org.kuali.rice.krad.uif.view
Class ViewAuthorizerBase

java.lang.Object
  extended by org.kuali.rice.krad.bo.DataObjectAuthorizerBase
      extended by org.kuali.rice.krad.uif.view.ViewAuthorizerBase
All Implemented Interfaces:
Serializable, DataObjectAuthorizer, ViewAuthorizer
Direct Known Subclasses:
DocumentViewAuthorizerBase, InquiryViewAuthorizerBase, LookupViewAuthorizerBase

public class ViewAuthorizerBase
extends DataObjectAuthorizerBase
implements ViewAuthorizer

Implementation of ViewAuthorizer that verifies authorization with KIM permission checks

Each permission goes through one of the isAuthorized methods provided by DataObjectAuthorizer, these in turn call DataObjectAuthorizerBase.addPermissionDetails(Object, java.util.Map) and DataObjectAuthorizerBase.addRoleQualification(Object, java.util.Map) for building the permission and role maps to send with the permission check. Subclasses can override these methods to add additional attributes

Author:
Kuali Rice Team (rice.collab@kuali.org)
See Also:
Serialized Form

Constructor Summary
ViewAuthorizerBase()
           
 
Method Summary
 boolean canEditField(View view, ViewModel model, Field field, String propertyName, Person user)
           
 boolean canEditGroup(View view, ViewModel model, Group group, String groupId, Person user)
           
 boolean canEditLine(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Person user)
           
 boolean canEditLineField(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Field field, String propertyName, Person user)
           
 boolean canEditView(View view, ViewModel model, Person user)
          Checks for an edit view permission for the view id, and if found verifies the user has that permission
 boolean canEditWidget(View view, ViewModel model, Widget widget, String widgetId, Person user)
           
 boolean canOpenView(View view, ViewModel model, Person user)
          Checks for an open view permission for the view id, and if found verifies the user has that permission
 boolean canPartialUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user)
          Checks whether the partial mask authorization exists for the given property and if so whether the given user has the ability to unmask the value
 boolean canPerformAction(View view, ViewModel model, Action action, String actionEvent, String actionId, Person user)
           
 boolean canPerformLineAction(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Action action, String actionEvent, String actionId, Person user)
           
 boolean canUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user)
          Checks whether the mask authorization exists for the given property and if so whether the given user has the ability to unmask the value
 boolean canViewField(View view, ViewModel model, Field field, String propertyName, Person user)
           
 boolean canViewGroup(View view, ViewModel model, Group group, String groupId, Person user)
           
 boolean canViewLine(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Person user)
           
 boolean canViewLineField(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Field field, String propertyName, Person user)
           
 boolean canViewWidget(View view, ViewModel model, Widget widget, String widgetId, Person user)
           
 Set<String> getActionFlags(View view, ViewModel model, Person user, Set<String> actions)
          Returns the set of action flags that are authorized for the given user
protected  Map<String,String> getActionPermissionDetails(View view, Object dataObject, Action action)
          Builds the permission details map for an action which includes the namespace, view id, and action id and event
protected  ConfigurationService getConfigurationService()
           
protected  Object getDataObjectContext(View view, ViewModel model)
          Retrieves the object from the model that is used as the context for permission checks
 Set<String> getEditModes(View view, ViewModel model, Person user, Set<String> editModes)
          Returns the set of edit modes that are authorized for the given user
protected  Map<String,String> getFieldPermissionDetails(View view, Object dataObject, Field field)
          Builds the permission details map for a field which includes the component namespace, component name, and field id, in addition to property name for data binding fields
protected  Map<String,String> getGroupPermissionDetails(View view, Object dataObject, Group group)
          Builds the permission details map for a group which includes the component namespace, component name, and group id, in addition to property name for collection groups
protected  Map<String,String> getWidgetPermissionDetails(View view, Object dataObject, Widget widget)
          Builds the permission details map for a widget which includes the namespace, view id, and widget id
protected  boolean isAuthorizedByTemplate(View view, Component component, ViewModel model, String permissionTemplateName, Person user, Map<String,String> additionalPermissionDetails, Map<String,String> additionalRoleQualifications, boolean checkPermissionExistence)
          Performs a permission check for the given template name in the context of the given view and component
 void setConfigurationService(ConfigurationService configurationService)
           
