org.kuali.rice.kim.document.rule

Class IdentityManagementRoleDocumentRule

java.lang.Object

org.kuali.rice.krad.rules.DocumentRuleBase

org.kuali.rice.kns.rules.DocumentRuleBase

org.kuali.rice.kns.rules.TransactionalDocumentRuleBase

org.kuali.rice.kim.document.rule.IdentityManagementRoleDocumentRule

All Implemented Interfaces:

AddResponsibilityRule, AddDelegationMemberRule, AddDelegationRule, AddMemberRule, AddPermissionRule, AddAdHocRoutePersonRule, AddAdHocRouteWorkgroupRule, AddCollectionLineRule, AddNoteRule, ApproveDocumentRule, BusinessRule, CompleteDocumentRule, RouteDocumentRule, SaveDocumentRule, SendAdHocRequestsRule

public class IdentityManagementRoleDocumentRule
extends TransactionalDocumentRuleBase
implements AddPermissionRule, AddResponsibilityRule, AddMemberRule, AddDelegationRule, AddDelegationMemberRule

Author:

Kuali Rice Team (rice.collab@kuali.org)

Field Summary

Fields

Modifier and Type	Field and Description
protected ActiveRoleMemberHelper	activeRoleMemberHelper
protected AddDelegationMemberRule	addDelegationMemberRule
protected Class<? extends AddDelegationMemberRule>	addDelegationMemberRuleClass
protected AddDelegationRule	addDelegationRule
protected Class<? extends AddDelegationRule>	addDelegationRuleClass
protected AddMemberRule	addMemberRule
protected Class<? extends AddMemberRule>	addMemberRuleClass
protected AddPermissionRule	addPermissionRule
protected Class<? extends AddPermissionRule>	addPermissionRuleClass
protected AddResponsibilityRule	addResponsibilityRule
protected Class<? extends AddResponsibilityRule>	addResponsibilityRuleClass
protected AttributeValidationHelper	attributeValidationHelper
static int	PRIORITY_NUMBER_MAX_VALUE
static int	PRIORITY_NUMBER_MIN_VALUE

Constructor Summary

Constructors

Constructor and Description
IdentityManagementRoleDocumentRule()

