org.kuali.rice.krad.document

Class DocumentViewAuthorizerBase

java.lang.Object

org.kuali.rice.krad.bo.DataObjectAuthorizerBase

org.kuali.rice.krad.uif.view.ViewAuthorizerBase

org.kuali.rice.krad.document.DocumentViewAuthorizerBase

All Implemented Interfaces:

Serializable, DataObjectAuthorizer, DocumentAuthorizer, ViewAuthorizer

Direct Known Subclasses:

MaintenanceViewAuthorizerBase, TransactionalDocumentViewAuthorizerBase

public class DocumentViewAuthorizerBase
extends ViewAuthorizerBase
implements DocumentAuthorizer

Implementation of ViewAuthorizer for DocumentView instances

Performs KIM permission checks for the various document actions such as save, approve, cancel

By default delegates to the DocumentAuthorizer configured for the document in the data dictionary

Author:

Kuali Rice Team (rice.collab@kuali.org)

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
protected static org.apache.commons.logging.Log	LOG
static String	PRE_ROUTING_ROUTE_NAME

Constructor Summary

Constructors

Constructor and Description
DocumentViewAuthorizerBase()

Method Summary

Methods

Modifier and Type	Method and Description
protected void	addPermissionDetails(Object dataObject, Map<String,String> attributes) Override this method to populate the permission details from the primary data object or document.
protected void	addRoleQualification(Object dataObject, Map<String,String> attributes) Override this method to populate the role qualifier attributes from the primary data object or document.
protected void	addStandardAttributes(Document document, Map<String,String> attributes)
boolean	canAcknowledge(Document document, Person user)
boolean	canAddNoteAttachment(Document document, String attachmentTypeCode, Person user)
boolean	canAnnotate(Document document, Person user)
boolean	canApprove(Document document, Person user)
boolean	canBlanketApprove(Document document, Person user)
boolean	canCancel(Document document, Person user) Determines if the user has permission to cancel the document
boolean	canClose(Document document, Person user)
boolean	canCopy(Document document, Person user) Determines if the user has permission to copy the document
boolean	canDeleteNoteAttachment(Document document, String attachmentTypeCode, String authorUniversalIdentifier, Person user)
boolean	canDisapprove(Document document, Person user)
boolean	canEdit(Document document, Person user) Determines if the document can be edited; if false is returned, then all fields are in a read only state
boolean	canEditDocumentOverview(Document document, Person user)
boolean	canEditView(View view, ViewModel model, Person user) Checks for an edit view permission for the view id, and if found verifies the user has that permission
boolean	canFyi(Document document, Person user)
boolean	canInitiate(String documentTypeName, Person user) Checks if a user has the permissions to initiate a document
boolean	canOpen(Document document, Person user) Checks if a user has the permissions to open a document
boolean	canOpenView(View view, ViewModel model, Person user) Checks for an open view permission for the view id, and if found verifies the user has that permission
boolean	canPerformRouteReport(Document document, Person user)
boolean	canRecall(Document document, Person user)
boolean	canReceiveAdHoc(Document document, Person user, String actionRequestCode)
boolean	canReload(Document document, Person user)
boolean	canRoute(Document document, Person user) Determines if the user has permission to route the document
boolean	canSave(Document document, Person user)
boolean	canSendAdHocRequests(Document document, String actionRequestCd, Person user)
boolean	canSendAnyTypeAdHocRequests(Document document, Person user)
boolean	canSendNoteFyi(Document document, Person user)
boolean	canSuperUserApprove(Document document, Person user) Determines if the user has permission to approve a document as a super user.
boolean	canSuperUserDisapprove(Document document, Person user) Determines if the user has permission to disapprove a document as a super user.
boolean	canSuperUserTakeAction(Document document, Person user) Determines if the user has permission to take a super user action.
boolean	canTakeRequestedAction(Document document, String actionRequestCode, Person user)
boolean	canUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user) Checks whether the mask authorization exists for the given property and if so whether the given user has the ability to unmask the value
boolean	canViewNoteAttachment(Document document, String attachmentTypeCode, Person user)
boolean	canViewNoteAttachment(Document document, String attachmentTypeCode, String authorUniversalIdentifier, Person user) Deprecated.
Set<String>	getActionFlags(View view, ViewModel model, Person user, Set<String> actions) Returns the set of action flags that are authorized for the given user
DocumentAuthorizer	getDocumentAuthorizer()
DocumentDictionaryService	getDocumentDictionaryService()
protected DocumentRequestAuthorizationCache	getDocumentRequestAuthorizationCache(Document document)
void	initializeDocumentAuthorizerIfNecessary(Document document) If the document authorizer is null, gets the authorizer from the document dictionary service for the given document's class.
void	initializeDocumentAuthorizerIfNecessary(String documentTypeName) If the document authorizer is null, gets the authorizer from the document dictionary service for the given document type name.
protected boolean	isDocumentInitiator(Document document, Person user)
protected boolean	isInitiator(ViewModel model, Person user) Checks if the user is the initiator for the current document
void	setDocumentAuthorizer(DocumentAuthorizer documentAuthorizer)
void	setDocumentAuthorizerClass(Class<? extends DocumentAuthorizer> documentAuthorizerClass)
void	setDocumentDictionaryService(DocumentDictionaryService documentDictionaryService)
void	setDocumentRequestAuthorizationCache(DocumentRequestAuthorizationCache documentRequestAuthorizationCache)
void	setRequestAuthorizationCache(RequestAuthorizationCache requestAuthorizationCache)