 
Methods inherited from class org.kuali.rice.krad.bo.DataObjectAuthorizerBase
addPermissionDetails, addRoleQualification, getPermissionDetailValues, getPermissionService, getPersonService, getRoleQualification, isAuthorized, isAuthorized, isAuthorizedByTemplate, isAuthorizedByTemplate, permissionExistsByTemplate, permissionExistsByTemplate, permissionExistsByTemplate
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ViewAuthorizerBase

public ViewAuthorizerBase()
Method Detail

getActionFlags

public Set<String> getActionFlags(View view,
                                  ViewModel model,
                                  Person user,
                                  Set<String> actions)
Description copied from interface: ViewAuthorizer
Returns the set of action flags that are authorized for the given user

Action flags are created for views to indicate some action or feature should be enabled. These flags can be used within expressions for configuring the view content. For example:

For each action flag, KIM is consulted to determine if a permission exist for the template associated with the action flag. If so, a check is then made to determine if the user has that permission. If the permission fails for the user, the action flag is removed from the returned set.

The Set of available action flags should first be exported by the ViewPresentationController.getActionFlags(View, org.kuali.rice.krad.web.form.UifFormBase) method. The set returned from this method will be passed as the method argument here by the framework.

Specified by:
getActionFlags in interface ViewAuthorizer
Parameters:
view - - view instance the action flags apply to
model - - object containing the view data
user - - user we are authorizing the actions for
actions - - set of action flags to authorize
Returns:
Set set of action flags that have been authorized, this will be equal to or a subset of the actions passed in
See Also:
ViewAuthorizer#getActionFlags(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.kim.api.identity.Person, java.util.Set)

getEditModes

public Set<String> getEditModes(View view,
                                ViewModel model,
                                Person user,
                                Set<String> editModes)
Description copied from interface: ViewAuthorizer
Returns the set of edit modes that are authorized for the given user

An edit mode is a string that identifies a set of editable fields within the view. These are generally used when the entire view is not editable, but only certain fields. A field can be associated with an edit mode in two ways. The first is by using the edit mode in an expression when setting the field readOnly property. For example: The second way is with the ViewPresentationController.canEditField(View, ViewModel, org.kuali.rice.krad.uif.field.Field, String) method which can look at the edit modes map on the view to determine if the given field should be editable.

For each edit mode, KIM is consulted to determine if a permission exist for the 'Use View' template and the edit mode detail. If so, a check is then made to determine if the user has that permission. If the permission fails for the user, the edit mode is removed from the returned set.

The Set of available edit modes should first be exported by the ViewPresentationController.getEditModes(View, org.kuali.rice.krad.web.form.UifFormBase) method. The set returned from this method will be passed as the method argument here by the framework.

Specified by:
getEditModes in interface ViewAuthorizer
Parameters:
view - - view instance the edit modes apply to
model - - object containing the view data
user - - user we are authorizing the actions for
editModes - - set of edit modes to authorize
Returns:
Set set of edit modes that have been authorized, this will be equal to or a subset of the edit mode set passed in
See Also:
ViewAuthorizer#getEditModes(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.kim.api.identity.Person, java.util.Set)

canOpenView

public boolean canOpenView(View view,
                           ViewModel model,
                           Person user)
Checks for an open view permission for the view id, and if found verifies the user has that permission

Specified by:
canOpenView in interface ViewAuthorizer
Parameters:
view - - view instance to check authorization for
model - - object containing the view data
user - - user to authorize
Returns:
boolean true if the user is authorized to open the view, false otherwise
See Also:
ViewAuthorizer.canOpenView(View, ViewModel, org.kuali.rice.kim.api.identity.Person)

canEditView

public boolean canEditView(View view,
                           ViewModel model,
                           Person user)
Checks for an edit view permission for the view id, and if found verifies the user has that permission