Method Summary

Methods

Modifier and Type	Method and Description
protected boolean	canUserAssignRoleMembers(IdentityManagementRoleDocument document)
protected boolean	checkForCircularRoleMembership(AddMemberEvent addMemberEvent) This method checks to see if adding a role to role membership creates a circular reference.
protected Set<String>	figureOutUniqueQualificationSet(List<KimDocumentRoleMember> memberships, List<KimAttributeField> attributeDefinitions) Finds the names of the unique qualification attributes which this role should be checking against
protected Set<String>	figureOutUniqueQualificationSetForDelegation(List<RoleDocumentDelegationMember> memberships, List<KimAttributeField> attributeDefinitions) Finds the names of the unique qualification attributes which this role should be checking against
AddDelegationMemberRule	getAddDelegationMemberRule()
AddDelegationRule	getAddDelegationRule()
AddMemberRule	getAddMemberRule()
AddPermissionRule	getAddPermissionRule()
AddResponsibilityRule	getAddResponsibilityRule()
protected IdentityService	getIdentityService()
ResponsibilityInternalService	getResponsibilityInternalService()
protected KimDocumentRoleMember	getRoleMemberForDelegation(List<KimDocumentRoleMember> roleMembers, RoleDocumentDelegationMember delegationMember, List<KimDocumentRoleMember> modifiedRoleMembers)
protected RoleTypeService	getRoleTypeService(KimType typeInfo)
protected org.kuali.rice.kim.document.rule.IdentityManagementRoleDocumentRule.VersionedService<RoleTypeService>	getVersionedRoleTypeService(KimType typeInfo)
boolean	hasPermissionToGrantPermission(Permission kimPermissionInfo, IdentityManagementRoleDocument document)
boolean	hasPermissionToGrantResponsibility(Responsibility kimResponsibilityInfo, IdentityManagementRoleDocument document)
boolean	processAddDelegation(AddDelegationEvent addDelegationEvent)
boolean	processAddDelegationMember(AddDelegationMemberEvent addDelegationMemberEvent)
boolean	processAddMember(AddMemberEvent addMemberEvent)
boolean	processAddPermission(AddPermissionEvent addPermissionEvent)
boolean	processAddResponsibility(AddResponsibilityEvent addResponsibilityEvent)
protected boolean	processCustomSaveDocumentBusinessRules(Document document) This method should be overridden by children rule classes as a hook to implement document specific business rule checks for the "save document" event.
protected boolean	sameDelegationMembership(RoleDocumentDelegationMember membershipA, RoleDocumentDelegationMember membershipB) Determines if two memberships represent the same member being added: that is, the two memberships have the same type code and id
protected boolean	sameMembership(KimDocumentRoleMember membershipA, KimDocumentRoleMember membershipB) Determines if two memberships represent the same member being added: that is, the two memberships have the same type code and id
protected boolean	sameUniqueDelegationMembershipQualifications(RoleDocumentDelegationMember membershipA, RoleDocumentDelegationMember membershipB, Set<String> uniqueAttributeIds) Given two memberships which represent the same member, do they share qualifications?
protected boolean	sameUniqueMembershipQualifications(KimDocumentRoleMember membershipA, KimDocumentRoleMember membershipB, Set<String> uniqueAttributeIds) Given two memberships which represent the same member, do they share qualifications?
protected boolean	validateActiveDate(String errorPath, Timestamp activeFromDate, Timestamp activeToDate)
protected boolean	validateDelegationMemberRoleQualifier(List<KimDocumentRoleMember> modifiedRoleMembers, List<RoleDocumentDelegationMember> delegationMembers, KimType kimType, List<KimDocumentRoleMember> nonModifiedRoleMembers)
protected boolean	validateRoleQualifier(List<KimDocumentRoleMember> roleMembers, KimType kimType)
protected boolean	validateRoleResponsibilityAction(String errorPath, KimDocumentRoleResponsibilityAction roleRspAction)
protected boolean	validateUniquePersonRoleQualifiersUniqueForRoleDelegation(RoleDocumentDelegationMember delegationMembershipToCheck, int membershipToCheckIndex, List<RoleDocumentDelegationMember> delegationMemberships, Set<String> uniqueQualifierIds, List<RemotableAttributeError> validationErrors) Checks all the qualifiers for the given membership, so that all qualifiers which should be unique are guaranteed to be unique
protected boolean	validateUniquePersonRoleQualifiersUniqueForRoleMembership(KimDocumentRoleMember membershipToCheck, int membershipToCheckIndex, List<KimDocumentRoleMember> memberships, Set<String> uniqueQualifierIds, List<RemotableAttributeError> validationErrors) Checks all the qualifiers for the given membership, so that all qualifiers which should be unique are guaranteed to be unique
protected boolean	validDelegationMemberActiveDates(List<RoleDocumentDelegationMember> delegationMembers)
protected boolean	validDuplicateRoleName(IdentityManagementRoleDocument roleDoc)
protected boolean	validPermissions(IdentityManagementRoleDocument document)
protected boolean	validResponsibilities(IdentityManagementRoleDocument document)
protected boolean	validRoleMemberActiveDates(List<KimDocumentRoleMember> roleMembers)
protected boolean	validRoleMemberPrincipalIDs(List<KimDocumentRoleMember> roleMembers)
protected boolean	validRoleMembersResponsibilityActions(List<KimDocumentRoleMember> roleMembers)
protected boolean	validRoleName(IdentityManagementRoleDocument roleDoc) ensures the IdentitymangaementRoleDocument role name is not null or an empty string
protected boolean	validRoleNamespace(IdentityManagementRoleDocument roleDoc) Ensures the IdentityManagementRoleDocument role namespace is not null or an empty string.
protected boolean	validRoleResponsibilitiesActions(List<KimDocumentRoleResponsibility> roleResponsibilities)

