1 package org.kuali.kpme.edo.authorization;
2
3 import org.kuali.kpme.edo.service.EdoServiceLocator;
4 import org.kuali.rice.kew.api.document.DocumentStatus;
5 import org.kuali.rice.kim.api.identity.Person;
6 import org.kuali.rice.kns.document.authorization.DocumentAuthorizer;
7 import org.kuali.rice.kns.document.authorization.MaintenanceDocumentAuthorizer;
8 import org.kuali.rice.krad.bo.BusinessObject;
9 import org.kuali.rice.krad.document.Document;
10 import org.kuali.rice.krad.maintenance.MaintenanceDocument;
11 import org.kuali.rice.krad.util.GlobalVariables;
12 import org.kuali.rice.krad.util.KRADConstants;
13
14 import java.util.HashMap;
15 import java.util.HashSet;
16 import java.util.Map;
17 import java.util.Set;
18
19 public class SuperUserAuthorizer implements MaintenanceDocumentAuthorizer, DocumentAuthorizer {
20
21 public boolean isSuperUser() {
22 return EdoServiceLocator.getAuthorizationService().getRoleList(GlobalVariables.getUserSession().getPrincipalId()).contains("Super User");
23 }
24
25 @Override
26 public boolean canInitiate(String documentTypeName, Person user) {
27 return isSuperUser();
28 }
29
30 @Override
31 public boolean canOpen(Document document, Person user) {
32 return isSuperUser();
33 }
34
35 @Override
36 public boolean canReceiveAdHoc(Document document, Person user, String actionRequestCode) {
37 return isSuperUser();
38 }
39
40 @Override
41 public boolean canAddNoteAttachment(Document document, String attachmentTypeCode, Person user) {
42 return isSuperUser();
43 }
44
45 @Override
46 public boolean canDeleteNoteAttachment(Document document, String attachmentTypeCode, String createdBySelfOnly, Person user) {
47 return isSuperUser();
48 }
49
50 @Override
51 public boolean canViewNoteAttachment(Document document, String attachmentTypeCode, Person user) {
52 return isSuperUser();
53 }
54
55 @Override
56 public boolean canViewNoteAttachment(Document document, String attachmentTypeCode, String authorUniversalIdentifier, Person user) {
57 return isSuperUser();
58 }
59
60 @Override
61 public boolean canSendAdHocRequests(Document document, String actionRequestCd, Person user) {
62 return isSuperUser();
63 }
64
65 @Override
66 public boolean isAuthorized(BusinessObject businessObject, String namespaceCode, String permissionName, String principalId) {
67 return isSuperUser();
68 }
69
70 @Override
71 public boolean isAuthorizedByTemplate(BusinessObject businessObject, String namespaceCode, String permissionTemplateName, String principalId) {
72 return isSuperUser();
73 }
74
75 @Override
76 public boolean isAuthorized(BusinessObject businessObject,
77 String namespaceCode, String permissionName, String principalId,
78 Map<String, String> additionalPermissionDetails,
79 Map<String, String> additionalRoleQualifiers) {
80 return isSuperUser();
81 }
82
83 @Override
84 public boolean isAuthorizedByTemplate(Object dataObject,
85 String namespaceCode, String permissionTemplateName,
86 String principalId,
87 Map<String, String> additionalPermissionDetails,
88 Map<String, String> additionalRoleQualifiers) {
89 return isSuperUser();
90 }
91
92 @Override
93 public Map<String, String> getCollectionItemRoleQualifications(BusinessObject collectionItemBusinessObject) {
94 return new HashMap<String, String>();
95 }
96
97 @Override
98 public Map<String, String> getCollectionItemPermissionDetails(BusinessObject collectionItemBusinessObject) {
99 return new HashMap<String, String>();
100 }
101
102 @Override
103 public Set<String> getSecurePotentiallyHiddenSectionIds() {
104 return new HashSet<String>();
105 }
106
107 @Override
108 public boolean canCreate(Class boClass, Person user) {
109 return isSuperUser();
110 }
111
112 @Override
113 public boolean canMaintain(Object dataObject, Person user) {
114 return isSuperUser();
115 }
116
117 @Override
118 public boolean canCreateOrMaintain(MaintenanceDocument maintenanceDocument, Person user) {
119 return isSuperUser();
120 }
121
122 @Override
123 public Set<String> getSecurePotentiallyReadOnlySectionIds() {
124 return new HashSet<String>();
125 }
126
127 @Override
128 public boolean canEdit(Document document, Person user) {
129 return isSuperUser();
130 }
131
132 @Override
133 public boolean canAnnotate(Document document, Person user) {
134 return isSuperUser();
135 }
136
137 @Override
138 public boolean canReload(Document document, Person user) {
139 return isSuperUser();
140 }
141
142 @Override
143 public boolean canClose(Document document, Person user) {
144 return isSuperUser();
145 }
146
147 @Override
148 public boolean canSave(Document document, Person user) {
149 return isSuperUser();
150 }
151
152 @Override
153 public boolean canRoute(Document document, Person user) {
154 return isSuperUser();
155 }
156
157 @Override
158 public boolean canCancel(Document document, Person user) {
159 return isSuperUser();
160 }
161
162 @Override
163 public boolean canCopy(Document document, Person user) {
164 return isSuperUser();
165 }
166
167 @Override
168 public boolean canPerformRouteReport(Document document, Person user) {