Specified by:
canEditView in interface ViewAuthorizer
Parameters:
view - - view instance to check authorization for
model - - object containing the view data
user - - user to authorize
Returns:
boolean true if the user is authorized to edit the view, false otherwise
See Also:
ViewAuthorizer.canEditView(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.kim.api.identity.Person)

canUnmaskField

public boolean canUnmaskField(View view,
                              ViewModel model,
                              DataField field,
                              String propertyName,
                              Person user)
Description copied from interface: ViewAuthorizer
Checks whether the mask authorization exists for the given property and if so whether the given user has the ability to unmask the value

Specified by:
canUnmaskField in interface ViewAuthorizer
Parameters:
view - - view instance the field belongs to
model - - object containing the view data
field - - field associated for the property and from which the ComponentSecurity will be retrieved
propertyName - - name of the property associated with the field
user - - user we are authorizing
Returns:
boolean true if the value can be unmasked, false if it should be masked
See Also:
ViewAuthorizer.canUnmaskField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.field.DataField, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canPartialUnmaskField

public boolean canPartialUnmaskField(View view,
                                     ViewModel model,
                                     DataField field,
                                     String propertyName,
                                     Person user)
Description copied from interface: ViewAuthorizer
Checks whether the partial mask authorization exists for the given property and if so whether the given user has the ability to unmask the value

Specified by:
canPartialUnmaskField in interface ViewAuthorizer
Parameters:
view - - view instance the field belongs to
model - - object containing the view data
field - - field associated for the property and from which the ComponentSecurity will be retrieved
propertyName - - name of the property associated with the field
user - - user we are authorizing
Returns:
boolean true if the value can be unmasked, false if it should be partially masked
See Also:
ViewAuthorizer.canPartialUnmaskField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.field.DataField, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canEditField

public boolean canEditField(View view,
                            ViewModel model,
                            Field field,
                            String propertyName,
                            Person user)
Specified by:
canEditField in interface ViewAuthorizer
See Also:
ViewAuthorizer.canEditField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.field.Field, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canViewField

public boolean canViewField(View view,
                            ViewModel model,
                            Field field,
                            String propertyName,
                            Person user)
Specified by:
canViewField in interface ViewAuthorizer
See Also:
ViewAuthorizer.canViewField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.field.Field, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canEditGroup

public boolean canEditGroup(View view,
                            ViewModel model,
                            Group group,
                            String groupId,
                            Person user)
Specified by:
canEditGroup in interface ViewAuthorizer
See Also:
ViewAuthorizer.canEditGroup(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.container.Group, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canViewGroup

public boolean canViewGroup(View view,
                            ViewModel model,
                            Group group,
                            String groupId,
                            Person user)
Specified by:
canViewGroup in interface ViewAuthorizer
See Also:
ViewAuthorizer.canViewGroup(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.container.Group, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canEditWidget

public boolean canEditWidget(View view,
                             ViewModel model,
                             Widget widget,
                             String widgetId,
                             Person user)
Specified by:
canEditWidget in interface ViewAuthorizer
See Also:
ViewAuthorizer.canEditWidget(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.widget.Widget, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canViewWidget

public boolean canViewWidget(View view,
                             ViewModel model,
                             Widget widget,
                             String widgetId,
                             Person user)
Specified by:
canViewWidget in interface ViewAuthorizer
See Also:
ViewAuthorizer.canViewWidget(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.widget.Widget, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canPerformAction

public boolean canPerformAction(View view,
                                ViewModel model,
                                Action action,
                                String actionEvent,
                                String actionId,
                                Person user)
Specified by:
canPerformAction in interface ViewAuthorizer
See Also:
ViewAuthorizer.canPerformAction(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.element.Action, java.lang.String, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canEditLine

public boolean canEditLine(View view,
                           ViewModel model,
                           CollectionGroup collectionGroup,
                           String collectionPropertyName,
                           Object line,
                           Person user)
Specified by:
canEditLine in interface ViewAuthorizer

canViewLine

public boolean canViewLine(View view,
                           ViewModel model,
                           CollectionGroup collectionGroup,
                           String collectionPropertyName,
                           Object line,
                           Person user)
Specified by:
canViewLine in interface ViewAuthorizer

