1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package org.kuali.rice.krad.document;
17
18 import org.apache.commons.lang.StringUtils;
19 import org.apache.commons.logging.Log;
20 import org.apache.commons.logging.LogFactory;
21 import org.kuali.rice.kew.api.WorkflowDocument;
22 import org.kuali.rice.kim.api.KimConstants;
23 import org.kuali.rice.kim.api.identity.Person;
24 import org.kuali.rice.krad.UserSessionUtils;
25 import org.kuali.rice.krad.datadictionary.AttributeSecurity;
26 import org.kuali.rice.krad.datadictionary.DocumentEntry;
27 import org.kuali.rice.krad.service.DocumentDictionaryService;
28 import org.kuali.rice.krad.service.KRADServiceLocatorWeb;
29 import org.kuali.rice.krad.uif.field.DataField;
30 import org.kuali.rice.krad.uif.util.ObjectPropertyUtils;
31 import org.kuali.rice.krad.uif.view.RequestAuthorizationCache;
32 import org.kuali.rice.krad.uif.view.View;
33 import org.kuali.rice.krad.uif.view.ViewAuthorizerBase;
34 import org.kuali.rice.krad.uif.view.ViewModel;
35 import org.kuali.rice.krad.util.GlobalVariables;
36 import org.kuali.rice.krad.util.KRADConstants;
37 import org.kuali.rice.krad.util.KRADUtils;
38 import org.kuali.rice.krad.web.form.DocumentFormBase;
39
40 import java.util.Map;
41 import java.util.Set;
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57 public class DocumentViewAuthorizerBase extends ViewAuthorizerBase implements DocumentAuthorizer {
58 private static final long serialVersionUID = 3800780934223224565L;
59 protected static Log LOG = LogFactory.getLog(DocumentViewAuthorizerBase.class);
60
61 public static final String PRE_ROUTING_ROUTE_NAME = "PreRoute";
62
63 private DocumentAuthorizer documentAuthorizer;
64
65 private DocumentDictionaryService documentDictionaryService;
66
67
68
69
70 @Override
71 public Set<String> getActionFlags(View view, ViewModel model, Person user, Set<String> actions) {
72 Document document = ((DocumentFormBase) model).getDocument();
73
74 if (LOG.isDebugEnabled()) {
75 LOG.debug("calling DocumentAuthorizerBase.getDocumentActionFlags for document '" + document
76 .getDocumentNumber() + "'. user '" + user.getPrincipalName() + "'");
77 }
78
79 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT) && !canEdit(document, user)) {
80 actions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT);
81 }
82
83 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_COPY) && !canCopy(document, user)) {
84 actions.remove(KRADConstants.KUALI_ACTION_CAN_COPY);
85 }
86
87 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_CLOSE) && !canClose(document, user)) {
88 actions.remove(KRADConstants.KUALI_ACTION_CAN_CLOSE);
89 }
90
91 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_RELOAD) && !canReload(document, user)) {
92 actions.remove(KRADConstants.KUALI_ACTION_CAN_RELOAD);
93 }
94
95 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE) && !canBlanketApprove(document, user)) {
96 actions.remove(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE);
97 }
98
99 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_CANCEL) && !canCancel(document, user)) {
100 actions.remove(KRADConstants.KUALI_ACTION_CAN_CANCEL);
101 }
102
103 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_RECALL) && !canRecall(document, user)) {
104 actions.remove(KRADConstants.KUALI_ACTION_CAN_RECALL);
105 }
106
107 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_SAVE) && !canSave(document, user)) {
108 actions.remove(KRADConstants.KUALI_ACTION_CAN_SAVE);
109 }
110
111 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_ROUTE) && !canRoute(document, user)) {
112 actions.remove(KRADConstants.KUALI_ACTION_CAN_ROUTE);
113 }
114
115 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE) && !canAcknowledge(document, user)) {
116 actions.remove(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE);
117 }
118
119 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_FYI) && !canFyi(document, user)) {
120 actions.remove(KRADConstants.KUALI_ACTION_CAN_FYI);
121 }
122
