View Javadoc
1   /**
2    * Copyright 2005-2014 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.service;
17  
18  import org.kuali.rice.kim.api.identity.Person;
19  
20  /**
21   * Provides methods for checking authorization for actions
22   * on a given data object class including the security of fields
23   * within the class
24   *
25   * @author Kuali Rice Team (rice.collab@kuali.org)
26   */
27  public interface DataObjectAuthorizationService {
28  
29      /**
30       * Indicates whether the given attribute of the given data object class has any
31       * security defined (such as read-only, masked, ...) and therefore data for the
32       * attribute should be securely passed
33       *
34       * @param dataObjectClass - class that contains the attribute
35       * @param attributeName - name of the attribute (property) within the class
36       * @return boolean true if the attribute should be secured, false if security is not needed
37       */
38      public boolean attributeValueNeedsToBeEncryptedOnFormsAndLinks(Class<?> dataObjectClass, String attributeName);
39  
40      /**
41       * Indicates whether the given user has permission to create records of the given data
42       * object class with the given document type
43       *
44       * @param dataObjectClass - class of data object to check authorization for
45       * @param user - person requesting action
46       * @param docTypeName - name of the document type that provides the action
47       * @return boolean true if the user has create authorization, false if not
48       */
49      public boolean canCreate(Class<?> dataObjectClass, Person user, String docTypeName);
50  
51      /**
52       * Indicates whether the given user has permission to maintain (edit/delete) the
53       * give data object instance with the given document type
54       *
55       * @param dataObject - data object instance to check authorization for
56       * @param user - person requesting action
57       * @param docTypeName - name of the document type that provides the action
58       * @return boolean true if the user has maintain authorization, false if not
59       */
60      public boolean canMaintain(Object dataObject, Person user, String docTypeName);
61  }