View Javadoc
1   /**
2    * Copyright 2005-2016 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kim.document.authorization;
17  
18  import org.kuali.rice.kim.api.KimConstants;
19  import org.kuali.rice.kim.api.identity.Person;
20  import org.kuali.rice.kim.bo.ui.PersonDocumentGroup;
21  import org.kuali.rice.kim.bo.ui.PersonDocumentRole;
22  import org.kuali.rice.kim.document.IdentityManagementPersonDocument;
23  import org.kuali.rice.kns.document.authorization.TransactionalDocumentAuthorizerBase;
24  import org.kuali.rice.krad.document.Document;
25  
26  import java.util.HashMap;
27  import java.util.HashSet;
28  import java.util.Map;
29  import java.util.Set;
30  
31  /**
32   * This is a description of what this class does - shyu don't forget to fill this in. 
33   * 
34   * @author Kuali Rice Team (rice.collab@kuali.org)
35   *
36   */
37  public class IdentityManagementKimDocumentAuthorizer extends TransactionalDocumentAuthorizerBase {
38  	
39  	public Map<String,Set<String>> getUnpopulateableGroups(Document document, Person user) {
40  		Map<String,Set<String>> unpopulateableGroups = new HashMap<String,Set<String>>();
41  		for (PersonDocumentGroup personDocumentGroup : ((IdentityManagementPersonDocument)document).getGroups()) {
42  			Map<String,String> collectionOrFieldLevelPermissionDetails = new HashMap<String,String>();
43  			collectionOrFieldLevelPermissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, personDocumentGroup.getNamespaceCode());
44  			collectionOrFieldLevelPermissionDetails.put(KimConstants.AttributeConstants.GROUP_NAME, personDocumentGroup.getGroupName());
45  			if (!isAuthorizedByTemplate(document, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.POPULATE_GROUP, user.getPrincipalId(), collectionOrFieldLevelPermissionDetails, null)) {
46  				if (!unpopulateableGroups.containsKey(personDocumentGroup.getNamespaceCode())) {
47  					unpopulateableGroups.put(personDocumentGroup.getNamespaceCode(), new HashSet<String>());
48  				}
49  				unpopulateableGroups.get(personDocumentGroup.getNamespaceCode()).add(personDocumentGroup.getGroupName());
50  			}
51  		}
52  		return unpopulateableGroups;
53  	}
54  	
55  	public Map<String,Set<String>> getUnassignableRoles(Document document, Person user) {
56  		Map<String,Set<String>> unassignableRoles = new HashMap<String,Set<String>>();
57  		for (PersonDocumentRole personDocumentRole : ((IdentityManagementPersonDocument)document).getRoles()) {
58  			Map<String,String> collectionOrFieldLevelPermissionDetails = new HashMap<String,String>();
59  			collectionOrFieldLevelPermissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, personDocumentRole.getNamespaceCode());
60  			collectionOrFieldLevelPermissionDetails.put(KimConstants.AttributeConstants.ROLE_NAME, personDocumentRole.getRoleName());
61  			if (!isAuthorizedByTemplate(document, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.ASSIGN_ROLE, user.getPrincipalId(), collectionOrFieldLevelPermissionDetails, null)) {
62  				if (!unassignableRoles.containsKey(personDocumentRole.getNamespaceCode())) {
63  					unassignableRoles.put(personDocumentRole.getNamespaceCode(), new HashSet<String>());
64  				}
65  				unassignableRoles.get(personDocumentRole.getNamespaceCode()).add(personDocumentRole.getRoleName());
66  			}
67  		}
68  		return unassignableRoles;
69  	}
70  }