123 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_APPROVE) && !canApprove(document, user)) {
124 actions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
125 }
126
127 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE) && !canDisapprove(document, user)) {
128 actions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
129 }
130
131 if (!canSendAnyTypeAdHocRequests(document, user)) {
132 actions.remove(KRADConstants.KUALI_ACTION_CAN_ADD_ADHOC_REQUESTS);
133 actions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_ADHOC_REQUESTS);
134 actions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
135 }
136
137 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI) && !canSendNoteFyi(document, user)) {
138 actions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
139 }
140
141 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_ANNOTATE) && !canAnnotate(document, user)) {
142 actions.remove(KRADConstants.KUALI_ACTION_CAN_ANNOTATE);
143 }
144
145 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW) && !canEditDocumentOverview(
146 document, user)) {
147 actions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW);
148 }
149
150 if (actions.contains(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT) && !canPerformRouteReport(document,
151 user)) {
152 actions.remove(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT);
153 }
154
155 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_SUPER_USER_TAKE_ACTION) && !canSuperUserTakeAction(document, user)) {
156 actions.remove(KRADConstants.KUALI_ACTION_CAN_SUPER_USER_TAKE_ACTION);
157 }
158
159 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_SUPER_USER_APPROVE) && !canSuperUserApprove(document, user)) {
160 actions.remove(KRADConstants.KUALI_ACTION_CAN_SUPER_USER_APPROVE);
161 }
162
163 if (actions.contains(KRADConstants.KUALI_ACTION_CAN_SUPER_USER_DISAPPROVE) && !canSuperUserDisapprove(document, user)) {
164 actions.remove(KRADConstants.KUALI_ACTION_CAN_SUPER_USER_DISAPPROVE);
165 }
166
167 return actions;
168 }
169
170
171
172
173 @Override
174 public final boolean canInitiate(String documentTypeName, Person user) {
175 initializeDocumentAuthorizerIfNecessary(documentTypeName);
176
177 return getDocumentAuthorizer().canInitiate(documentTypeName, user);
178 }
179
180
181
182
183 @Override
184 public final boolean canOpen(Document document, Person user) {
185 initializeDocumentAuthorizerIfNecessary(document);
186
187 return getDocumentAuthorizer().canOpen(document, user);
188 }
189
190
191
192
193 @Override
194 public boolean canOpenView(View view, ViewModel model, Person user) {
195 DocumentFormBase documentForm = (DocumentFormBase) model;
196
197 return super.canOpenView(view, model, user) && canOpen(documentForm.getDocument(), user);
198 }
199
200
201
202
203 @Override
204 public boolean canEdit(Document document, Person user) {
205 initializeDocumentAuthorizerIfNecessary(document);
206
207 return getDocumentAuthorizer().canEdit(document, user);
208 }
209
210
211
212
213 @Override
214 public boolean canEditView(View view, ViewModel model, Person user) {
215 DocumentFormBase documentForm = (DocumentFormBase) model;
216
217 return super.canEditView(view, model, user) && canEdit(documentForm.getDocument(), user);
218 }
219
220
221
222
223 @Override
224 public boolean canUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user) {
225 if (field.getDataFieldSecurity() == null) {
226 return true;
227 }
228
229
230 AttributeSecurity attributeSecurity = field.getDataFieldSecurity().getAttributeSecurity();
231 if (attributeSecurity == null || !attributeSecurity.isMask()) {
232 return true;
233 }
234
235
236 String fieldValue = ObjectPropertyUtils.getPropertyValue(model, field.getBindingInfo().getBindingPath());
237 if (StringUtils.isBlank(fieldValue) && isInitiator(model, user)) {
238 return true;
239 }
240
241 return super.canUnmaskField(view, model, field, propertyName, user);
242 }
243
244
245
246
247
248
249
250
251 protected boolean isInitiator(ViewModel model, Person user) {
252 WorkflowDocument workflowDocument = UserSessionUtils.getWorkflowDocument(GlobalVariables.getUserSession(),
253 ((DocumentFormBase) model).getDocument().getDocumentNumber());
254 return StringUtils.equals(user.getPrincipalId(), workflowDocument.getInitiatorPrincipalId());
255 }
256
257
258
259
260 @Override
261 public boolean canAnnotate(Document document, Person user) {
262 initializeDocumentAuthorizerIfNecessary(document);
263
264 return getDocumentAuthorizer().canAnnotate(document, user);
265 }
266
267
268
269
270 @Override
271 public boolean canReload(Document document, Person user) {
272 initializeDocumentAuthorizerIfNecessary(document);
273
274 return getDocumentAuthorizer().canReload(document, user);
275 }
276
277
278
279
280 @Override
281 public boolean canClose(Document document, Person user) {
282 initializeDocumentAuthorizerIfNecessary(document);
283
284 return getDocumentAuthorizer().canClose(document, user);
285 }
286
287
288
289
290 @Override
291 public boolean canSave(Document document, Person user) {
292 initializeDocumentAuthorizerIfNecessary(document);
293
294 return getDocumentAuthorizer().canSave(document, user);
295 }
296
297
298
299
300 @Override
301 public boolean canRoute(Document document, Person user) {
302 initializeDocumentAuthorizerIfNecessary(document);
303
304 return getDocumentAuthorizer().canRoute(document, user);
305 }
306
307
308
309
310 @Override
311 public boolean canCancel(Document document, Person user) {
312 initializeDocumentAuthorizerIfNecessary(document);
313
314 return getDocumentAuthorizer().canCancel(document, user);
315 }
316
317
318
319
320 @Override
321 public boolean canRecall(Document document, Person user) {
322 initializeDocumentAuthorizerIfNecessary(document);
323
324 return getDocumentAuthorizer().canRecall(document, user);
325 }
326
327
328
329
330 @Override
331 public boolean canCopy(Document document, Person user) {
332 initializeDocumentAuthorizerIfNecessary(document);
333
334 return getDocumentAuthorizer().canCopy(document, user);
335 }
336
337
338
339
340 @Override
341 public boolean canPerformRouteReport(Document document, Person user) {
342 initializeDocumentAuthorizerIfNecessary(document);
343
344 return getDocumentAuthorizer().canPerformRouteReport(document, user);
345 }
346
347
348
349
350 @Override
351 public boolean canBlanketApprove(Document document, Person user) {
352 initializeDocumentAuthorizerIfNecessary(document);
353
354 return getDocumentAuthorizer().canBlanketApprove(document, user);
355 }
356
357
358
359
360 @Override
361 public boolean canApprove(Document document, Person user) {
362 initializeDocumentAuthorizerIfNecessary(document);
363
364 return getDocumentAuthorizer().canApprove(document, user);
365 }
366
367
368
369
370 @Override
371 public boolean canDisapprove(Document document, Person user) {
372 initializeDocumentAuthorizerIfNecessary(document);
373
374 return getDocumentAuthorizer().canDisapprove(document, user);
375 }
376
377
378
379
380 @Override
381 public boolean canSendNoteFyi(Document document, Person user) {
382 initializeDocumentAuthorizerIfNecessary(document);
383
384 return getDocumentAuthorizer().canSendNoteFyi(document, user);
385 }
386
387
388
389
390 @Override
391 public boolean canFyi(Document document, Person user) {
392 initializeDocumentAuthorizerIfNecessary(document);
393
394 return getDocumentAuthorizer().canFyi(document, user);
395 }
396
397
398
399
400 @Override
401 public boolean canAcknowledge(Document document, Person user) {
402 initializeDocumentAuthorizerIfNecessary(document);
403
404 return getDocumentAuthorizer().canAcknowledge(document, user);
405 }
406
407
408
409
410 @Override
411 public final boolean canReceiveAdHoc(Document document, Person user, String actionRequestCode) {
412 initializeDocumentAuthorizerIfNecessary(document);
413
414 return getDocumentAuthorizer().canReceiveAdHoc(document, user, actionRequestCode);
415 }
416
417
418
419
420 @Override
421 public final boolean canAddNoteAttachment(Document document, String attachmentTypeCode, Person user) {
422 initializeDocumentAuthorizerIfNecessary(document);
423
424 return getDocumentAuthorizer().canAddNoteAttachment(document, attachmentTypeCode, user);
425 }
426
427
428
429
430 @Override
431 public final boolean canDeleteNoteAttachment(Document document, String attachmentTypeCode,
432 String authorUniversalIdentifier, Person user) {
433 initializeDocumentAuthorizerIfNecessary(document);
434
435 return getDocumentAuthorizer().canDeleteNoteAttachment(document, attachmentTypeCode, authorUniversalIdentifier,
436 user);
437 }
438
439
440
441
442 @Override
443 public final boolean canViewNoteAttachment(Document document, String attachmentTypeCode, Person user) {
444 initializeDocumentAuthorizerIfNecessary(document);
445
446 return getDocumentAuthorizer().canViewNoteAttachment(document, attachmentTypeCode, user);
447 }
448
449
450
451
452 @Override
453 @Deprecated
454 public final boolean canViewNoteAttachment(Document document, String attachmentTypeCode,
455 String authorUniversalIdentifier, Person user) {
456 return canViewNoteAttachment(document, attachmentTypeCode, user);
457 }
458
459
460
461
462 @Override
463 public final boolean canSendAdHocRequests(Document document, String actionRequestCd, Person user) {
464 initializeDocumentAuthorizerIfNecessary(document);
465
466 return getDocumentAuthorizer().canSendAdHocRequests(document, actionRequestCd, user);
467 }
468
469
470
471
472 @Override
473 public boolean canEditDocumentOverview(Document document, Person user) {
474 initializeDocumentAuthorizerIfNecessary(document);
475
476 return getDocumentAuthorizer().canEditDocumentOverview(document, user);
477 }
478
479
480
481
482 @Override
483 public boolean canSendAnyTypeAdHocRequests(Document document, Person user) {
484 initializeDocumentAuthorizerIfNecessary(document);
485
486 return getDocumentAuthorizer().canSendAnyTypeAdHocRequests(document, user);
487 }
488
489
490
491
492 @Override
493 public boolean canTakeRequestedAction(Document document, String actionRequestCode, Person user) {
494 initializeDocumentAuthorizerIfNecessary(document);
495
496 return getDocumentAuthorizer().canTakeRequestedAction(document, actionRequestCode, user);
497 }
498
499
500
501
502 @Override
503 public boolean canSuperUserTakeAction(Document document, Person user) {
504 initializeDocumentAuthorizerIfNecessary(document);
505
506 return getDocumentAuthorizer().canSuperUserTakeAction(document, user);
507 }
508
509
510
511
512 @Override
513 public boolean canSuperUserApprove(Document document, Person user) {
514 initializeDocumentAuthorizerIfNecessary(document);
515
516 return getDocumentAuthorizer().canSuperUserApprove(document, user);
517 }
518
519
520
521
522 @Override
523 public boolean canSuperUserDisapprove(Document document, Person user) {
524 initializeDocumentAuthorizerIfNecessary(document);
525
526 return getDocumentAuthorizer().canSuperUserDisapprove(document, user);
527 }
528
529
530
531
532 @Override
533 protected void addPermissionDetails(Object dataObject, Map<String, String> attributes) {
534 super.addPermissionDetails(dataObject, attributes);
535
536 if (dataObject instanceof Document) {
537 addStandardAttributes((Document) dataObject, attributes);
538 }
539 }
540
541
542
543
544 @Override
545 protected void addRoleQualification(Object dataObject, Map<String, String> attributes) {
546 super.addRoleQualification(dataObject, attributes);
547
548 if (dataObject instanceof Document) {
549 addStandardAttributes((Document) dataObject, attributes);
550 }
551 }
552
553 protected void addStandardAttributes(Document document, Map<String, String> attributes) {
554 WorkflowDocument wd = document.getDocumentHeader().getWorkflowDocument();
555 attributes.put(KimConstants.AttributeConstants.DOCUMENT_NUMBER, document.getDocumentNumber());
556 attributes.put(KimConstants.AttributeConstants.DOCUMENT_TYPE_NAME, wd.getDocumentTypeName());
557
558 if (wd.isInitiated() || wd.isSaved()) {
