefinition);
96          }
97          return (DocumentSecurityAttribute)securityAttribute;
98      }
99  
100     public ExtensionRepositoryService getExtensionRepositoryService() {
101         return extensionRepositoryService;
102     }
103 
104     public void setExtensionRepositoryService(ExtensionRepositoryService extensionRepositoryService) {
105         this.extensionRepositoryService = extensionRepositoryService;
106     }
107 
108 }