Methods inherited from class org.kuali.rice.kns.rules.DocumentRuleBase

getDictionaryValidationService

Methods inherited from class org.kuali.rice.krad.rules.DocumentRuleBase

buildDocumentTypeActionRequestPermissionDetails, buildDocumentTypePermissionDetails, getDataDictionaryService, getDocumentDictionaryService, getGroupService, getKualiConfigurationService, getMaxDictionaryValidationDepth, getPermissionService, getPersonService, hasAdHocRouteCompletion, isAddHocRoutePersonValid, isAddHocRouteWorkgroupValid, isAdHocRouteCompletionToInitiator, isAdHocRouteRecipientsValid, isDocumentAttributesValid, isDocumentOverviewValid, isNoteValid, processAddAdHocRoutePerson, processAddAdHocRouteWorkgroup, processAddCollectionLine, processAddNote, processApproveDocument, processCompleteDocument, processCustomAddAdHocRoutePersonBusinessRules, processCustomAddAdHocRouteWorkgroupBusinessRules, processCustomAddCollectionLineBusinessRules, processCustomAddNoteBusinessRules, processCustomApproveDocumentBusinessRules, processCustomCompleteDocumentBusinessRules, processCustomRouteDocumentBusinessRules, processCustomSendAdHocRequests, processRouteDocument, processSaveDocument, processSendAdHocRequests, setDocumentDictionaryService, setMaxDictionaryValidationDepth, useKimPermission, validateSensitiveDataValue

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PRIORITY_NUMBER_MIN_VALUE

public static final int PRIORITY_NUMBER_MIN_VALUE

See Also:

Constant Field Values

PRIORITY_NUMBER_MAX_VALUE

public static final int PRIORITY_NUMBER_MAX_VALUE

See Also:

Constant Field Values

addResponsibilityRule

protected AddResponsibilityRule addResponsibilityRule

addPermissionRule

protected AddPermissionRule addPermissionRule

addMemberRule

protected AddMemberRule addMemberRule

addDelegationRule

protected AddDelegationRule addDelegationRule

addDelegationMemberRule

protected AddDelegationMemberRule addDelegationMemberRule

addResponsibilityRuleClass

protected Class<? extends AddResponsibilityRule> addResponsibilityRuleClass

addPermissionRuleClass

protected Class<? extends AddPermissionRule> addPermissionRuleClass

addMemberRuleClass

protected Class<? extends AddMemberRule> addMemberRuleClass

addDelegationRuleClass

protected Class<? extends AddDelegationRule> addDelegationRuleClass

addDelegationMemberRuleClass

protected Class<? extends AddDelegationMemberRule> addDelegationMemberRuleClass

attributeValidationHelper

protected AttributeValidationHelper attributeValidationHelper

activeRoleMemberHelper

protected ActiveRoleMemberHelper activeRoleMemberHelper

Constructor Detail

IdentityManagementRoleDocumentRule

public IdentityManagementRoleDocumentRule()

Method Detail

getIdentityService

protected IdentityService getIdentityService()

processCustomSaveDocumentBusinessRules

protected boolean processCustomSaveDocumentBusinessRules(Document document)

Description copied from class: DocumentRuleBase

This method should be overridden by children rule classes as a hook to implement document specific business rule checks for the "save document" event.

Overrides:

processCustomSaveDocumentBusinessRules in class DocumentRuleBase

Returns:

boolean True if the rules checks passed, false otherwise.

validRoleNamespace

protected boolean validRoleNamespace(IdentityManagementRoleDocument roleDoc)

Ensures the IdentityManagementRoleDocument role namespace is not null or an empty string.

Parameters:

roleDoc - the IdentityManagementRoleDocument to validate.

Returns:

TRUE if the role namespace is not null or an empty string, FALSE otherwise.

validRoleName

protected boolean validRoleName(IdentityManagementRoleDocument roleDoc)

ensures the IdentitymangaementRoleDocument role name is not null or an empty string

Parameters:

roleDoc - the IdentityManagementRoleDocument to validate.

Returns:

TRUE if the role name is not null or an empty string, FALSE otherwise.

