1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package org.kuali.rice.krad.bo;
17
18 import org.kuali.rice.kim.api.KimConstants;
19 import org.kuali.rice.kim.api.identity.PersonService;
20 import org.kuali.rice.kim.api.permission.PermissionService;
21 import org.kuali.rice.kim.api.services.KimApiServiceLocator;
22 import org.kuali.rice.krad.util.KRADUtils;
23
24 import java.io.Serializable;
25 import java.util.HashMap;
26 import java.util.Map;
27
28
29
30
31 public class DataObjectAuthorizerBase implements DataObjectAuthorizer, Serializable {
32 private static final long serialVersionUID = 3987953326458974964L;
33
34
35
36
37 public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,
38 String principalId) {
39 return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName,
40 new HashMap<String, String>(getRoleQualification(dataObject, principalId)));
41 }
42
43
44
45
46
47 public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
48 String principalId) {
49 return getPermissionService().isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName,
50 new HashMap<String, String>(getPermissionDetailValues(dataObject)), new HashMap<String, String>(
51 (getRoleQualification(dataObject, principalId))));
52 }
53
54
55
56
57 public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,
58 String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
59 Map<String, String> collectionOrFieldLevelRoleQualification) {
60 Map<String, String> roleQualifiers;
61 Map<String, String> permissionDetails;
62 if (collectionOrFieldLevelRoleQualification != null) {
63 roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
64 roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
65 } else {
66 roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
67 }
68
69 if (collectionOrFieldLevelPermissionDetails != null) {
70 permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
71 permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
72 } else {
73 permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
74 }
75
76 return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName, roleQualifiers);
77 }
78
79
80
81
82
83 public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
84 String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
85 Map<String, String> collectionOrFieldLevelRoleQualification) {
86 Map<String, String> roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
87 Map<String, String> permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
88
89 if (collectionOrFieldLevelRoleQualification != null) {
90 roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
91 }
92
93 if (collectionOrFieldLevelPermissionDetails != null) {
94 permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
95 }
96
97 return getPermissionService().isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName,
98 permissionDetails, roleQualifiers);
99 }
100
101
102
103
104
105
106
107
108
109
110 protected void addRoleQualification(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
111 addStandardAttributes(primaryDataObjectOrDocument, attributes);
112 }
113
114
115
116
117
118
119
120
121
122 protected void addPermissionDetails(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
123 addStandardAttributes(primaryDataObjectOrDocument, attributes);
124 }
125
126
127
128
129
130
131
132 private void addStandardAttributes(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
133 attributes.putAll(KRADUtils.getNamespaceAndComponentSimpleName(primaryDataObjectOrDocument.getClass()));
134 }
135
136 protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
137 String permissionTemplateName) {
138 return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
139 new HashMap<String, String>(getPermissionDetailValues(dataObject)));
140 }
141
142 protected final boolean permissionExistsByTemplate(String namespaceCode, String permissionTemplateName,
143 Map<String, String> permissionDetails) {
144 return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
145 new HashMap<String, String>(permissionDetails));
146 }
147
148 protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
149 String permissionTemplateName, Map<String, String> permissionDetails) {
150 Map<String, String> combinedPermissionDetails = new HashMap<String, String>(getPermissionDetailValues(
151 dataObject));
152 combinedPermissionDetails.putAll(permissionDetails);
153
154 return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
155 combinedPermissionDetails);
156 }
157
158
159
160
161
162
163
164
165
166 protected final Map<String, String> getRoleQualification(Object primaryDataObjectOrDocument, String principalId) {
167 Map<String, String> roleQualification = new HashMap<String, String>();
168 addRoleQualification(primaryDataObjectOrDocument, roleQualification);
169 roleQualification.put(KimConstants.AttributeConstants.PRINCIPAL_ID, principalId);
170
171 return roleQualification;
172 }
173
174
175
176
177
178
179
180
181
182 protected final Map<String, String> getPermissionDetailValues(Object primaryDataObjectOrDocument) {
183 Map<String, String> permissionDetails = new HashMap<String, String>();
184 addPermissionDetails(primaryDataObjectOrDocument, permissionDetails);
185
186 return permissionDetails;
187 }
188
189 protected static PermissionService getPermissionService() {
190 return KimApiServiceLocator.getPermissionService();
191 }
192
193 protected static PersonService getPersonService() {
194 return KimApiServiceLocator.getPersonService();
195 }
196 }