Methods inherited from class org.kuali.rice.krad.uif.view.ViewAuthorizerBase

canEditField, canEditGroup, canEditLine, canEditLineField, canEditWidget, canPartialUnmaskField, canPerformAction, canPerformLineAction, canViewField, canViewGroup, canViewLine, canViewLineField, canViewWidget, getActionPermissionDetails, getConfigurationService, getDataObjectContext, getEditModes, getFieldPermissionDetails, getGroupPermissionDetails, getRequestAuthorizationCache, getWidgetPermissionDetails, isAuthorizedByTemplate, setConfigurationService

Methods inherited from class org.kuali.rice.krad.bo.DataObjectAuthorizerBase

getPermissionDetailValues, getPermissionService, getPersonService, getRoleQualification, isAuthorized, isAuthorized, isAuthorizedByTemplate, isAuthorizedByTemplate, permissionExistsByTemplate, permissionExistsByTemplate, permissionExistsByTemplate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.kuali.rice.krad.bo.DataObjectAuthorizer

isAuthorized, isAuthorized, isAuthorizedByTemplate, isAuthorizedByTemplate

Field Detail

LOG

protected static org.apache.commons.logging.Log LOG

PRE_ROUTING_ROUTE_NAME

public static final String PRE_ROUTING_ROUTE_NAME

See Also:

Constant Field Values

Constructor Detail

DocumentViewAuthorizerBase

public DocumentViewAuthorizerBase()

Method Detail

getActionFlags

public Set<String> getActionFlags(View view,
                         ViewModel model,
                         Person user,
                         Set<String> actions)

Returns the set of action flags that are authorized for the given user

Action flags are created for views to indicate some action or feature should be enabled. These flags can be used within expressions for configuring the view content. For example:

For each action flag, KIM is consulted to determine if a permission exist for the template associated with the action flag. If so, a check is then made to determine if the user has that permission. If the permission fails for the user, the action flag is removed from the returned set.

The Set of available action flags should first be exported by the ViewPresentationController.getActionFlags(View, org.kuali.rice.krad.web.form.UifFormBase) method. The set returned from this method will be passed as the method argument here by the framework.

