View Javadoc
1   /**
2    * Copyright 2005-2014 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.bo;
17  
18  import org.kuali.rice.kim.api.KimConstants;
19  import org.kuali.rice.kim.api.identity.PersonService;
20  import org.kuali.rice.kim.api.permission.PermissionService;
21  import org.kuali.rice.kim.api.services.KimApiServiceLocator;
22  import org.kuali.rice.krad.util.KRADUtils;
23  
24  import java.io.Serializable;
25  import java.util.HashMap;
26  import java.util.Map;
27  
28  /**
29   * @author Kuali Rice Team (rice.collab@kuali.org)
30   */
31  public class DataObjectAuthorizerBase implements DataObjectAuthorizer, Serializable {
32      private static final long serialVersionUID = 3987953326458974964L;
33  
34      /**
35       * @see DataObjectAuthorizer#isAuthorized(java.lang.Object, java.lang.String, java.lang.String, java.lang.String)
36       */
37      public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,
38              String principalId) {
39          return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName,
40                  new HashMap<String, String>(getRoleQualification(dataObject, principalId)));
41      }
42  
43      /**
44       * @see DataObjectAuthorizer#isAuthorizedByTemplate(java.lang.Object, java.lang.String, java.lang.String,
45       * java.lang.String)
46       */
47      public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
48              String principalId) {
49          return getPermissionService().isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName,
50                  new HashMap<String, String>(getPermissionDetailValues(dataObject)), new HashMap<String, String>(
51                  (getRoleQualification(dataObject, principalId))));
52      }
53  
54      /**
55       * @see DataObjectAuthorizer#isAuthorized(java.lang.Object, java.lang.String, java.lang.String, java.lang.String)
56       */
57      public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,
58              String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
59              Map<String, String> collectionOrFieldLevelRoleQualification) {
60          Map<String, String> roleQualifiers;
61          Map<String, String> permissionDetails;
62          if (collectionOrFieldLevelRoleQualification != null) {
63              roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
64              roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
65          } else {
66              roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
67          }
68  
69          if (collectionOrFieldLevelPermissionDetails != null) {
70              permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
71              permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
72          } else {
73              permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
74          }
75  
76          return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName, roleQualifiers);
77      }
78  
79      /**
80       * @see DataObjectAuthorizer#isAuthorizedByTemplate(java.lang.Object, java.lang.String, java.lang.String,
81       * java.lang.String)
82       */
83      public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
84              String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
85              Map<String, String> collectionOrFieldLevelRoleQualification) {
86          Map<String, String> roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
87          Map<String, String> permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
88  
89          if (collectionOrFieldLevelRoleQualification != null) {
90              roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
91          }
92  
93          if (collectionOrFieldLevelPermissionDetails != null) {
94              permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
95          }
96  
97          return getPermissionService().isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName,
98                  permissionDetails, roleQualifiers);
99      }
100 
101     /**
102      * Override this method to populate the role qualifier attributes from the
103      * primary data object or document. This will only be called once per
104      * request.
105      *
106      * @param primaryDataObjectOrDocument - the primary data object (i.e. the main object instance
107      * behind the lookup result row or inquiry) or the document
108      * @param attributes - role qualifiers will be added to this map
109      */
110     protected void addRoleQualification(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
111         addStandardAttributes(primaryDataObjectOrDocument, attributes);
112     }
113 
114     /**
115      * Override this method to populate the permission details from the primary
116      * data object or document. This will only be called once per request.
117      *
118      * @param primaryDataObjectOrDocument - the primary data object (i.e. the main object instance
119      * behind the lookup result row or inquiry) or the document
120      * @param attributes - permission details will be added to this map
121      */
122     protected void addPermissionDetails(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
123         addStandardAttributes(primaryDataObjectOrDocument, attributes);
124     }
125 
126     /**
127      * @param primaryDataObjectOrDocument - the primary data object (i.e. the main object instance
128      * behind the lookup result row or inquiry) or the document
129      * @param attributes - attributes (i.e. role qualifications or permission details)
130      * will be added to this map
131      */
132     private void addStandardAttributes(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
133         attributes.putAll(KRADUtils.getNamespaceAndComponentSimpleName(primaryDataObjectOrDocument.getClass()));
134     }
135 
136     protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
137             String permissionTemplateName) {
138         return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
139                 new HashMap<String, String>(getPermissionDetailValues(dataObject)));
140     }
141 
142     protected final boolean permissionExistsByTemplate(String namespaceCode, String permissionTemplateName,
143             Map<String, String> permissionDetails) {
144         return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
145                 new HashMap<String, String>(permissionDetails));
146     }
147 
148     protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
149             String permissionTemplateName, Map<String, String> permissionDetails) {
150         Map<String, String> combinedPermissionDetails = new HashMap<String, String>(getPermissionDetailValues(
151                 dataObject));
152         combinedPermissionDetails.putAll(permissionDetails);
153 
154         return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
155                 combinedPermissionDetails);
156     }
157 
158     /**
159      * Returns a role qualification map based off data from the primary business
160      * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
161      *
162      * @param primaryDataObjectOrDocument the primary data object (i.e. the main object instance behind
163      * the lookup result row or inquiry) or the document
164      * @param principalId
165      * @return a Map containing role qualifications
166      */
167     protected final Map<String, String> getRoleQualification(Object primaryDataObjectOrDocument, String principalId) {
168         Map<String, String> roleQualification = new HashMap<String, String>();
169         addRoleQualification(primaryDataObjectOrDocument, roleQualification);
170         roleQualification.put(KimConstants.AttributeConstants.PRINCIPAL_ID, principalId);
171 
172         return roleQualification;
173     }
174 
175     /**
176      * Returns a permission details map based off data from the primary business
177      * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
178      *
179      * @param primaryDataObjectOrDocument the primary data object (i.e. the main object instance behind
180      * the lookup result row or inquiry) or the document
181      * @return a Map containing permission details
182      */
183     protected final Map<String, String> getPermissionDetailValues(Object primaryDataObjectOrDocument) {
184         Map<String, String> permissionDetails = new HashMap<String, String>();
185         addPermissionDetails(primaryDataObjectOrDocument, permissionDetails);
186 
187         return permissionDetails;
188     }
189 
190     protected static PermissionService getPermissionService() {
191         return KimApiServiceLocator.getPermissionService();
192     }
193 
194     protected static PersonService getPersonService() {
195         return KimApiServiceLocator.getPersonService();
196     }
197 }