|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.kuali.rice.krad.bo.DataObjectAuthorizerBase org.kuali.rice.krad.uif.view.ViewAuthorizerBase
public class ViewAuthorizerBase
Implementation of ViewAuthorizer
that verifies authorization with KIM permission checks
Each permission goes through one of the isAuthorized methods provided by
DataObjectAuthorizer
, these in turn call DataObjectAuthorizerBase.addPermissionDetails(Object, java.util.Map)
and DataObjectAuthorizerBase.addRoleQualification(Object, java.util.Map)
for building the permission and role maps to send with
the permission check. Subclasses can override these methods to add additional attributes
Constructor Summary | |
---|---|
ViewAuthorizerBase()
|
Method Summary | |
---|---|
boolean |
canEditField(View view,
ViewModel model,
Field field,
String propertyName,
Person user)
|
boolean |
canEditGroup(View view,
ViewModel model,
Group group,
String groupId,
Person user)
|
boolean |
canEditLine(View view,
ViewModel model,
CollectionGroup collectionGroup,
String collectionPropertyName,
Object line,
Person user)
|
boolean |
canEditLineField(View view,
ViewModel model,
CollectionGroup collectionGroup,
String collectionPropertyName,
Object line,
Field field,
String propertyName,
Person user)
|
boolean |
canEditView(View view,
ViewModel model,
Person user)
Checks for an edit view permission for the view id, and if found verifies the user has that permission |
boolean |
canEditWidget(View view,
ViewModel model,
Widget widget,
String widgetId,
Person user)
|
boolean |
canOpenView(View view,
ViewModel model,
Person user)
Checks for an open view permission for the view id, and if found verifies the user has that permission |
boolean |
canPartialUnmaskField(View view,
ViewModel model,
DataField field,
String propertyName,
Person user)
Checks whether the partial mask authorization exists for the given property and if so whether the given user has the ability to unmask the value |
boolean |
canPerformAction(View view,
ViewModel model,
Action action,
String actionEvent,
String actionId,
Person user)
|
boolean |
canPerformLineAction(View view,
ViewModel model,
CollectionGroup collectionGroup,
String collectionPropertyName,
Object line,
Action action,
String actionEvent,
String actionId,
Person user)
|
boolean |
canUnmaskField(View view,
ViewModel model,
DataField field,
String propertyName,
Person user)
Checks whether the mask authorization exists for the given property and if so whether the given user has the ability to unmask the value |
boolean |
canViewField(View view,
ViewModel model,
Field field,
String propertyName,
Person user)
|
boolean |
canViewGroup(View view,
ViewModel model,
Group group,
String groupId,
Person user)
|
boolean |
canViewLine(View view,
ViewModel model,
CollectionGroup collectionGroup,
String collectionPropertyName,
Object line,
Person user)
|
boolean |
canViewLineField(View view,
ViewModel model,
CollectionGroup collectionGroup,
String collectionPropertyName,
Object line,
Field field,
String propertyName,
Person user)
|
boolean |
canViewWidget(View view,
ViewModel model,
Widget widget,
String widgetId,
Person user)
|
Set<String> |
getActionFlags(View view,
ViewModel model,
Person user,
Set<String> actions)
Returns the set of action flags that are authorized for the given user |
protected Map<String,String> |
getActionPermissionDetails(View view,
Object dataObject,
Action action)
Builds the permission details map for an action which includes the namespace, view id, and action id and event |
protected ConfigurationService |
getConfigurationService()
|
protected Object |
getDataObjectContext(View view,
ViewModel model)
Retrieves the object from the model that is used as the context for permission checks |
Set<String> |
getEditModes(View view,
ViewModel model,
Person user,
Set<String> editModes)
Returns the set of edit modes that are authorized for the given user |
protected Map<String,String> |
getFieldPermissionDetails(View view,
Object dataObject,
Field field)
Builds the permission details map for a field which includes the component namespace, component name, and field id, in addition to property name for data binding fields |
protected Map<String,String> |
getGroupPermissionDetails(View view,
Object dataObject,
Group group)
Builds the permission details map for a group which includes the component namespace, component name, and group id, in addition to property name for collection groups |
protected Map<String,String> |
getWidgetPermissionDetails(View view,
Object dataObject,
Widget widget)
Builds the permission details map for a widget which includes the namespace, view id, and widget id |
protected boolean |
isAuthorizedByTemplate(View view,
Component component,
ViewModel model,
String permissionTemplateName,
Person user,
Map<String,String> additionalPermissionDetails,
Map<String,String> additionalRoleQualifications,
boolean checkPermissionExistence)
Performs a permission check for the given template name in the context of the given view and component |
void |
setConfigurationService(ConfigurationService configurationService)
|
Methods inherited from class org.kuali.rice.krad.bo.DataObjectAuthorizerBase |
---|
addPermissionDetails, addRoleQualification, getPermissionDetailValues, getPermissionService, getPersonService, getRoleQualification, isAuthorized, isAuthorized, isAuthorizedByTemplate, isAuthorizedByTemplate, permissionExistsByTemplate, permissionExistsByTemplate, permissionExistsByTemplate |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public ViewAuthorizerBase()
Method Detail |
---|
public Set<String> getActionFlags(View view, ViewModel model, Person user, Set<String> actions)
ViewAuthorizer
Action flags are created for views to indicate some action or feature should be enabled. These flags can be
used within expressions for configuring the view content.
