org.kuali.rice.krad.uif.view

Class ViewAuthorizerBase

java.lang.Object

org.kuali.rice.krad.bo.DataObjectAuthorizerBase

org.kuali.rice.krad.uif.view.ViewAuthorizerBase

All Implemented Interfaces:

Serializable, DataObjectAuthorizer, ViewAuthorizer

Direct Known Subclasses:

DocumentViewAuthorizerBase, InquiryViewAuthorizerBase, LookupViewAuthorizerBase

public class ViewAuthorizerBase
extends DataObjectAuthorizerBase
implements ViewAuthorizer

Implementation of ViewAuthorizer that verifies authorization with KIM permission checks

Each permission goes through one of the isAuthorized methods provided by DataObjectAuthorizer, these in turn call DataObjectAuthorizerBase.addPermissionDetails(Object, java.util.Map) and DataObjectAuthorizerBase.addRoleQualification(Object, java.util.Map) for building the permission and role maps to send with the permission check. Subclasses can override these methods to add additional attributes

Author:

Kuali Rice Team (rice.collab@kuali.org)

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
ViewAuthorizerBase()

Method Summary

Modifier and Type	Method and Description
boolean	canEditField(View view, ViewModel model, Field field, String propertyName, Person user)
boolean	canEditGroup(View view, ViewModel model, Group group, String groupId, Person user)
boolean	canEditLine(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Person user)
boolean	canEditLineField(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Field field, String propertyName, Person user)
boolean	canEditView(View view, ViewModel model, Person user) Checks for an edit view permission for the view id, and if found verifies the user has that permission
boolean	canEditWidget(View view, ViewModel model, Widget widget, String widgetId, Person user)
boolean	canOpenView(View view, ViewModel model, Person user) Checks for an open view permission for the view id, and if found verifies the user has that permission
boolean	canPartialUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user) Checks whether the partial mask authorization exists for the given property and if so whether the given user has the ability to unmask the value
boolean	canPerformAction(View view, ViewModel model, Action action, String actionEvent, String actionId, Person user)
boolean	canPerformLineAction(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Action action, String actionEvent, String actionId, Person user)
boolean	canUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user) Checks whether the mask authorization exists for the given property and if so whether the given user has the ability to unmask the value
boolean	canViewField(View view, ViewModel model, Field field, String propertyName, Person user)
boolean	canViewGroup(View view, ViewModel model, Group group, String groupId, Person user)
boolean	canViewLine(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Person user)
boolean	canViewLineField(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Field field, String propertyName, Person user)
boolean	canViewWidget(View view, ViewModel model, Widget widget, String widgetId, Person user)
Set<String>	getActionFlags(View view, ViewModel model, Person user, Set<String> actions) Returns the set of action flags that are authorized for the given user
protected Map<String,String>	getActionPermissionDetails(View view, Object dataObject, Action action) Builds the permission details map for an action which includes the namespace, view id, and action id and event
protected ConfigurationService	getConfigurationService()
protected Object	getDataObjectContext(View view, ViewModel model) Retrieves the object from the model that is used as the context for permission checks
Set<String>	getEditModes(View view, ViewModel model, Person user, Set<String> editModes) Returns the set of edit modes that are authorized for the given user
protected Map<String,String>	getFieldPermissionDetails(View view, Object dataObject, Field field) Builds the permission details map for a field which includes the component namespace, component name, and field id, in addition to property name for data binding fields
protected Map<String,String>	getGroupPermissionDetails(View view, Object dataObject, Group group) Builds the permission details map for a group which includes the component namespace, component name, and group id, in addition to property name for collection groups
protected RequestAuthorizationCache	getRequestAuthorizationCache()
protected Map<String,String>	getWidgetPermissionDetails(View view, Object dataObject, Widget widget) Builds the permission details map for a widget which includes the namespace, view id, and widget id
protected boolean	isAuthorizedByTemplate(View view, Component component, ViewModel model, String permissionTemplateName, Person user, Map<String,String> additionalPermissionDetails, Map<String,String> additionalRoleQualifications, boolean checkPermissionExistence) Performs a permission check for the given template name in the context of the given view and component
void	setConfigurationService(ConfigurationService configurationService)
void	setRequestAuthorizationCache(RequestAuthorizationCache requestAuthorizationCache)