Specified by:

getActionFlags in interface ViewAuthorizer

Overrides:

getActionFlags in class ViewAuthorizerBase

Parameters:

view - - view instance the action flags apply to

model - - object containing the view data

user - - user we are authorizing the actions for

actions - - set of action flags to authorize

Returns:

Set set of action flags that have been authorized, this will be equal to or a subset of the actions passed in

See Also:

ViewAuthorizer#getActionFlags(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.kim.api.identity.Person, java.util.Set)

canInitiate

public final boolean canInitiate(String documentTypeName,
                  Person user)

Checks if a user has the permissions to initiate a document

Specified by:

canInitiate in interface DocumentAuthorizer

Parameters:

documentTypeName - document type name

user - current user

Returns:

boolean, true if the user has the permissions to initiate a document else false

canOpen

public final boolean canOpen(Document document,
              Person user)

Checks if a user has the permissions to open a document

Specified by:

canOpen in interface DocumentAuthorizer

Parameters:

document - document to check

user - current user

Returns:

boolean, true if the user has the permissions to open a document else false

canOpenView

public boolean canOpenView(View view,
                  ViewModel model,
                  Person user)

Checks for an open view permission for the view id, and if found verifies the user has that permission

Specified by:

canOpenView in interface ViewAuthorizer

Overrides:

canOpenView in class ViewAuthorizerBase

Parameters:

view - - view instance to check authorization for

model - - object containing the view data

user - - user to authorize

Returns:

boolean true if the user is authorized to open the view, false otherwise

See Also:

ViewAuthorizer.canOpenView(View, ViewModel, org.kuali.rice.kim.api.identity.Person)

canEdit

public boolean canEdit(Document document,
              Person user)

Determines if the document can be edited; if false is returned, then all fields are in a read only state

Specified by:

canEdit in interface DocumentAuthorizer

Parameters:

document - document to check

user - current user

Returns:

boolean, true if the user has the permissions to edit a document else false

canEditView

public boolean canEditView(View view,
                  ViewModel model,
                  Person user)

Checks for an edit view permission for the view id, and if found verifies the user has that permission

Specified by:

canEditView in interface ViewAuthorizer

Overrides:

canEditView in class ViewAuthorizerBase

Parameters:

view - - view instance to check authorization for

model - - object containing the view data

user - - user to authorize

Returns:

boolean true if the user is authorized to edit the view, false otherwise

See Also:

ViewAuthorizer.canEditView(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.kim.api.identity.Person)

canUnmaskField

public boolean canUnmaskField(View view,
                     ViewModel model,
                     DataField field,
                     String propertyName,
                     Person user)

Checks whether the mask authorization exists for the given property and if so whether the given user has the ability to unmask the value

Specified by:

canUnmaskField in interface ViewAuthorizer

Overrides:

canUnmaskField in class ViewAuthorizerBase

Parameters:

view - - view instance the field belongs to

model - - object containing the view data

field - - field associated for the property and from which the ComponentSecurity will be retrieved

propertyName - - name of the property associated with the field

user - - user we are authorizing

Returns:

boolean true if the value can be unmasked, false if it should be masked

See Also:

ViewAuthorizer.canUnmaskField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.field.DataField, java.lang.String, org.kuali.rice.kim.api.identity.Person)

isInitiator

protected boolean isInitiator(ViewModel model,
                  Person user)

Checks if the user is the initiator for the current document

Parameters:

model - object containing the view data

user - user we are authorizing

Returns:

true if user is the initiator, false otherwise

canAnnotate

public boolean canAnnotate(Document document,
                  Person user)

Specified by:

canAnnotate in interface DocumentAuthorizer

canReload

public boolean canReload(Document document,
                Person user)

Specified by:

canReload in interface DocumentAuthorizer

canClose

public boolean canClose(Document document,
               Person user)

Specified by:

canClose in interface DocumentAuthorizer

canSave

public boolean canSave(Document document,
              Person user)