For example:
For each action flag, KIM is consulted to determine if a permission exist for the template associated with the action flag. If so, a check is then made to determine if the user has that permission. If the permission fails for the user, the action flag is removed from the returned set.
The Set of available action flags should first be exported by the
ViewPresentationController.getActionFlags(View, org.kuali.rice.krad.web.form.UifFormBase)
method. The
set returned from this method will be passed as the method argument here by the framework.
getActionFlags
in interface ViewAuthorizer
view
- - view instance the action flags apply tomodel
- - object containing the view datauser
- - user we are authorizing the actions foractions
- - set of action flags to authorize
ViewAuthorizer#getActionFlags(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel,
org.kuali.rice.kim.api.identity.Person, java.util.Set)
public Set<String> getEditModes(View view, ViewModel model, Person user, Set<String> editModes)
ViewAuthorizer
An edit mode is a string that identifies a set of editable fields within the view. These are generally used
when the entire view is not editable, but only certain fields. A field can be associated with an edit mode in
two ways. The first is by using the edit mode in an expression when setting the field readOnly property.
For example:
ViewPresentationController.canEditField(View, ViewModel, org.kuali.rice.krad.uif.field.Field, String)
method which can look at the edit modes map on the view to determine if the given field should be editable.
For each edit mode, KIM is consulted to determine if a permission exist for the 'Use View' template and the edit mode detail. If so, a check is then made to determine if the user has that permission. If the permission fails for the user, the edit mode is removed from the returned set.
The Set of available edit modes should first be exported by the
ViewPresentationController.getEditModes(View, org.kuali.rice.krad.web.form.UifFormBase)
method. The
set returned from this method will be passed as the method argument here by the framework.
getEditModes
in interface ViewAuthorizer
view
- - view instance the edit modes apply tomodel
- - object containing the view datauser
- - user we are authorizing the actions foreditModes
- - set of edit modes to authorize
ViewAuthorizer#getEditModes(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel,
org.kuali.rice.kim.api.identity.Person, java.util.Set)
public boolean canOpenView(View view, ViewModel model, Person user)
canOpenView
in interface ViewAuthorizer
view
- - view instance to check authorization formodel
- - object containing the view datauser
- - user to authorize
ViewAuthorizer.canOpenView(View, ViewModel, org.kuali.rice.kim.api.identity.Person)
public boolean canEditView(View view, ViewModel model, Person user)
canEditView
in interface ViewAuthorizer
view
- - view instance to check authorization formodel
- - object containing the view datauser
- - user to authorize
ViewAuthorizer.canEditView(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel,
org.kuali.rice.kim.api.identity.Person)
public boolean canUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user)
ViewAuthorizer
canUnmaskField
in interface ViewAuthorizer
view
- - view instance the field belongs tomodel
- - object containing the view datafield
- - field associated for the property and from which the
ComponentSecurity
will be retrievedpropertyName
- - name of the property associated with the fielduser
- - user we are authorizing
ViewAuthorizer.canUnmaskField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel,
org.kuali.rice.krad.uif.field.DataField, java.lang.String, org.kuali.rice.kim.api.identity.Person)
public boolean canPartialUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user)
ViewAuthorizer
canPartialUnmaskField
in interface ViewAuthorizer
view
- - view instance the field belongs tomodel
- - object containing the view datafield
- - field associated for the property and from which the
ComponentSecurity
will be retrievedpropertyName
- - name of the property associated with the fielduser
- - user we are authorizing
ViewAuthorizer.canPartialUnmaskField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel,
org.kuali.rice.krad.uif.field.DataField, java.lang.String, org.kuali.rice.kim.api.identity.Person)
public boolean canEditField(View view, ViewModel model, Field field, String propertyName, Person user)
canEditField
in interface ViewAuthorizer
ViewAuthorizer.canEditField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel,
org.kuali.rice.krad.uif.field.Field, java.lang.String, org.kuali.rice.kim.api.identity.Person)
public boolean canViewField(View view, ViewModel model, Field field, String propertyName, Person user)
canViewField
in interface ViewAuthorizer
ViewAuthorizer.canViewField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel,
org.kuali.rice.krad.uif.field.Field, java.lang.String, org.kuali.rice.kim.api.identity.Person)
public boolean canEditGroup(View view, ViewModel model, Group group, String groupId, Person user)
canEditGroup
