View Javadoc
1   /**
2    * Copyright 2005-2016 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.uif.view;
17  
18  import org.kuali.rice.kim.api.identity.Person;
19  import org.kuali.rice.krad.uif.container.CollectionGroup;
20  import org.kuali.rice.krad.uif.container.Group;
21  import org.kuali.rice.krad.uif.element.Action;
22  import org.kuali.rice.krad.uif.field.DataField;
23  import org.kuali.rice.krad.uif.field.Field;
24  import org.kuali.rice.krad.uif.widget.Widget;
25  
26  import java.util.Set;
27  
28  /**
29   * Performs user based authorization for actions and components contained in a {@link View}
30   *
31   * <p>
32   * Note only user authorization is done by the authorizer class. For non-user based logic, use the
33   * {@link ViewPresentationController}
34   * </p>
35   *
36   * @author Kuali Rice Team (rice.collab@kuali.org)
37   */
38  public interface ViewAuthorizer {
39  
40      /**
41       * Returns the set of action flags that are authorized for the given user
42       *
43       * <p>
44       * Action flags are created for views to indicate some action or feature should be enabled. These flags can be
45       * used within expressions for configuring the view content.
46       *
47       * For example:
48       * <bean parent="Action" p:methodToCall="save" p:actionLabel="save"
49       * p:render="@{#actionFlags[#Constants.KUALI_ACTION_CAN_SAVE]}"/>
50       * </p>
51       *
52       * <p>
53       * For each action flag, KIM is consulted to determine if a permission exist for the template associated with
54       * the action flag. If so, a check is then made to determine if the user has that permission. If the permission
55       * fails for the user, the action flag is removed from the returned set.
56       * </p>
57       *
58       * <p>
59       * The Set of available action flags should first be exported by the
60       * {@link ViewPresentationController#getActionFlags(View, org.kuali.rice.krad.web.form.UifFormBase)} method. The
61       * set returned from this method will be passed as the method argument here by the framework.
62       * </p>
63       *
64       * @param view - view instance the action flags apply to
65       * @param model - object containing the view data
66       * @param user - user we are authorizing the actions for
67       * @param actions - set of action flags to authorize
68       * @return Set<String> set of action flags that have been authorized, this will be equal to or a subset of the
69       *         actions passed in
70       */
71      public Set<String> getActionFlags(View view, ViewModel model, Person user, Set<String> actions);
72  
73      /**
74       * Returns the set of edit modes that are authorized for the given user
75       *
76       * <p>
77       * An edit mode is a string that identifies a set of editable fields within the view. These are generally used
78       * when the entire view is not editable, but only certain fields. A field can be associated with an edit mode in
79       * two ways. The first is by using the edit mode in an expression when setting the field readOnly property.
80       *
81       * For example:
82       * <property name="readOnly" value="@{!#editModes['specialEdit'] and !fullEdit}" />
83       *
84       * The second way is with the
85       * {@link ViewPresentationController#canEditField(View, ViewModel, org.kuali.rice.krad.uif.field.Field, String)}
86       * method which can look at the edit modes map on the view to determine if the given field should be editable.
87       * </p>
88       *
89       * <p>
90       * For each edit mode, KIM is consulted to determine if a permission exist for the 'Use View' template and
91       * the edit mode detail. If so, a check is then made to determine if the user has that permission. If the
92       * permission
93       * fails for the user, the edit mode is removed from the returned set.
94       * </p>
95       *
96       * <p>
97       * The Set of available edit modes should first be exported by the
98       * {@link ViewPresentationController#getEditModes(View, org.kuali.rice.krad.web.form.UifFormBase)} method. The
99       * set returned from this method will be passed as the method argument here by the framework.
100      * </p>
101      *
102      * @param view - view instance the edit modes apply to
103      * @param model - object containing the view data
104      * @param user - user we are authorizing the actions for
105      * @param editModes - set of edit modes to authorize
106      * @return Set<String> set of edit modes that have been authorized, this will be equal to or a subset of the
107      *         edit mode set passed in
108      */
109     public Set<String> getEditModes(View view, ViewModel model, Person user, Set<String> editModes);
110 
111     /**
112      * Determines if the given user is authorized to open the given view
113      *
114      * @param view - view instance to check authorization for
115      * @param model - object containing the view data
116      * @param user - user to authorize
117      * @return boolean true if the user is authorized to open the view, false otherwise
118      */
119     public boolean canOpenView(View view, ViewModel model, Person user);
120 
121     /**
122      * Determines if the given user is authorized to edit the given view
123      *
124      * @param view - view instance to check authorization for
125      * @param model - object containing the view data
126      * @param user - user to authorize
127      * @return boolean true if the user is authorized to edit the view, false otherwise
128      */
129     public boolean canEditView(View view, ViewModel model, Person user);
130 
131     /**
132      * Checks whether the mask authorization exists for the given property and if so whether the given user has the
133      * ability to unmask the value
134      *
135      * @param view - view instance the field belongs to
136      * @param model - object containing the view data
137      * @param field - field associated for the property and from which the
138      * {@link org.kuali.rice.krad.uif.component.ComponentSecurity} will be retrieved
139      * @param propertyName - name of the property associated with the field
140      * @param user - user we are authorizing
141      * @return boolean true if the value can be unmasked, false if it should be masked
142      */
143     public boolean canUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user);
144 
145     /**
146      * Checks whether the partial mask authorization exists for the given property and if so whether the given user
147      * has the ability to unmask the value
148      *
149      * @param view - view instance the field belongs to
150      * @param model - object containing the view data
151      * @param field - field associated for the property and from which the
152      * {@link org.kuali.rice.krad.uif.component.ComponentSecurity} will be retrieved
153      * @param propertyName - name of the property associated with the field
154      * @param user - user we are authorizing
155      * @return boolean true if the value can be unmasked, false if it should be partially masked
156      */
157     public boolean canPartialUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user);
158 
159     public boolean canEditField(View view, ViewModel model, Field field, String propertyName, Person user);
160 
161     public boolean canViewField(View view, ViewModel model, Field field, String propertyName, Person user);
162 
163     public boolean canEditGroup(View view, ViewModel model, Group group, String groupId, Person user);
164 
165     public boolean canViewGroup(View view, ViewModel model, Group group, String groupId, Person user);
166 
167     public boolean canEditWidget(View view, ViewModel model, Widget widget, String widgetId, Person user);
168 
169     public boolean canViewWidget(View view, ViewModel model, Widget widget, String widgetId, Person user);
170 
171     public boolean canPerformAction(View view, ViewModel model, Action action, String actionEvent,
172             String actionId, Person user);
173 
174     public boolean canEditLine(View view, ViewModel model, CollectionGroup collectionGroup,
175             String collectionPropertyName, Object line, Person user);
176 
177     public boolean canViewLine(View view, ViewModel model, CollectionGroup collectionGroup,
178             String collectionPropertyName, Object line, Person user);
179 
180     public boolean canEditLineField(View view, ViewModel model, CollectionGroup collectionGroup,
181             String collectionPropertyName, Object line, Field field, String propertyName, Person user);
182 
183     public boolean canViewLineField(View view, ViewModel model, CollectionGroup collectionGroup,
184             String collectionPropertyName, Object line, Field field, String propertyName, Person user);
185 
186     public boolean canPerformLineAction(View view, ViewModel model, CollectionGroup collectionGroup,
187             String collectionPropertyName, Object line, Action action, String actionEvent, String actionId,
188             Person user);
189 
190     void setRequestAuthorizationCache(RequestAuthorizationCache requestAuthorizationCache);
191 
192 }