View Javadoc
1   /**
2    * Copyright 2005-2014 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.web.controller;
17  
18  import java.util.HashMap;
19  import java.util.Map;
20  
21  import javax.servlet.http.HttpServletRequest;
22  import javax.servlet.http.HttpServletResponse;
23  
24  import org.apache.commons.lang.StringUtils;
25  import org.apache.log4j.Logger;
26  import org.kuali.rice.kim.api.KimConstants;
27  import org.kuali.rice.kim.api.services.KimApiServiceLocator;
28  import org.kuali.rice.krad.service.KRADServiceLocatorWeb;
29  import org.kuali.rice.krad.service.KualiModuleService;
30  import org.kuali.rice.krad.service.ModuleService;
31  import org.kuali.rice.krad.util.GlobalVariables;
32  import org.kuali.rice.krad.util.KRADConstants;
33  import org.springframework.web.servlet.HandlerInterceptor;
34  import org.springframework.web.servlet.ModelAndView;
35  
36  /**
37   * Interceptor which checks whether the module the request was made for is locked and if so forwards the
38   * request to the module locked controller
39   *
40   * @author Kuali Rice Team (rice.collab@kuali.org)
41   */
42  public class ModuleLockingHandlerInterceptor implements HandlerInterceptor {
43      private static final Logger LOG = Logger.getLogger(ModuleLockingHandlerInterceptor.class);
44  
45      private KualiModuleService kualiModuleService;
46      private String moduleLockedMapping;
47  
48      /**
49       * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest,
50       *      javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception)
51       */
52      @Override
53      public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
54              Exception exception) throws Exception {
55          // do nothing
56      }
57  
58      /**
59       * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest,
60       *      javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView)
61       */
62      @Override
63      public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
64              ModelAndView modelAndview) throws Exception {
65          // do nothing
66      }
67  
68      /**
69       * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest,
70       *      javax.servlet.http.HttpServletResponse, java.lang.Object)
71       */
72      @Override
73      public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
74              Object handler) throws Exception {
75          if (isModuleLocked(request)) {
76              response.sendRedirect(this.getModuleLockedMapping() + "?" + ModuleLockedController.MODULE_PARAMETER
77                      + "=" + getModuleService(request).getModuleConfiguration().getNamespaceCode());
78  
79              return false;
80          }
81  
82          return true;
83      }
84  
85      /**
86       * Determines the module associated with the given request and then checks whether the module is locked
87       *
88       * @param request request object to pull parameters from
89       * @return boolean true if the associated module is locked, false if not or no associated module was found
90       */
91      protected boolean isModuleLocked(HttpServletRequest request) {
92          ModuleService moduleService = getModuleService(request);
93  
94          if (moduleService != null && moduleService.isLocked()) {
95              String principalId = GlobalVariables.getUserSession().getPrincipalId();
96              String namespaceCode = KRADConstants.KUALI_RICE_SYSTEM_NAMESPACE;
97              String permissionName = KimConstants.PermissionNames.ACCESS_LOCKED_MODULE;
98  
99              Map<String, String> permissionDetails = new HashMap<String, String>();
100             Map<String, String> qualification = new HashMap<String, String>();
101             if (!KimApiServiceLocator.getPermissionService().isAuthorized(principalId, namespaceCode, permissionName,
102                     qualification)) {
103                 return true;
104             }
105         }
106 
107         return false;
108     }
109 
110     /**
111      * Retrieves the module service that is associated with the data object class given through the request
112      *
113      * @param request request object to check parameters for
114      * @return ModuleService module service for data object (if found) or null
115      */
116     protected ModuleService getModuleService(HttpServletRequest request) {
117         String boClass = request.getParameter(KRADConstants.BUSINESS_OBJECT_CLASS_ATTRIBUTE);
118         if (StringUtils.isBlank(boClass)) {
119             boClass = request.getParameter(KRADConstants.DATA_OBJECT_CLASS_ATTRIBUTE);
120         }
121 
122         ModuleService moduleService = null;
123         if (StringUtils.isNotBlank(boClass)) {
124             try {
125                 moduleService = getKualiModuleService().getResponsibleModuleService(Class.forName(boClass));
126             } catch (ClassNotFoundException classNotFoundException) {
127                 LOG.warn("BO class not found: " + boClass, classNotFoundException);
128             }
129         } else {
130             moduleService = getKualiModuleService().getResponsibleModuleService(this.getClass());
131         }
132 
133         return moduleService;
134     }
135 
136     public String getModuleLockedMapping() {
137         return this.moduleLockedMapping;
138     }
139 
140     public void setModuleLockedMapping(String moduleLockedMapping) {
141         this.moduleLockedMapping = moduleLockedMapping;
142     }
143 
144     public void setKualiModuleService(KualiModuleService kualiModuleService) {
145         this.kualiModuleService = kualiModuleService;
146     }
147 
148     protected KualiModuleService getKualiModuleService() {
149         if (kualiModuleService == null) {
150             kualiModuleService = KRADServiceLocatorWeb.getKualiModuleService();
151         }
152         return kualiModuleService;
153     }
154 }