Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.kuali.rice.kim.document.rule
Class IdentityManagementRoleDocumentRule

java.lang.Object
  extended by org.kuali.rice.krad.rules.DocumentRuleBase
      extended by org.kuali.rice.kns.rules.DocumentRuleBase
          extended by org.kuali.rice.kns.rules.TransactionalDocumentRuleBase
              extended by org.kuali.rice.kim.document.rule.IdentityManagementRoleDocumentRule
All Implemented Interfaces:
AddResponsibilityRule, AddDelegationMemberRule, AddDelegationRule, AddMemberRule, AddPermissionRule, AddAdHocRoutePersonRule, AddAdHocRouteWorkgroupRule, AddCollectionLineRule, AddNoteRule, ApproveDocumentRule, BusinessRule, CompleteDocumentRule, RouteDocumentRule, SaveDocumentRule, SendAdHocRequestsRule
public class IdentityManagementRoleDocumentRule
extends TransactionalDocumentRuleBase
implements AddPermissionRule, AddResponsibilityRule, AddMemberRule, AddDelegationRule, AddDelegationMemberRule

Author:
Kuali Rice Team (rice.collab@kuali.org)

Field Summary
protected  ActiveRoleMemberHelper activeRoleMemberHelper
           
protected  AddDelegationMemberRule addDelegationMemberRule
           
protected  Class<? extends AddDelegationMemberRule> addDelegationMemberRuleClass
           
protected  AddDelegationRule addDelegationRule
           
protected  Class<? extends AddDelegationRule> addDelegationRuleClass
           
protected  AddMemberRule addMemberRule
           
protected  Class<? extends AddMemberRule> addMemberRuleClass
           
protected  AddPermissionRule addPermissionRule
           
protected  Class<? extends AddPermissionRule> addPermissionRuleClass
           
protected  AddResponsibilityRule addResponsibilityRule
           
protected  Class<? extends AddResponsibilityRule> addResponsibilityRuleClass
           
protected  AttributeValidationHelper attributeValidationHelper
           
static int PRIORITY_NUMBER_MAX_VALUE
           
static int PRIORITY_NUMBER_MIN_VALUE
           
 
Constructor Summary
IdentityManagementRoleDocumentRule()
           
 
Method Summary
protected  boolean canUserAssignRoleMembers(IdentityManagementRoleDocument document)
           
protected  boolean checkForCircularRoleMembership(AddMemberEvent addMemberEvent)
          This method checks to see if adding a role to role membership creates a circular reference.
protected  Set<String> figureOutUniqueQualificationSet(List<KimDocumentRoleMember> memberships, List<KimAttributeField> attributeDefinitions)
          Finds the names of the unique qualification attributes which this role should be checking against
protected  Set<String> figureOutUniqueQualificationSetForDelegation(List<RoleDocumentDelegationMember> memberships, List<KimAttributeField> attributeDefinitions)
          Finds the names of the unique qualification attributes which this role should be checking against
 AddDelegationMemberRule getAddDelegationMemberRule()
           
 AddDelegationRule getAddDelegationRule()
           
 AddMemberRule getAddMemberRule()
           
 AddPermissionRule getAddPermissionRule()
           
 AddResponsibilityRule getAddResponsibilityRule()
           
protected  IdentityService getIdentityService()
           
 ResponsibilityInternalService getResponsibilityInternalService()
           
protected  KimDocumentRoleMember getRoleMemberForDelegation(List<KimDocumentRoleMember> roleMembers, RoleDocumentDelegationMember delegationMember, List<KimDocumentRoleMember> modifiedRoleMembers)
           
protected  RoleTypeService getRoleTypeService(KimType typeInfo)
           
protected  org.kuali.rice.kim.document.rule.IdentityManagementRoleDocumentRule.VersionedService<RoleTypeService> getVersionedRoleTypeService(KimType typeInfo)
           
 boolean hasPermissionToGrantPermission(Permission kimPermissionInfo, IdentityManagementRoleDocument document)
           
 boolean hasPermissionToGrantResponsibility(Responsibility kimResponsibilityInfo, IdentityManagementRoleDocument document)
           
 boolean processAddDelegation(AddDelegationEvent addDelegationEvent)
           
 boolean processAddDelegationMember(AddDelegationMemberEvent addDelegationMemberEvent)
           
 boolean processAddMember(AddMemberEvent addMemberEvent)
           
 boolean processAddPermission(AddPermissionEvent addPermissionEvent)
           
 boolean processAddResponsibility(AddResponsibilityEvent addResponsibilityEvent)
           
protected  boolean processCustomSaveDocumentBusinessRules(Document document)
          This method should be overridden by children rule classes as a hook to implement document specific business rule checks for the "save document" event.
protected  boolean sameDelegationMembership(RoleDocumentDelegationMember membershipA, RoleDocumentDelegationMember membershipB)
          Determines if two memberships represent the same member being added: that is, the two memberships have the same type code and id
protected  boolean sameMembership(KimDocumentRoleMember membershipA, KimDocumentRoleMember membershipB)
          Determines if two memberships represent the same member being added: that is, the two memberships have the same type code and id
protected  boolean sameUniqueDelegationMembershipQualifications(RoleDocumentDelegationMember membershipA, RoleDocumentDelegationMember membershipB, Set<String> uniqueAttributeIds)
          Given two memberships which represent the same member, do they share qualifications?
protected  boolean sameUniqueMembershipQualifications(KimDocumentRoleMember membershipA, KimDocumentRoleMember membershipB, Set<String> uniqueAttributeIds)
          Given two memberships which represent the same member, do they share qualifications?
protected  boolean validateActiveDate(String errorPath, Timestamp activeFromDate, Timestamp activeToDate)
           
protected  boolean validateDelegationMemberRoleQualifier(List<KimDocumentRoleMember> modifiedRoleMembers, List<RoleDocumentDelegationMember> delegationMembers, KimType kimType, List<KimDocumentRoleMember> nonModifiedRoleMembers)
           
protected  boolean validateRoleQualifier(List<KimDocumentRoleMember> roleMembers, KimType kimType)
           
protected  boolean validateRoleResponsibilityAction(String errorPath, KimDocumentRoleResponsibilityAction roleRspAction)
           
protected  boolean validateUniquePersonRoleQualifiersUniqueForRoleDelegation(RoleDocumentDelegationMember delegationMembershipToCheck, int membershipToCheckIndex, List<RoleDocumentDelegationMember> delegationMemberships, Set<String> uniqueQualifierIds, List<RemotableAttributeError> validationErrors)
          Checks all the qualifiers for the given membership, so that all qualifiers which should be unique are guaranteed to be unique
protected  boolean validateUniquePersonRoleQualifiersUniqueForRoleMembership(KimDocumentRoleMember membershipToCheck, int membershipToCheckIndex, List<KimDocumentRoleMember> memberships, Set<String> uniqueQualifierIds, List<RemotableAttributeError> validationErrors)
          Checks all the qualifiers for the given membership, so that all qualifiers which should be unique are guaranteed to be unique
protected  boolean validDelegationMemberActiveDates(List<RoleDocumentDelegationMember> delegationMembers)
           
protected  boolean validDuplicateRoleName(IdentityManagementRoleDocument roleDoc)
           
protected  boolean validPermissions(IdentityManagementRoleDocument document)
           
protected  boolean validResponsibilities(IdentityManagementRoleDocument document)
           
protected  boolean validRoleMemberActiveDates(List<KimDocumentRoleMember> roleMembers)
           
protected  boolean validRoleMemberPrincipalIDs(List<KimDocumentRoleMember> roleMembers)
           
protected  boolean validRoleMembersResponsibilityActions(List<KimDocumentRoleMember> roleMembers)
           
protected  boolean validRoleName(IdentityManagementRoleDocument roleDoc)
          ensures the IdentitymangaementRoleDocument role name is not null or an empty string
protected  boolean validRoleNamespace(IdentityManagementRoleDocument roleDoc)
          Ensures the IdentityManagementRoleDocument role namespace is not null or an empty string.
protected  boolean validRoleResponsibilitiesActions(List<KimDocumentRoleResponsibility> roleResponsibilities)
           
 
Methods inherited from class org.kuali.rice.kns.rules.DocumentRuleBase
getDictionaryValidationService
 