canEditLineField

public boolean canEditLineField(View view,
                                ViewModel model,
                                CollectionGroup collectionGroup,
                                String collectionPropertyName,
                                Object line,
                                Field field,
                                String propertyName,
                                Person user)
Specified by:
canEditLineField in interface ViewAuthorizer

canViewLineField

public boolean canViewLineField(View view,
                                ViewModel model,
                                CollectionGroup collectionGroup,
                                String collectionPropertyName,
                                Object line,
                                Field field,
                                String propertyName,
                                Person user)
Specified by:
canViewLineField in interface ViewAuthorizer

canPerformLineAction

public boolean canPerformLineAction(View view,
                                    ViewModel model,
                                    CollectionGroup collectionGroup,
                                    String collectionPropertyName,
                                    Object line,
                                    Action action,
                                    String actionEvent,
                                    String actionId,
                                    Person user)
Specified by:
canPerformLineAction in interface ViewAuthorizer

getDataObjectContext

protected Object getDataObjectContext(View view,
                                      ViewModel model)
Retrieves the object from the model that is used as the context for permission checks

Used to derive namespace and component details. Subclasses can override to return the object to be used

Parameters:
view - view instance the permission checks are being done for
model - model object containing the data and from which the data object should be pulled
Returns:
data object instance to use

getFieldPermissionDetails

protected Map<String,String> getFieldPermissionDetails(View view,
                                                       Object dataObject,
                                                       Field field)
Builds the permission details map for a field which includes the component namespace, component name, and field id, in addition to property name for data binding fields

Parameters:
view - view instance the field belongs to
dataObject - default object from the data model (used for subclasses to build details)
field - field instance the details are being built for
Returns:
permission details for the field

getGroupPermissionDetails

protected Map<String,String> getGroupPermissionDetails(View view,
                                                       Object dataObject,
                                                       Group group)
Builds the permission details map for a group which includes the component namespace, component name, and group id, in addition to property name for collection groups

Parameters:
view - view instance the group belongs to
dataObject - default object from the data model (used for subclasses to build details)
group - group instance the details are being built for
Returns:
permission details for the group

getWidgetPermissionDetails

protected Map<String,String> getWidgetPermissionDetails(View view,
                                                        Object dataObject,
                                                        Widget widget)
Builds the permission details map for a widget which includes the namespace, view id, and widget id

Parameters:
view - view instance the widget belongs to
dataObject - default object from the data model (used for subclasses to build details)
widget - group instance the details are being built for
Returns:
permission details for group

getActionPermissionDetails

protected Map<String,String> getActionPermissionDetails(View view,
                                                        Object dataObject,
                                                        Action action)
Builds the permission details map for an action which includes the namespace, view id, and action id and event

Parameters:
view - view instance the widget belongs to
dataObject - default object from the data model (used for subclasses to build details)
action - action instance the details are being built for
Returns:
permission details for action

isAuthorizedByTemplate

protected boolean isAuthorizedByTemplate(View view,
                                         Component component,
                                         ViewModel model,
                                         String permissionTemplateName,
                                         Person user,
                                         Map<String,String> additionalPermissionDetails,
                                         Map<String,String> additionalRoleQualifications,
                                         boolean checkPermissionExistence)
Performs a permission check for the given template name in the context of the given view and component

First standard permission details are added based on the type of component the permission check is being done for. Then the ComponentSecurity of the given component is used to pick up additional permission details and role qualifiers.

Parameters:
view - view instance the component belongs to
component - component instance the permission check is being done for
model - object containing the views data
permissionTemplateName - template name for the permission to check
user - user to perform the authorization for
additionalPermissionDetails - additional key/value pairs to pass with the permission details
additionalRoleQualifications - additional key/value paris to pass with the role qualifiers
checkPermissionExistence - boolean indicating whether the existence of the permission should be checked before performing the authorization
Returns:
whether or not the user has authorization; this will be the case if the user has been granted the permission or checkPermissionExistence is true and the permission does not exist

getConfigurationService

protected ConfigurationService getConfigurationService()

setConfigurationService

public void setConfigurationService(ConfigurationService configurationService)


Copyright © 2005-2014 The Kuali Foundation. All Rights Reserved.