in interface ViewAuthorizer
ViewAuthorizer.canEditGroup(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel,
org.kuali.rice.krad.uif.container.Group, java.lang.String, org.kuali.rice.kim.api.identity.Person)
public boolean canViewGroup(View view, ViewModel model, Group group, String groupId, Person user)
canViewGroup
in interface ViewAuthorizer
ViewAuthorizer.canViewGroup(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel,
org.kuali.rice.krad.uif.container.Group, java.lang.String, org.kuali.rice.kim.api.identity.Person)
public boolean canEditWidget(View view, ViewModel model, Widget widget, String widgetId, Person user)
canEditWidget
in interface ViewAuthorizer
ViewAuthorizer.canEditWidget(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel,
org.kuali.rice.krad.uif.widget.Widget, java.lang.String, org.kuali.rice.kim.api.identity.Person)
public boolean canViewWidget(View view, ViewModel model, Widget widget, String widgetId, Person user)
canViewWidget
in interface ViewAuthorizer
ViewAuthorizer.canViewWidget(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel,
org.kuali.rice.krad.uif.widget.Widget, java.lang.String, org.kuali.rice.kim.api.identity.Person)
public boolean canPerformAction(View view, ViewModel model, Action action, String actionEvent, String actionId, Person user)
canPerformAction
in interface ViewAuthorizer
ViewAuthorizer.canPerformAction(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel,
org.kuali.rice.krad.uif.element.Action, java.lang.String, java.lang.String, org.kuali.rice.kim.api.identity.Person)
public boolean canEditLine(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Person user)
canEditLine
in interface ViewAuthorizer
public boolean canViewLine(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Person user)
canViewLine
in interface ViewAuthorizer
public boolean canEditLineField(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Field field, String propertyName, Person user)
canEditLineField
in interface ViewAuthorizer
public boolean canViewLineField(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Field field, String propertyName, Person user)
canViewLineField
in interface ViewAuthorizer
public boolean canPerformLineAction(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Action action, String actionEvent, String actionId, Person user)
canPerformLineAction
in interface ViewAuthorizer
protected Object getDataObjectContext(View view, ViewModel model)
Used to derive namespace and component details. Subclasses can override to return the object to be used
view
- view instance the permission checks are being done formodel
- model object containing the data and from which the data object should be pulled
protected Map<String,String> getFieldPermissionDetails(View view, Object dataObject, Field field)
view
- view instance the field belongs todataObject
- default object from the data model (used for subclasses to build details)field
- field instance the details are being built for
protected Map<String,String> getGroupPermissionDetails(View view, Object dataObject, Group group)
view
- view instance the group belongs todataObject
- default object from the data model (used for subclasses to build details)group
- group instance the details are being built for
protected Map<String,String> getWidgetPermissionDetails(View view, Object dataObject, Widget widget)
view
- view instance the widget belongs todataObject
- default object from the data model (used for subclasses to build details)widget
- group instance the details are being built for
protected Map<String,String> getActionPermissionDetails(View view, Object dataObject, Action action)
view
- view instance the widget belongs todataObject
- default object from the data model (used for subclasses to build details)action
- action instance the details are being built for
protected boolean isAuthorizedByTemplate(View view, Component component, ViewModel model, String permissionTemplateName, Person user, Map<String,String> additionalPermissionDetails, Map<String,String> additionalRoleQualifications, boolean checkPermissionExistence)
First standard permission details are added based on the type of component the permission check is being
done for.
Then the ComponentSecurity
of the given component is used to pick up additional permission details and
role qualifiers.
view
- view instance the component belongs tocomponent
- component instance the permission check is being done formodel
- object containing the views datapermissionTemplateName
- template name for the permission to checkuser
- user to perform the authorization foradditionalPermissionDetails
- additional key/value pairs to pass with the permission detailsadditionalRoleQualifications
- additional key/value paris to pass with the role qualifierscheckPermissionExistence
- boolean indicating whether the existence of the permission should be checked
before performing the authorization
protected ConfigurationService getConfigurationService()
public void setConfigurationService(ConfigurationService configurationService)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |