001    /**
002     * Copyright 2005-2013 The Kuali Foundation
003     *
004     * Licensed under the Educational Community License, Version 2.0 (the "License");
005     * you may not use this file except in compliance with the License.
006     * You may obtain a copy of the License at
007     *
008     * http://www.opensource.org/licenses/ecl2.php
009     *
010     * Unless required by applicable law or agreed to in writing, software
011     * distributed under the License is distributed on an "AS IS" BASIS,
012     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013     * See the License for the specific language governing permissions and
014     * limitations under the License.
015     */
016    package org.kuali.rice.kim.rules.ui;
017    
018    import org.apache.commons.lang.StringUtils;
019    import org.kuali.rice.core.api.util.RiceKeyConstants;
020    import org.kuali.rice.kim.api.KimConstants;
021    import org.kuali.rice.kim.api.permission.Permission;
022    import org.kuali.rice.kim.bo.ui.KimDocumentRolePermission;
023    import org.kuali.rice.kim.document.IdentityManagementRoleDocument;
024    import org.kuali.rice.kim.rule.event.ui.AddPermissionEvent;
025    import org.kuali.rice.kim.rule.ui.AddPermissionRule;
026    import org.kuali.rice.kns.rules.DocumentRuleBase;
027    import org.kuali.rice.krad.util.GlobalVariables;
028    
029    import java.util.HashMap;
030    import java.util.Map;
031    
032    /**
033     * This is a description of what this class does - shyu don't forget to fill this in. 
034     * 
035     * @author Kuali Rice Team (rice.collab@kuali.org)
036     *
037     */
038    public class KimDocumentPermissionRule extends DocumentRuleBase implements AddPermissionRule {
039    
040            public static final String ERROR_PATH = "document.permission.permissionId";
041            
042            public boolean processAddPermission(AddPermissionEvent addPermissionEvent) {
043                    KimDocumentRolePermission newPermission = addPermissionEvent.getPermission();
044                    if(newPermission==null || StringUtils.isEmpty(newPermission.getPermissionId())){
045                            GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, new String[] {"Permission"});
046                            return false;
047                    }
048    
049                    Permission kimPermissionInfo = newPermission.getPermission();
050                    if(kimPermissionInfo==null){
051                            GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, new String[] {"Permission"});
052                            return false;
053                    }
054                boolean rulePassed = true;
055                    IdentityManagementRoleDocument document = (IdentityManagementRoleDocument)addPermissionEvent.getDocument();
056                    if(!hasPermissionToGrantPermission(kimPermissionInfo, document)){
057                    GlobalVariables.getMessageMap().putError(KimDocumentPermissionRule.ERROR_PATH, RiceKeyConstants.ERROR_ASSIGN_PERMISSION, 
058                                    new String[] {kimPermissionInfo.getNamespaceCode(), kimPermissionInfo.getTemplate().getName()});
059                    return false;
060                    }
061    
062                    if (newPermission == null || StringUtils.isBlank(newPermission.getPermissionId())) {
063                rulePassed = false;
064                GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, new String[] {"Permission"});
065            } else {
066                        int i = 0;
067                    for (KimDocumentRolePermission permission: document.getPermissions()) {
068                            if (permission.getPermissionId().equals(newPermission.getPermissionId())) {
069                                rulePassed = false;
070                                GlobalVariables.getMessageMap().putError("document.permissions["+i+"].permissionId", RiceKeyConstants.ERROR_DUPLICATE_ENTRY, new String[] {"Permission"});
071                            }
072                            i++;
073                        }
074            }
075                    return rulePassed;
076            } 
077    
078            public boolean hasPermissionToGrantPermission(Permission kimPermissionInfo , IdentityManagementRoleDocument document){
079                    Map<String,String> permissionDetails = new HashMap<String,String>();
080                    permissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, kimPermissionInfo.getNamespaceCode());
081                    permissionDetails.put(KimConstants.AttributeConstants.PERMISSION_NAME, kimPermissionInfo.getTemplate().getName());
082                    if (!getDocumentDictionaryService().getDocumentAuthorizer(document).isAuthorizedByTemplate(
083                                    document, 
084                                    KimConstants.NAMESPACE_CODE, 
085                                    KimConstants.PermissionTemplateNames.GRANT_PERMISSION,
086                                    GlobalVariables.getUserSession().getPerson().getPrincipalId(), 
087                                    permissionDetails, null)) {
088                    return false;
089                    }
090                    return true;
091            }
092            
093    }