Methods inherited from class org.kuali.rice.krad.rules.DocumentRuleBase
buildDocumentTypeActionRequestPermissionDetails, buildDocumentTypePermissionDetails, getDataDictionaryService, getDocumentDictionaryService, getGroupService, getKualiConfigurationService, getMaxDictionaryValidationDepth, getPermissionService, getPersonService, hasAdHocRouteCompletion, isAddHocRoutePersonValid, isAddHocRouteWorkgroupValid, isAdHocRouteCompletionToInitiator, isAdHocRouteRecipientsValid, isDocumentAttributesValid, isDocumentOverviewValid, isNoteValid, processAddAdHocRoutePerson, processAddAdHocRouteWorkgroup, processAddCollectionLine, processAddNote, processApproveDocument, processCompleteDocument, processCustomAddAdHocRoutePersonBusinessRules, processCustomAddAdHocRouteWorkgroupBusinessRules, processCustomAddCollectionLineBusinessRules, processCustomAddNoteBusinessRules, processCustomApproveDocumentBusinessRules, processCustomCompleteDocumentBusinessRules, processCustomRouteDocumentBusinessRules, processCustomSendAdHocRequests, processRouteDocument, processSaveDocument, processSendAdHocRequests, setDocumentDictionaryService, setMaxDictionaryValidationDepth, useKimPermission, validateSensitiveDataValue
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PRIORITY_NUMBER_MIN_VALUE

public static final int PRIORITY_NUMBER_MIN_VALUE
See Also:
Constant Field Values

PRIORITY_NUMBER_MAX_VALUE

public static final int PRIORITY_NUMBER_MAX_VALUE
See Also:
Constant Field Values

addResponsibilityRule

protected AddResponsibilityRule addResponsibilityRule

addPermissionRule

protected AddPermissionRule addPermissionRule

addMemberRule

protected AddMemberRule addMemberRule

addDelegationRule

protected AddDelegationRule addDelegationRule

addDelegationMemberRule

protected AddDelegationMemberRule addDelegationMemberRule

addResponsibilityRuleClass

protected Class<? extends AddResponsibilityRule> addResponsibilityRuleClass

addPermissionRuleClass

protected Class<? extends AddPermissionRule> addPermissionRuleClass

addMemberRuleClass

protected Class<? extends AddMemberRule> addMemberRuleClass

addDelegationRuleClass

protected Class<? extends AddDelegationRule> addDelegationRuleClass

addDelegationMemberRuleClass

protected Class<? extends AddDelegationMemberRule> addDelegationMemberRuleClass

attributeValidationHelper

protected AttributeValidationHelper attributeValidationHelper

activeRoleMemberHelper

protected ActiveRoleMemberHelper activeRoleMemberHelper
Constructor Detail

IdentityManagementRoleDocumentRule

public IdentityManagementRoleDocumentRule()
Method Detail

getIdentityService

protected IdentityService getIdentityService()

processCustomSaveDocumentBusinessRules

protected boolean processCustomSaveDocumentBusinessRules(Document document)
Description copied from class: DocumentRuleBase
This method should be overridden by children rule classes as a hook to implement document specific business rule checks for the "save document" event.

Overrides:
processCustomSaveDocumentBusinessRules in class DocumentRuleBase
Returns:
boolean True if the rules checks passed, false otherwise.

validRoleNamespace

protected boolean validRoleNamespace(IdentityManagementRoleDocument roleDoc)
Ensures the IdentityManagementRoleDocument role namespace is not null or an empty string.

Parameters:
roleDoc - the IdentityManagementRoleDocument to validate.
Returns:
TRUE if the role namespace is not null or an empty string, FALSE otherwise.

validRoleName

protected boolean validRoleName(IdentityManagementRoleDocument roleDoc)
ensures the IdentitymangaementRoleDocument role name is not null or an empty string

Parameters:
roleDoc - the IdentityManagementRoleDocument to validate.
Returns:
TRUE if the role name is not null or an empty string, FALSE otherwise.

canUserAssignRoleMembers

protected boolean canUserAssignRoleMembers(IdentityManagementRoleDocument document)

validRoleMemberPrincipalIDs

protected boolean validRoleMemberPrincipalIDs(List<KimDocumentRoleMember> roleMembers)

validDuplicateRoleName

protected boolean validDuplicateRoleName(IdentityManagementRoleDocument roleDoc)

validRoleMemberActiveDates

protected boolean validRoleMemberActiveDates(List<KimDocumentRoleMember> roleMembers)

validDelegationMemberActiveDates

protected boolean validDelegationMemberActiveDates(List<RoleDocumentDelegationMember> delegationMembers)

validPermissions

protected boolean validPermissions(IdentityManagementRoleDocument document)

validResponsibilities

protected boolean validResponsibilities(IdentityManagementRoleDocument document)

validRoleResponsibilitiesActions

protected boolean validRoleResponsibilitiesActions(List<KimDocumentRoleResponsibility> roleResponsibilities)

validRoleMembersResponsibilityActions

protected boolean validRoleMembersResponsibilityActions(List<KimDocumentRoleMember> roleMembers)

validateRoleResponsibilityAction

protected boolean validateRoleResponsibilityAction(String errorPath,
                                                   KimDocumentRoleResponsibilityAction roleRspAction)

validateRoleQualifier

protected boolean validateRoleQualifier(List<KimDocumentRoleMember> roleMembers,
                                        KimType kimType)

figureOutUniqueQualificationSet

protected Set<String> figureOutUniqueQualificationSet(List<KimDocumentRoleMember> memberships,
                                                      List<KimAttributeField> attributeDefinitions)
Finds the names of the unique qualification attributes which this role should be checking against

Parameters:
memberships - the memberships (we take the qualification from the first)
attributeDefinitions - information about the attributeDefinitions
Returns:
a Set of unique attribute ids (with their indices, for error reporting)

validateUniquePersonRoleQualifiersUniqueForRoleMembership

protected boolean validateUniquePersonRoleQualifiersUniqueForRoleMembership(KimDocumentRoleMember membershipToCheck,
                                                                            int membershipToCheckIndex,
                                                                            List<KimDocumentRoleMember> memberships,
                                                                            Set<String> uniqueQualifierIds,
                                                                            List<RemotableAttributeError> validationErrors)
Checks all the qualifiers for the given membership, so that all qualifiers which should be unique are guaranteed to be unique

Parameters:
membershipToCheck - the membership to check
membershipToCheckIndex - the index of the person's membership in the role (for error reporting purposes)
validationErrors - Map of errors to report
Returns:
true if all unique values are indeed unique, false otherwise

sameMembership

protected boolean sameMembership(KimDocumentRoleMember membershipA,
                                 KimDocumentRoleMember membershipB)
Determines if two memberships represent the same member being added: that is, the two memberships have the same type code and id

Parameters:
membershipA - the first membership to check
membershipB - the second membership to check
Returns:
true if the two memberships represent the same member; false if they do not, or if it could not be profitably determined if the members were the same

sameUniqueMembershipQualifications

protected boolean sameUniqueMembershipQualifications(KimDocumentRoleMember membershipA,
                                                     KimDocumentRoleMember membershipB,
                                                     Set<String> uniqueAttributeIds)
Given two memberships which represent the same member, do they share qualifications?

Parameters:
membershipA - the first membership to check
membershipB - the second membership to check
uniqueAttributeIds - the Set of attribute definition ids which should be unique
Returns:

getRoleMemberForDelegation

protected KimDocumentRoleMember getRoleMemberForDelegation(List<KimDocumentRoleMember> roleMembers,
                                                           RoleDocumentDelegationMember delegationMember,
                                                           List<KimDocumentRoleMember> modifiedRoleMembers)

validateDelegationMemberRoleQualifier

protected boolean validateDelegationMemberRoleQualifier(List<KimDocumentRoleMember> modifiedRoleMembers,
                                                        List<RoleDocumentDelegationMember> delegationMembers,
                                                        KimType kimType,
                                                        List<KimDocumentRoleMember> nonModifiedRoleMembers)

figureOutUniqueQualificationSetForDelegation

protected Set<String> figureOutUniqueQualificationSetForDelegation(List<RoleDocumentDelegationMember> memberships,
                                                                   List<KimAttributeField> attributeDefinitions)
Finds the names of the unique qualification attributes which this role should be checking against

Parameters:
memberships - the memberships (we take the qualification from the first)
attributeDefinitions - information about the attributeDefinitions
Returns:
a Set of unique attribute ids (with their indices, for error reporting)

validateUniquePersonRoleQualifiersUniqueForRoleDelegation

protected boolean validateUniquePersonRoleQualifiersUniqueForRoleDelegation(RoleDocumentDelegationMember delegationMembershipToCheck,
                                                                            int membershipToCheckIndex,
                                                                            List<RoleDocumentDelegationMember> delegationMemberships,
                                                                            Set<String> uniqueQualifierIds,
                                                                            List<RemotableAttributeError> validationErrors)
Checks all the qualifiers for the given membership, so that all qualifiers which should be unique are guaranteed to be unique

Parameters:
delegationMembershipToCheck - the membership to check
membershipToCheckIndex - the index of the person's membership in the role (for error reporting purposes)
validationErrors - Map of errors to report
Returns:
true if all unique values are indeed unique, false otherwise

sameDelegationMembership

protected boolean sameDelegationMembership(RoleDocumentDelegationMember membershipA,
                                           RoleDocumentDelegationMember membershipB)
Determines if two memberships represent the same member being added: that is, the two memberships have the same type code and id

Parameters:
membershipA - the first membership to check
membershipB - the second membership to check
Returns:
true if the two memberships represent the same member; false if they do not, or if it could not be profitably determined if the members were the same

sameUniqueDelegationMembershipQualifications

protected boolean sameUniqueDelegationMembershipQualifications(RoleDocumentDelegationMember membershipA,
                                                               RoleDocumentDelegationMember membershipB,
                                                               Set<String> uniqueAttributeIds)
Given two memberships which represent the same member, do they share qualifications?

Parameters:
membershipA - the first membership to check
membershipB - the second membership to check
uniqueAttributeIds - the Set of attribute definition ids which should be unique
Returns:

validateActiveDate

protected boolean validateActiveDate(String errorPath,
                                     Timestamp activeFromDate,
                                     Timestamp activeToDate)

checkForCircularRoleMembership

protected boolean checkForCircularRoleMembership(AddMemberEvent addMemberEvent)
This method checks to see if adding a role to role membership creates a circular reference.

Parameters:
addMemberEvent -
Returns:
true - ok to assign, no circular references false - do not make assignment, will create circular reference.

getAddResponsibilityRule

public AddResponsibilityRule getAddResponsibilityRule()
Returns:
the addResponsibilityRule

getAddPermissionRule

public AddPermissionRule getAddPermissionRule()
Returns:
the addPermissionRule

getAddMemberRule

public AddMemberRule getAddMemberRule()
Returns:
the addMemberRule

getAddDelegationRule

public AddDelegationRule getAddDelegationRule()
Returns:
the addDelegationRule

getAddDelegationMemberRule

public AddDelegationMemberRule getAddDelegationMemberRule()
Returns:
the addDelegationMemberRule

processAddPermission

public boolean processAddPermission(AddPermissionEvent addPermissionEvent)
Specified by:
processAddPermission in interface AddPermissionRule

hasPermissionToGrantPermission

public boolean hasPermissionToGrantPermission(Permission kimPermissionInfo,
                                              IdentityManagementRoleDocument document)
Specified by:
hasPermissionToGrantPermission in interface AddPermissionRule

processAddResponsibility

public boolean processAddResponsibility(AddResponsibilityEvent addResponsibilityEvent)
Specified by:
processAddResponsibility in interface AddResponsibilityRule

hasPermissionToGrantResponsibility

public boolean hasPermissionToGrantResponsibility(Responsibility kimResponsibilityInfo,
                                                  IdentityManagementRoleDocument document)
Specified by:
hasPermissionToGrantResponsibility in interface AddResponsibilityRule

processAddMember

public boolean processAddMember(AddMemberEvent addMemberEvent)
Specified by:
processAddMember in interface AddMemberRule

processAddDelegation

public boolean processAddDelegation(AddDelegationEvent addDelegationEvent)
Specified by:
processAddDelegation in interface AddDelegationRule

processAddDelegationMember

public boolean processAddDelegationMember(AddDelegationMemberEvent addDelegationMemberEvent)
Specified by:
processAddDelegationMember in interface AddDelegationMemberRule

getResponsibilityInternalService

public ResponsibilityInternalService getResponsibilityInternalService()

getRoleTypeService

protected RoleTypeService getRoleTypeService(KimType typeInfo)

getVersionedRoleTypeService

protected org.kuali.rice.kim.document.rule.IdentityManagementRoleDocumentRule.VersionedService<RoleTypeService> getVersionedRoleTypeService(KimType typeInfo)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2005–2014 The Kuali Foundation. All rights reserved.