Specified by:

canSave in interface DocumentAuthorizer

canRoute

public boolean canRoute(Document document,
               Person user)

Determines if the user has permission to route the document

Specified by:

canRoute in interface DocumentAuthorizer

Parameters:

document - document to check

user - current user

Returns:

boolean, true if the user has permissions to route a document else false

canCancel

public boolean canCancel(Document document,
                Person user)

Determines if the user has permission to cancel the document

Specified by:

canCancel in interface DocumentAuthorizer

Parameters:

document - document to check

user - current user

Returns:

boolean, true if the user has permissions to cancel a document else false

canRecall

public boolean canRecall(Document document,
                Person user)

Specified by:

canRecall in interface DocumentAuthorizer

canCopy

public boolean canCopy(Document document,
              Person user)

Determines if the user has permission to copy the document

Specified by:

canCopy in interface DocumentAuthorizer

Parameters:

document - document to check

user - current user

Returns:

boolean, true if the user has permissions to cancel a document else false

canPerformRouteReport

public boolean canPerformRouteReport(Document document,
                            Person user)

Specified by:

canPerformRouteReport in interface DocumentAuthorizer

canBlanketApprove

public boolean canBlanketApprove(Document document,
                        Person user)

Specified by:

canBlanketApprove in interface DocumentAuthorizer

canApprove

public boolean canApprove(Document document,
                 Person user)

Specified by:

canApprove in interface DocumentAuthorizer

canDisapprove

public boolean canDisapprove(Document document,
                    Person user)

Specified by:

canDisapprove in interface DocumentAuthorizer

canSendNoteFyi

public boolean canSendNoteFyi(Document document,
                     Person user)

Specified by:

canSendNoteFyi in interface DocumentAuthorizer

canFyi

public boolean canFyi(Document document,
             Person user)

Specified by:

canFyi in interface DocumentAuthorizer

canAcknowledge

public boolean canAcknowledge(Document document,
                     Person user)

Specified by:

canAcknowledge in interface DocumentAuthorizer

canReceiveAdHoc

public final boolean canReceiveAdHoc(Document document,
                      Person user,
                      String actionRequestCode)

Specified by:

canReceiveAdHoc in interface DocumentAuthorizer

canAddNoteAttachment

public final boolean canAddNoteAttachment(Document document,
                           String attachmentTypeCode,
                           Person user)

Specified by:

canAddNoteAttachment in interface DocumentAuthorizer

canDeleteNoteAttachment

public final boolean canDeleteNoteAttachment(Document document,
                              String attachmentTypeCode,
                              String authorUniversalIdentifier,
                              Person user)

Specified by:

canDeleteNoteAttachment in interface DocumentAuthorizer

canViewNoteAttachment

public final boolean canViewNoteAttachment(Document document,
                            String attachmentTypeCode,
                            Person user)

Specified by:

canViewNoteAttachment in interface DocumentAuthorizer

canViewNoteAttachment

@Deprecated
public final boolean canViewNoteAttachment(Document document,
                                       String attachmentTypeCode,
                                       String authorUniversalIdentifier,
                                       Person user)

Deprecated.

Specified by:

canViewNoteAttachment in interface DocumentAuthorizer

canSendAdHocRequests

public final boolean canSendAdHocRequests(Document document,
                           String actionRequestCd,
                           Person user)

Specified by:

canSendAdHocRequests in interface DocumentAuthorizer

canEditDocumentOverview

public boolean canEditDocumentOverview(Document document,
                              Person user)

Specified by:

canEditDocumentOverview in interface DocumentAuthorizer

canSendAnyTypeAdHocRequests

public boolean canSendAnyTypeAdHocRequests(Document document,
                                  Person user)

Specified by:

canSendAnyTypeAdHocRequests in interface DocumentAuthorizer

canTakeRequestedAction

public boolean canTakeRequestedAction(Document document,
                             String actionRequestCode,
                             Person user)

Specified by:

canTakeRequestedAction in interface DocumentAuthorizer

canSuperUserTakeAction

public boolean canSuperUserTakeAction(Document document,
                             Person user)

Determines if the user has permission to take a super user action.