Methods inherited from class org.kuali.rice.krad.bo.DataObjectAuthorizerBase

addPermissionDetails, addRoleQualification, getPermissionDetailValues, getPermissionService, getPersonService, getRoleQualification, isAuthorized, isAuthorized, isAuthorizedByTemplate, isAuthorizedByTemplate, permissionExistsByTemplate, permissionExistsByTemplate, permissionExistsByTemplate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ViewAuthorizerBase

public ViewAuthorizerBase()

Method Detail

getActionFlags

public Set<String> getActionFlags(View view,
                                  ViewModel model,
                                  Person user,
                                  Set<String> actions)

Description copied from interface: ViewAuthorizer

Returns the set of action flags that are authorized for the given user

Action flags are created for views to indicate some action or feature should be enabled. These flags can be used within expressions for configuring the view content. For example:

For each action flag, KIM is consulted to determine if a permission exist for the template associated with the action flag. If so, a check is then made to determine if the user has that permission. If the permission fails for the user, the action flag is removed from the returned set.

The Set of available action flags should first be exported by the ViewPresentationController.getActionFlags(View, org.kuali.rice.krad.web.form.UifFormBase) method. The set returned from this method will be passed as the method argument here by the framework.

Specified by:

getActionFlags in interface ViewAuthorizer

Parameters:

view - - view instance the action flags apply to

model - - object containing the view data

user - - user we are authorizing the actions for

actions - - set of action flags to authorize

Returns:

Set set of action flags that have been authorized, this will be equal to or a subset of the actions passed in

See Also:

ViewAuthorizer#getActionFlags(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.kim.api.identity.Person, java.util.Set)

getEditModes

public Set<String> getEditModes(View view,
                                ViewModel model,
                                Person user,
                                Set<String> editModes)

Description copied from interface: ViewAuthorizer

Returns the set of edit modes that are authorized for the given user

An edit mode is a string that identifies a set of editable fields within the view. These are generally used when the entire view is not editable, but only certain fields. A field can be associated with an edit mode in two ways. The first is by using the edit mode in an expression when setting the field readOnly property. For example: The second way is with the ViewPresentationController.canEditField(View, ViewModel, org.kuali.rice.krad.uif.field.Field, String) method which can look at the edit modes map on the view to determine if the given field should be editable.

For each edit mode, KIM is consulted to determine if a permission exist for the 'Use View' template and the edit mode detail. If so, a check is then made to determine if the user has that permission. If the permission fails for the user, the edit mode is removed from the returned set.

The Set of available edit modes should first be exported by the ViewPresentationController.getEditModes(View, org.kuali.rice.krad.web.form.UifFormBase) method. The set returned from this method will be passed as the method argument here by the framework.

Specified by:

getEditModes in interface ViewAuthorizer

Parameters:

view - - view instance the edit modes apply to

model - - object containing the view data

user - - user we are authorizing the actions for

editModes - - set of edit modes to authorize

Returns:

Set set of edit modes that have been authorized, this will be equal to or a subset of the edit mode set passed in

See Also:

ViewAuthorizer#getEditModes(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.kim.api.identity.Person, java.util.Set)

canOpenView

public boolean canOpenView(View view,
                           ViewModel model,
                           Person user)

Checks for an open view permission for the view id, and if found verifies the user has that permission

Specified by:

canOpenView in interface ViewAuthorizer

Parameters:

view - - view instance to check authorization for

model - - object containing the view data

user - - user to authorize

Returns:

boolean true if the user is authorized to open the view, false otherwise

See Also:

ViewAuthorizer.canOpenView(View, ViewModel, org.kuali.rice.kim.api.identity.Person)

canEditView

public boolean canEditView(View view,
                           ViewModel model,
                           Person user)

Checks for an edit view permission for the view id, and if found verifies the user has that permission

Specified by:

canEditView in interface ViewAuthorizer

Parameters:

view - - view instance to check authorization for

model - - object containing the view data

user - - user to authorize

Returns:

boolean true if the user is authorized to edit the view, false otherwise

See Also:

