1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package org.kuali.rice.kim.document.authorization;
17
18 import org.kuali.rice.kim.api.KimConstants;
19 import org.kuali.rice.kim.api.identity.Person;
20 import org.kuali.rice.kim.bo.ui.PersonDocumentGroup;
21 import org.kuali.rice.kim.bo.ui.PersonDocumentRole;
22 import org.kuali.rice.kim.document.IdentityManagementPersonDocument;
23 import org.kuali.rice.kns.document.authorization.TransactionalDocumentAuthorizerBase;
24 import org.kuali.rice.krad.document.Document;
25
26 import java.util.HashMap;
27 import java.util.HashSet;
28 import java.util.Map;
29 import java.util.Set;
30
31
32
33
34
35
36
37 public class IdentityManagementKimDocumentAuthorizer extends TransactionalDocumentAuthorizerBase {
38
39 public Map<String,Set<String>> getUnpopulateableGroups(Document document, Person user) {
40 Map<String,Set<String>> unpopulateableGroups = new HashMap<String,Set<String>>();
41 for (PersonDocumentGroup personDocumentGroup : ((IdentityManagementPersonDocument)document).getGroups()) {
42 Map<String,String> collectionOrFieldLevelPermissionDetails = new HashMap<String,String>();
43 collectionOrFieldLevelPermissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, personDocumentGroup.getNamespaceCode());
44 collectionOrFieldLevelPermissionDetails.put(KimConstants.AttributeConstants.GROUP_NAME, personDocumentGroup.getGroupName());
45 if (!isAuthorizedByTemplate(document, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.POPULATE_GROUP, user.getPrincipalId(), collectionOrFieldLevelPermissionDetails, null)) {
46 if (!unpopulateableGroups.containsKey(personDocumentGroup.getNamespaceCode())) {
47 unpopulateableGroups.put(personDocumentGroup.getNamespaceCode(), new HashSet<String>());
48 }
49 unpopulateableGroups.get(personDocumentGroup.getNamespaceCode()).add(personDocumentGroup.getGroupName());
50 }
51 }
52 return unpopulateableGroups;
53 }
54
55 public Map<String,Set<String>> getUnassignableRoles(Document document, Person user) {
56 Map<String,Set<String>> unassignableRoles = new HashMap<String,Set<String>>();
57 for (PersonDocumentRole personDocumentRole : ((IdentityManagementPersonDocument)document).getRoles()) {
58 Map<String,String> collectionOrFieldLevelPermissionDetails = new HashMap<String,String>();
59 collectionOrFieldLevelPermissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, personDocumentRole.getNamespaceCode());
60 collectionOrFieldLevelPermissionDetails.put(KimConstants.AttributeConstants.ROLE_NAME, personDocumentRole.getRoleName());
61 if (!isAuthorizedByTemplate(document, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.ASSIGN_ROLE, user.getPrincipalId(), collectionOrFieldLevelPermissionDetails, null)) {
62 if (!unassignableRoles.containsKey(personDocumentRole.getNamespaceCode())) {
63 unassignableRoles.put(personDocumentRole.getNamespaceCode(), new HashSet<String>());
64 }
65 unassignableRoles.get(personDocumentRole.getNamespaceCode()).add(personDocumentRole.getRoleName());
66 }
67 }
68 return unassignableRoles;
69 }
70 }