001/** 002 * Copyright 2005-2016 The Kuali Foundation 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.kuali.rice.krad.web.controller; 017 018import java.util.HashMap; 019import java.util.Map; 020 021import javax.servlet.http.HttpServletRequest; 022import javax.servlet.http.HttpServletResponse; 023 024import org.apache.commons.lang.StringUtils; 025import org.apache.log4j.Logger; 026import org.kuali.rice.kim.api.KimConstants; 027import org.kuali.rice.kim.api.services.KimApiServiceLocator; 028import org.kuali.rice.krad.service.KRADServiceLocatorWeb; 029import org.kuali.rice.krad.service.KualiModuleService; 030import org.kuali.rice.krad.service.ModuleService; 031import org.kuali.rice.krad.util.GlobalVariables; 032import org.kuali.rice.krad.util.KRADConstants; 033import org.springframework.web.servlet.HandlerInterceptor; 034import org.springframework.web.servlet.ModelAndView; 035 036/** 037 * Interceptor which checks whether the module the request was made for is locked and if so forwards the 038 * request to the module locked controller 039 * 040 * @author Kuali Rice Team (rice.collab@kuali.org) 041 */ 042public class ModuleLockingHandlerInterceptor implements HandlerInterceptor { 043 private static final Logger LOG = Logger.getLogger(ModuleLockingHandlerInterceptor.class); 044 045 private KualiModuleService kualiModuleService; 046 private String moduleLockedMapping; 047 048 /** 049 * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest, 050 * javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception) 051 */ 052 @Override 053 public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, 054 Exception exception) throws Exception { 055 // do nothing 056 } 057 058 /** 059 * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest, 060 * javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView) 061 */ 062 @Override 063 public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, 064 ModelAndView modelAndview) throws Exception { 065 // do nothing 066 } 067 068 /** 069 * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, 070 * javax.servlet.http.HttpServletResponse, java.lang.Object) 071 */ 072 @Override 073 public boolean preHandle(HttpServletRequest request, HttpServletResponse response, 074 Object handler) throws Exception { 075 if (isModuleLocked(request)) { 076 response.sendRedirect(this.getModuleLockedMapping() + "?" + ModuleLockedController.MODULE_PARAMETER 077 + "=" + getModuleService(request).getModuleConfiguration().getNamespaceCode()); 078 079 return false; 080 } 081 082 return true; 083 } 084 085 /** 086 * Determines the module associated with the given request and then checks whether the module is locked 087 * 088 * @param request request object to pull parameters from 089 * @return boolean true if the associated module is locked, false if not or no associated module was found 090 */ 091 protected boolean isModuleLocked(HttpServletRequest request) { 092 ModuleService moduleService = getModuleService(request); 093 094 if (moduleService != null && moduleService.isLocked()) { 095 String principalId = GlobalVariables.getUserSession().getPrincipalId(); 096 String namespaceCode = KRADConstants.KUALI_RICE_SYSTEM_NAMESPACE; 097 String permissionName = KimConstants.PermissionNames.ACCESS_LOCKED_MODULE; 098 099 Map<String, String> permissionDetails = new HashMap<String, String>(); 100 Map<String, String> qualification = new HashMap<String, String>(); 101 if (!KimApiServiceLocator.getPermissionService().isAuthorized(principalId, namespaceCode, permissionName, 102 qualification)) { 103 return true; 104 } 105 } 106 107 return false; 108 } 109 110 /** 111 * Retrieves the module service that is associated with the data object class given through the request 112 * 113 * @param request request object to check parameters for 114 * @return ModuleService module service for data object (if found) or null 115 */ 116 protected ModuleService getModuleService(HttpServletRequest request) { 117 String boClass = request.getParameter(KRADConstants.BUSINESS_OBJECT_CLASS_ATTRIBUTE); 118 if (StringUtils.isBlank(boClass)) { 119 boClass = request.getParameter(KRADConstants.DATA_OBJECT_CLASS_ATTRIBUTE); 120 } 121 122 ModuleService moduleService = null; 123 if (StringUtils.isNotBlank(boClass)) { 124 try { 125 moduleService = getKualiModuleService().getResponsibleModuleService(Class.forName(boClass)); 126 } catch (ClassNotFoundException classNotFoundException) { 127 LOG.warn("BO class not found: " + boClass, classNotFoundException); 128 } 129 } else { 130 moduleService = getKualiModuleService().getResponsibleModuleService(this.getClass()); 131 } 132 133 return moduleService; 134 } 135 136 public String getModuleLockedMapping() { 137 return this.moduleLockedMapping; 138 } 139 140 public void setModuleLockedMapping(String moduleLockedMapping) { 141 this.moduleLockedMapping = moduleLockedMapping; 142 } 143 144 public void setKualiModuleService(KualiModuleService kualiModuleService) { 145 this.kualiModuleService = kualiModuleService; 146 } 147 148 protected KualiModuleService getKualiModuleService() { 149 if (kualiModuleService == null) { 150 kualiModuleService = KRADServiceLocatorWeb.getKualiModuleService(); 151 } 152 return kualiModuleService; 153 } 154}