ViewAuthorizer.canEditView(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.kim.api.identity.Person)

canUnmaskField

public boolean canUnmaskField(View view,
                              ViewModel model,
                              DataField field,
                              String propertyName,
                              Person user)

Description copied from interface: ViewAuthorizer

Checks whether the mask authorization exists for the given property and if so whether the given user has the ability to unmask the value

Specified by:

canUnmaskField in interface ViewAuthorizer

Parameters:

view - - view instance the field belongs to

model - - object containing the view data

field - - field associated for the property and from which the ComponentSecurity will be retrieved

propertyName - - name of the property associated with the field

user - - user we are authorizing

Returns:

boolean true if the value can be unmasked, false if it should be masked

See Also:

ViewAuthorizer.canUnmaskField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.field.DataField, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canPartialUnmaskField

public boolean canPartialUnmaskField(View view,
                                     ViewModel model,
                                     DataField field,
                                     String propertyName,
                                     Person user)

Description copied from interface: ViewAuthorizer

Checks whether the partial mask authorization exists for the given property and if so whether the given user has the ability to unmask the value

Specified by:

canPartialUnmaskField in interface ViewAuthorizer

Parameters:

view - - view instance the field belongs to

model - - object containing the view data

field - - field associated for the property and from which the ComponentSecurity will be retrieved

propertyName - - name of the property associated with the field

user - - user we are authorizing

Returns:

boolean true if the value can be unmasked, false if it should be partially masked

See Also:

ViewAuthorizer.canPartialUnmaskField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.field.DataField, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canEditField

public boolean canEditField(View view,
                            ViewModel model,
                            Field field,
                            String propertyName,
                            Person user)

Specified by:

canEditField in interface ViewAuthorizer

See Also:

ViewAuthorizer.canEditField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.field.Field, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canViewField

public boolean canViewField(View view,
                            ViewModel model,
                            Field field,
                            String propertyName,
                            Person user)

Specified by:

canViewField in interface ViewAuthorizer

See Also:

ViewAuthorizer.canViewField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.field.Field, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canEditGroup

public boolean canEditGroup(View view,
                            ViewModel model,
                            Group group,
                            String groupId,
                            Person user)

Specified by:

canEditGroup in interface ViewAuthorizer

See Also:

ViewAuthorizer.canEditGroup(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.container.Group, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canViewGroup

public boolean canViewGroup(View view,
                            ViewModel model,
                            Group group,
                            String groupId,
                            Person user)

Specified by:

canViewGroup in interface ViewAuthorizer

See Also:

ViewAuthorizer.canViewGroup(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.container.Group, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canEditWidget

public boolean canEditWidget(View view,
                             ViewModel model,
                             Widget widget,
                             String widgetId,
                             Person user)

Specified by:

canEditWidget in interface ViewAuthorizer

See Also:

ViewAuthorizer.canEditWidget(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.widget.Widget, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canViewWidget

public boolean canViewWidget(View view,
                             ViewModel model,
                             Widget widget,
                             String widgetId,
                             Person user)

Specified by:

canViewWidget in interface ViewAuthorizer

See Also:

ViewAuthorizer.canViewWidget(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.widget.Widget, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canPerformAction

public boolean canPerformAction(View view,
                                ViewModel model,
                                Action action,
                                String actionEvent,
                                String actionId,
                                Person user)

Specified by:

canPerformAction in interface ViewAuthorizer

See Also:

ViewAuthorizer.canPerformAction(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.krad.uif.element.Action, java.lang.String, java.lang.String, org.kuali.rice.kim.api.identity.Person)

canEditLine

public boolean canEditLine(View view,
                           ViewModel model,
                           CollectionGroup collectionGroup,
                           String collectionPropertyName,
                           Object line,
                           Person user)

Specified by:

canEditLine in interface ViewAuthorizer

canViewLine

public boolean canViewLine(View view,
                           ViewModel model,
                           CollectionGroup collectionGroup,
                           String collectionPropertyName,
                           Object line,
                           Person user)

Specified by:

canViewLine in interface ViewAuthorizer

canEditLineField

public boolean canEditLineField(View view,
                                ViewModel model,
                                CollectionGroup collectionGroup,
                                String collectionPropertyName,
                                Object line,
                                Field field,
                                String propertyName,
                                Person user)