Specified by:

canSuperUserTakeAction in interface DocumentAuthorizer

Parameters:

document - document to check

user - current user

Returns:

true if the user has permissions to take a super user action, otherwise false

canSuperUserApprove

public boolean canSuperUserApprove(Document document,
                          Person user)

Determines if the user has permission to approve a document as a super user.

Specified by:

canSuperUserApprove in interface DocumentAuthorizer

Parameters:

document - document to check

user - current user

Returns:

true if the user has permissions to approve a document as a super user, otherwise false

canSuperUserDisapprove

public boolean canSuperUserDisapprove(Document document,
                             Person user)

Determines if the user has permission to disapprove a document as a super user.

Specified by:

canSuperUserDisapprove in interface DocumentAuthorizer

Parameters:

document - document to check

user - current user

Returns:

true if the user has permissions to disapprove a document as a super user, otherwise false

addPermissionDetails

protected void addPermissionDetails(Object dataObject,
                        Map<String,String> attributes)

Override this method to populate the permission details from the primary data object or document. This will only be called once per request.

Overrides:

addPermissionDetails in class DataObjectAuthorizerBase

Parameters:

dataObject - - the primary data object (i.e. the main object instance behind the lookup result row or inquiry) or the document

attributes - - permission details will be added to this map

addRoleQualification

protected void addRoleQualification(Object dataObject,
                        Map<String,String> attributes)

Override this method to populate the role qualifier attributes from the primary data object or document. This will only be called once per request.

Overrides:

addRoleQualification in class DataObjectAuthorizerBase

Parameters:

dataObject - - the primary data object (i.e. the main object instance behind the lookup result row or inquiry) or the document

attributes - - role qualifiers will be added to this map

addStandardAttributes

protected void addStandardAttributes(Document document,
                         Map<String,String> attributes)

isDocumentInitiator

protected boolean isDocumentInitiator(Document document,
                          Person user)

initializeDocumentAuthorizerIfNecessary

public void initializeDocumentAuthorizerIfNecessary(Document document)

If the document authorizer is null, gets the authorizer from the document dictionary service for the given document's class.

Parameters:

document - document instance to get authorizer for

initializeDocumentAuthorizerIfNecessary

public void initializeDocumentAuthorizerIfNecessary(String documentTypeName)

If the document authorizer is null, gets the authorizer from the document dictionary service for the given document type name.

Parameters:

documentTypeName - document type to get authorizer for

getDocumentAuthorizer

public DocumentAuthorizer getDocumentAuthorizer()

setDocumentAuthorizer

public void setDocumentAuthorizer(DocumentAuthorizer documentAuthorizer)

setDocumentAuthorizerClass

public void setDocumentAuthorizerClass(Class<? extends DocumentAuthorizer> documentAuthorizerClass)

getDocumentDictionaryService

public DocumentDictionaryService getDocumentDictionaryService()

setDocumentDictionaryService

public void setDocumentDictionaryService(DocumentDictionaryService documentDictionaryService)

getDocumentRequestAuthorizationCache

protected DocumentRequestAuthorizationCache getDocumentRequestAuthorizationCache(Document document)

setDocumentRequestAuthorizationCache

public void setDocumentRequestAuthorizationCache(DocumentRequestAuthorizationCache documentRequestAuthorizationCache)

Specified by:

setDocumentRequestAuthorizationCache in interface DocumentAuthorizer

setRequestAuthorizationCache

public void setRequestAuthorizationCache(RequestAuthorizationCache requestAuthorizationCache)

Specified by:

setRequestAuthorizationCache in interface ViewAuthorizer

Overrides:

setRequestAuthorizationCache in class ViewAuthorizerBase