559 attributes.put(KimConstants.AttributeConstants.ROUTE_NODE_NAME, PRE_ROUTING_ROUTE_NAME);
560 } else {
561 attributes.put(KimConstants.AttributeConstants.ROUTE_NODE_NAME,
562 KRADServiceLocatorWeb.getWorkflowDocumentService().getCurrentRouteNodeNames(wd));
563 }
564
565 attributes.put(KimConstants.AttributeConstants.ROUTE_STATUS_CODE, wd.getStatus().getCode());
566 }
567
568 protected boolean isDocumentInitiator(Document document, Person user) {
569 WorkflowDocument workflowDocument = document.getDocumentHeader().getWorkflowDocument();
570
571 return workflowDocument.getInitiatorPrincipalId().equalsIgnoreCase(user.getPrincipalId());
572 }
573
574
575
576
577
578
579
580 public void initializeDocumentAuthorizerIfNecessary(Document document) {
581 if (documentAuthorizer == null) {
582 DocumentEntry documentEntry = getDocumentDictionaryService().getDocumentEntryByClass(document.getClass());
583
584 if (documentEntry == null) {
585 throw new RuntimeException(
586 "Unable to find document entry for document class: " + document.getClass().getName());
587 }
588
589 setDocumentAuthorizerClass(documentEntry.getDocumentAuthorizerClass());
590 }
591 }
592
593
594
595
596
597
598
599 public void initializeDocumentAuthorizerIfNecessary(String documentTypeName) {
600 if (documentAuthorizer == null) {
601 DocumentEntry documentEntry = getDocumentDictionaryService().getDocumentEntry(documentTypeName);
602
603 if (documentEntry == null) {
604 throw new RuntimeException(
605 "Unable to find document entry for document class: " + documentTypeName);
606 }
607
608 setDocumentAuthorizerClass(documentEntry.getDocumentAuthorizerClass());
609 }
610 }
611
612 public DocumentAuthorizer getDocumentAuthorizer() {
613 return documentAuthorizer;
614 }
615
616 public void setDocumentAuthorizer(DocumentAuthorizer documentAuthorizer) {
617 this.documentAuthorizer = documentAuthorizer;
618 }
619
620 public void setDocumentAuthorizerClass(Class<? extends DocumentAuthorizer> documentAuthorizerClass) {
621 this.documentAuthorizer = KRADUtils.createNewObjectFromClass(documentAuthorizerClass);
622 }
623
624 public DocumentDictionaryService getDocumentDictionaryService() {
625 if (documentDictionaryService == null) {
626 documentDictionaryService = KRADServiceLocatorWeb.getDocumentDictionaryService();
627 }
628
629 return documentDictionaryService;
630 }
631
632 public void setDocumentDictionaryService(DocumentDictionaryService documentDictionaryService) {
633 this.documentDictionaryService = documentDictionaryService;
634 }
635
636 protected DocumentRequestAuthorizationCache getDocumentRequestAuthorizationCache(Document document) {
637 if (getRequestAuthorizationCache() == null) {
638 setRequestAuthorizationCache(new DocumentRequestAuthorizationCache());
639 }
640
641 DocumentRequestAuthorizationCache documentRequestAuthorizationCache =
642 (DocumentRequestAuthorizationCache) getRequestAuthorizationCache();
643 if (documentRequestAuthorizationCache.getWorkflowDocumentInfo() == null) {
644 documentRequestAuthorizationCache.createWorkflowDocumentInfo(
645 document.getDocumentHeader().getWorkflowDocument());
646 }
647
648 return documentRequestAuthorizationCache;
649 }
650
651
652
653
654 @Override
655 public void setDocumentRequestAuthorizationCache(
656 DocumentRequestAuthorizationCache documentRequestAuthorizationCache) {
657 this.setRequestAuthorizationCache(documentRequestAuthorizationCache);
658 }
659
660
661
662
663 @Override
664 public void setRequestAuthorizationCache(RequestAuthorizationCache requestAuthorizationCache) {
665 super.setRequestAuthorizationCache(requestAuthorizationCache);
666
667 if (!(requestAuthorizationCache instanceof DocumentRequestAuthorizationCache)) {
668 throw new RuntimeException(
669 "Request authorization cache should be instance of " + DocumentRequestAuthorizationCache.class
670 .getName());
671 }
672
673 getDocumentAuthorizer().setDocumentRequestAuthorizationCache(
674 (DocumentRequestAuthorizationCache) requestAuthorizationCache);
675 }
676 }