Specified by:

canEditLineField in interface ViewAuthorizer

canViewLineField

public boolean canViewLineField(View view,
                                ViewModel model,
                                CollectionGroup collectionGroup,
                                String collectionPropertyName,
                                Object line,
                                Field field,
                                String propertyName,
                                Person user)

Specified by:

canViewLineField in interface ViewAuthorizer

canPerformLineAction

public boolean canPerformLineAction(View view,
                                    ViewModel model,
                                    CollectionGroup collectionGroup,
                                    String collectionPropertyName,
                                    Object line,
                                    Action action,
                                    String actionEvent,
                                    String actionId,
                                    Person user)

Specified by:

canPerformLineAction in interface ViewAuthorizer

getDataObjectContext

protected Object getDataObjectContext(View view,
                                      ViewModel model)

Retrieves the object from the model that is used as the context for permission checks

Used to derive namespace and component details. Subclasses can override to return the object to be used

Parameters:

view - view instance the permission checks are being done for

model - model object containing the data and from which the data object should be pulled

Returns:

data object instance to use

getFieldPermissionDetails

protected Map<String,String> getFieldPermissionDetails(View view,
                                                       Object dataObject,
                                                       Field field)

Builds the permission details map for a field which includes the component namespace, component name, and field id, in addition to property name for data binding fields

Parameters:

view - view instance the field belongs to

dataObject - default object from the data model (used for subclasses to build details)

field - field instance the details are being built for

Returns:

permission details for the field

getGroupPermissionDetails

protected Map<String,String> getGroupPermissionDetails(View view,
                                                       Object dataObject,
                                                       Group group)

Builds the permission details map for a group which includes the component namespace, component name, and group id, in addition to property name for collection groups

Parameters:

view - view instance the group belongs to

dataObject - default object from the data model (used for subclasses to build details)

group - group instance the details are being built for

Returns:

permission details for the group

getWidgetPermissionDetails

protected Map<String,String> getWidgetPermissionDetails(View view,
                                                        Object dataObject,
                                                        Widget widget)

Builds the permission details map for a widget which includes the namespace, view id, and widget id

Parameters:

view - view instance the widget belongs to

dataObject - default object from the data model (used for subclasses to build details)

widget - group instance the details are being built for

Returns:

permission details for group

getActionPermissionDetails

protected Map<String,String> getActionPermissionDetails(View view,
                                                        Object dataObject,
                                                        Action action)

Builds the permission details map for an action which includes the namespace, view id, and action id and event

Parameters:

view - view instance the widget belongs to

dataObject - default object from the data model (used for subclasses to build details)

action - action instance the details are being built for

Returns:

permission details for action

isAuthorizedByTemplate

protected boolean isAuthorizedByTemplate(View view,
                                         Component component,
                                         ViewModel model,
                                         String permissionTemplateName,
                                         Person user,
                                         Map<String,String> additionalPermissionDetails,
                                         Map<String,String> additionalRoleQualifications,
                                         boolean checkPermissionExistence)

Performs a permission check for the given template name in the context of the given view and component

First standard permission details are added based on the type of component the permission check is being done for. Then the ComponentSecurity of the given component is used to pick up additional permission details and role qualifiers.

Parameters:

view - view instance the component belongs to

component - component instance the permission check is being done for

model - object containing the views data

permissionTemplateName - template name for the permission to check

user - user to perform the authorization for

additionalPermissionDetails - additional key/value pairs to pass with the permission details

additionalRoleQualifications - additional key/value paris to pass with the role qualifiers

checkPermissionExistence - boolean indicating whether the existence of the permission should be checked before performing the authorization

Returns:

whether or not the user has authorization; this will be the case if the user has been granted the permission or checkPermissionExistence is true and the permission does not exist

getConfigurationService

protected ConfigurationService getConfigurationService()

setConfigurationService

public void setConfigurationService(ConfigurationService configurationService)

getRequestAuthorizationCache

protected RequestAuthorizationCache getRequestAuthorizationCache()

setRequestAuthorizationCache

public void setRequestAuthorizationCache(RequestAuthorizationCache requestAuthorizationCache)

Specified by:

setRequestAuthorizationCache in interface ViewAuthorizer