View Javadoc
1   /**
2    * Copyright 2005-2014 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.inquiry;
17  
18  import org.kuali.rice.kim.api.KimConstants;
19  import org.kuali.rice.kim.api.identity.Person;
20  import org.kuali.rice.krad.uif.view.View;
21  import org.kuali.rice.krad.uif.view.ViewAuthorizerBase;
22  import org.kuali.rice.krad.uif.view.ViewModel;
23  import org.kuali.rice.krad.util.GlobalVariables;
24  import org.kuali.rice.krad.util.KRADConstants;
25  import org.kuali.rice.krad.web.form.InquiryForm;
26  
27  /**
28   * Implementation of {@link org.kuali.rice.krad.uif.view.ViewAuthorizer} for
29   * {@link org.kuali.rice.krad.uif.view.InquiryView} instances
30   *
31   * @author Kuali Rice Team (rice.collab@kuali.org)
32   */
33  public class InquiryViewAuthorizerBase extends ViewAuthorizerBase {
34      private static final long serialVersionUID = 5853518191618440332L;
35  
36  
37      /**
38       * Augmenting the base Open View check with an additional check against the KR-NS / Inquire Into Records
39       * permission template.
40       *
41       * This check will fail if the user is not allowed by *either* the View
42       *
43       * @see org.kuali.rice.krad.uif.view.ViewAuthorizerBase#canOpenView(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.kim.api.identity.Person)
44       */
45      @Override
46      public boolean canOpenView(View view, ViewModel model, Person user) {
47          boolean canOpenViewPerViewId = super.canOpenView(view, model, user);
48          // if the user is blocked out of the view by it's ID, we'll respect that and stop access here
49          if ( !canOpenViewPerViewId ) {
50              return false;
51          }
52  
53          // If we get here - then the view permission is not blocking access - so we check the KNS inquiry permission
54          if ( model instanceof InquiryForm ) {
55              InquiryForm inquiryForm = (InquiryForm) model;
56              if ( inquiryForm.getDataObject() != null ) {
57                  // but - we only block if a permission which handles this data object exists
58                  // at some level
59                  if ( permissionExistsByTemplate(inquiryForm.getDataObject(),
60                          KRADConstants.KNS_NAMESPACE,
61                          KimConstants.PermissionTemplateNames.INQUIRE_INTO_RECORDS ) ) {
62  
63                      if ( !isAuthorizedByTemplate( inquiryForm.getDataObject(),
64                              KRADConstants.KNS_NAMESPACE,
65                              KimConstants.PermissionTemplateNames.INQUIRE_INTO_RECORDS,
66                              GlobalVariables.getUserSession().getPrincipalId() ) ) {
67                          return false;
68                      }
69                  }
70              }
71          }
72  
73          return true;
74      }
75  }