canUserAssignRoleMembers

protected boolean canUserAssignRoleMembers(IdentityManagementRoleDocument document)

validRoleMemberPrincipalIDs

protected boolean validRoleMemberPrincipalIDs(List<KimDocumentRoleMember> roleMembers)

validDuplicateRoleName

protected boolean validDuplicateRoleName(IdentityManagementRoleDocument roleDoc)

validRoleMemberActiveDates

protected boolean validRoleMemberActiveDates(List<KimDocumentRoleMember> roleMembers)

validDelegationMemberActiveDates

protected boolean validDelegationMemberActiveDates(List<RoleDocumentDelegationMember> delegationMembers)

validPermissions

protected boolean validPermissions(IdentityManagementRoleDocument document)

validResponsibilities

protected boolean validResponsibilities(IdentityManagementRoleDocument document)

validRoleResponsibilitiesActions

protected boolean validRoleResponsibilitiesActions(List<KimDocumentRoleResponsibility> roleResponsibilities)

validRoleMembersResponsibilityActions

protected boolean validRoleMembersResponsibilityActions(List<KimDocumentRoleMember> roleMembers)

validateRoleResponsibilityAction

protected boolean validateRoleResponsibilityAction(String errorPath,
                                       KimDocumentRoleResponsibilityAction roleRspAction)

validateRoleQualifier

protected boolean validateRoleQualifier(List<KimDocumentRoleMember> roleMembers,
                            KimType kimType)

figureOutUniqueQualificationSet

protected Set<String> figureOutUniqueQualificationSet(List<KimDocumentRoleMember> memberships,
                                          List<KimAttributeField> attributeDefinitions)

Finds the names of the unique qualification attributes which this role should be checking against

Parameters:

memberships - the memberships (we take the qualification from the first)

attributeDefinitions - information about the attributeDefinitions

Returns:

a Set of unique attribute ids (with their indices, for error reporting)

validateUniquePersonRoleQualifiersUniqueForRoleMembership

protected boolean validateUniquePersonRoleQualifiersUniqueForRoleMembership(KimDocumentRoleMember membershipToCheck,
                                                                int membershipToCheckIndex,
                                                                List<KimDocumentRoleMember> memberships,
                                                                Set<String> uniqueQualifierIds,
                                                                List<RemotableAttributeError> validationErrors)

Checks all the qualifiers for the given membership, so that all qualifiers which should be unique are guaranteed to be unique

Parameters:

membershipToCheck - the membership to check

membershipToCheckIndex - the index of the person's membership in the role (for error reporting purposes)

validationErrors - Map of errors to report

Returns:

true if all unique values are indeed unique, false otherwise

sameMembership

protected boolean sameMembership(KimDocumentRoleMember membershipA,
                     KimDocumentRoleMember membershipB)

Determines if two memberships represent the same member being added: that is, the two memberships have the same type code and id

Parameters:

membershipA - the first membership to check

membershipB - the second membership to check

Returns:

true if the two memberships represent the same member; false if they do not, or if it could not be profitably determined if the members were the same

sameUniqueMembershipQualifications

protected boolean sameUniqueMembershipQualifications(KimDocumentRoleMember membershipA,
                                         KimDocumentRoleMember membershipB,
                                         Set<String> uniqueAttributeIds)

Given two memberships which represent the same member, do they share qualifications?

Parameters:

membershipA - the first membership to check

membershipB - the second membership to check

uniqueAttributeIds - the Set of attribute definition ids which should be unique

Returns:

getRoleMemberForDelegation

protected KimDocumentRoleMember getRoleMemberForDelegation(List<KimDocumentRoleMember> roleMembers,
                                               RoleDocumentDelegationMember delegationMember,
                                               List<KimDocumentRoleMember> modifiedRoleMembers)

validateDelegationMemberRoleQualifier

protected boolean validateDelegationMemberRoleQualifier(List<KimDocumentRoleMember> modifiedRoleMembers,
                                            List<RoleDocumentDelegationMember> delegationMembers,
                                            KimType kimType,
                                            List<KimDocumentRoleMember> nonModifiedRoleMembers)

figureOutUniqueQualificationSetForDelegation

protected Set<String> figureOutUniqueQualificationSetForDelegation(List<RoleDocumentDelegationMember> memberships,
                                                       List<KimAttributeField> attributeDefinitions)

Finds the names of the unique qualification attributes which this role should be checking against

Parameters:

memberships - the memberships (we take the qualification from the first)

attributeDefinitions - information about the attributeDefinitions

Returns:

a Set of unique attribute ids (with their indices, for error reporting)

validateUniquePersonRoleQualifiersUniqueForRoleDelegation

protected boolean validateUniquePersonRoleQualifiersUniqueForRoleDelegation(RoleDocumentDelegationMember delegationMembershipToCheck,
                                                                int membershipToCheckIndex,
                                                                List<RoleDocumentDelegationMember> delegationMemberships,
                                                                Set<String> uniqueQualifierIds,
                                                                List<RemotableAttributeError> validationErrors)

