Source code

001/**
002 * Copyright 2005-2016 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.krad.service;
017
018import org.kuali.rice.kim.api.identity.Person;
019
020/**
021 * Provides methods for checking authorization for actions
022 * on a given data object class including the security of fields
023 * within the class
024 *
025 * @author Kuali Rice Team (rice.collab@kuali.org)
026 */
027public interface DataObjectAuthorizationService {
028
029    /**
030     * Indicates whether the given attribute of the given data object class has any
031     * security defined (such as read-only, masked, ...) and therefore data for the
032     * attribute should be securely passed
033     *
034     * @param dataObjectClass - class that contains the attribute
035     * @param attributeName - name of the attribute (property) within the class
036     * @return boolean true if the attribute should be secured, false if security is not needed
037     */
038    public boolean attributeValueNeedsToBeEncryptedOnFormsAndLinks(Class<?> dataObjectClass, String attributeName);
039
040    /**
041     * Indicates whether the given user has permission to create records of the given data
042     * object class with the given document type
043     *
044     * @param dataObjectClass - class of data object to check authorization for
045     * @param user - person requesting action
046     * @param docTypeName - name of the document type that provides the action
047     * @return boolean true if the user has create authorization, false if not
048     */
049    public boolean canCreate(Class<?> dataObjectClass, Person user, String docTypeName);
050
051    /**
052     * Indicates whether the given user has permission to maintain (edit/delete) the
053     * give data object instance with the given document type
054     *
055     * @param dataObject - data object instance to check authorization for
056     * @param user - person requesting action
057     * @param docTypeName - name of the document type that provides the action
058     * @return boolean true if the user has maintain authorization, false if not
059     */
060    public boolean canMaintain(Object dataObject, Person user, String docTypeName);
061}