Checks all the qualifiers for the given membership, so that all qualifiers which should be unique are guaranteed to be unique

Parameters:

delegationMembershipToCheck - the membership to check

membershipToCheckIndex - the index of the person's membership in the role (for error reporting purposes)

validationErrors - Map of errors to report

Returns:

true if all unique values are indeed unique, false otherwise

sameDelegationMembership

protected boolean sameDelegationMembership(RoleDocumentDelegationMember membershipA,
                               RoleDocumentDelegationMember membershipB)

Determines if two memberships represent the same member being added: that is, the two memberships have the same type code and id

Parameters:

membershipA - the first membership to check

membershipB - the second membership to check

Returns:

true if the two memberships represent the same member; false if they do not, or if it could not be profitably determined if the members were the same

sameUniqueDelegationMembershipQualifications

protected boolean sameUniqueDelegationMembershipQualifications(RoleDocumentDelegationMember membershipA,
                                                   RoleDocumentDelegationMember membershipB,
                                                   Set<String> uniqueAttributeIds)

Given two memberships which represent the same member, do they share qualifications?

Parameters:

membershipA - the first membership to check

membershipB - the second membership to check

uniqueAttributeIds - the Set of attribute definition ids which should be unique

Returns:

validateActiveDate

protected boolean validateActiveDate(String errorPath,
                         Timestamp activeFromDate,
                         Timestamp activeToDate)

checkForCircularRoleMembership

protected boolean checkForCircularRoleMembership(AddMemberEvent addMemberEvent)

This method checks to see if adding a role to role membership creates a circular reference.

Parameters:

addMemberEvent -

Returns:

true - ok to assign, no circular references false - do not make assignment, will create circular reference.

getAddResponsibilityRule

public AddResponsibilityRule getAddResponsibilityRule()

Returns:

the addResponsibilityRule

getAddPermissionRule

public AddPermissionRule getAddPermissionRule()

Returns:

the addPermissionRule

getAddMemberRule

public AddMemberRule getAddMemberRule()

Returns:

the addMemberRule

getAddDelegationRule

public AddDelegationRule getAddDelegationRule()

Returns:

the addDelegationRule

getAddDelegationMemberRule

public AddDelegationMemberRule getAddDelegationMemberRule()

Returns:

the addDelegationMemberRule

processAddPermission

public boolean processAddPermission(AddPermissionEvent addPermissionEvent)

Specified by:

processAddPermission in interface AddPermissionRule

hasPermissionToGrantPermission

public boolean hasPermissionToGrantPermission(Permission kimPermissionInfo,
                                     IdentityManagementRoleDocument document)

Specified by:

hasPermissionToGrantPermission in interface AddPermissionRule

processAddResponsibility

public boolean processAddResponsibility(AddResponsibilityEvent addResponsibilityEvent)

Specified by:

processAddResponsibility in interface AddResponsibilityRule

hasPermissionToGrantResponsibility

public boolean hasPermissionToGrantResponsibility(Responsibility kimResponsibilityInfo,
                                         IdentityManagementRoleDocument document)

Specified by:

hasPermissionToGrantResponsibility in interface AddResponsibilityRule

processAddMember

public boolean processAddMember(AddMemberEvent addMemberEvent)

Specified by:

processAddMember in interface AddMemberRule

processAddDelegation

public boolean processAddDelegation(AddDelegationEvent addDelegationEvent)

Specified by:

processAddDelegation in interface AddDelegationRule

processAddDelegationMember

public boolean processAddDelegationMember(AddDelegationMemberEvent addDelegationMemberEvent)

Specified by:

processAddDelegationMember in interface AddDelegationMemberRule

getResponsibilityInternalService

public ResponsibilityInternalService getResponsibilityInternalService()

getRoleTypeService

protected RoleTypeService getRoleTypeService(KimType typeInfo)

getVersionedRoleTypeService

protected org.kuali.rice.kim.document.rule.IdentityManagementRoleDocumentRule.VersionedService<RoleTypeService> getVersionedRoleTypeService(KimType typeInfo)