169 return isSuperUser();
170 }
171
172 @Override
173 public boolean canBlanketApprove(Document document, Person user) {
174 return isSuperUser();
175 }
176
177 @Override
178 public boolean canApprove(Document document, Person user) {
179 return isSuperUser();
180 }
181
182 @Override
183 public boolean canDisapprove(Document document, Person user) {
184 return isSuperUser();
185 }
186
187 @Override
188 public boolean canSendNoteFyi(Document document, Person user) {
189 return isSuperUser();
190 }
191
192 @Override
193 public boolean canEditDocumentOverview(Document document, Person user) {
194 return isSuperUser();
195 }
196
197 @Override
198 public boolean canFyi(Document document, Person user) {
199 return isSuperUser();
200 }
201
202 @Override
203 public boolean canAcknowledge(Document document, Person user) {
204 return isSuperUser();
205 }
206
207 @Override
208 public boolean canSendAnyTypeAdHocRequests(Document document, Person user) {
209 return isSuperUser();
210 }
211
212 @Override
213 public boolean canTakeRequestedAction(Document document,
214 String actionRequestCode, Person user) {
215 return isSuperUser();
216 }
217
218 @Override
219 public boolean canRecall(Document document, Person user) {
220 return isSuperUser();
221 }
222
223 @Override
224 public boolean isAuthorized(Object dataObject, String namespaceCode,
225 String permissionName, String principalId) {
226 return isSuperUser();
227 }
228
229 @Override
230 public boolean isAuthorizedByTemplate(Object dataObject,
231 String namespaceCode, String permissionTemplateName,
232 String principalId) {
233 return isSuperUser();
234 }
235
236 @Override
237 public boolean isAuthorized(Object dataObject, String namespaceCode,
238 String permissionName, String principalId,
239 Map<String, String> additionalPermissionDetails,
240 Map<String, String> additionalRoleQualifiers) {
241 return isSuperUser();
242 }
243
244
245
246
247 @Override
248 public Set<String> getDocumentActions(Document document, Person user, Set<String> documentActions) {
249 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT) && !canEdit(document, user)) {
250 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT);
251 }
252
253 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_COPY) && !canCopy(document, user)) {
254 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_COPY);
255 }
256
257 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_CLOSE) && !canClose(document, user)) {
258 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_CLOSE);
259 }
260
261 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_RELOAD) && !canReload(document, user)) {
262 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_RELOAD);
263 }
264
265 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE) && !canBlanketApprove(document, user)) {
266 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE);
267 }
268
269 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_CANCEL) && !canCancel(document, user)) {
270 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_CANCEL);
271 }
272
273 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_RECALL) && !canRecall(document, user)) {
274 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_RECALL);
275 }
276
277 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SAVE) && !canSave(document, user)) {
278 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SAVE);
279 }
280
281 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ROUTE) && !canRoute(document, user)) {
282 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ROUTE);
283 }
284
285 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE) && !canAcknowledge(document, user)) {
286 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE);
287 }
288
289 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_FYI) && !canFyi(document, user)) {
290 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_FYI);
291 }
292
293 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_APPROVE) && !canApprove(document, user)) {
294 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
295 }
296
297 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE) && !canDisapprove(document, user)) {
298 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
299 }
300
301 if (!canSendAnyTypeAdHocRequests(document, user)) {
302 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ADD_ADHOC_REQUESTS);
303 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_ADHOC_REQUESTS);
304 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
305 }
306
307 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI) && !canSendNoteFyi(document, user)) {
308 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
309 }
310
311 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_ANNOTATE) && !canAnnotate(document, user)) {
312 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_ANNOTATE);
313 }
314
315 if (documentActions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW) && !canEditDocumentOverview(
316 document, user)) {
317 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW);
318 }
319
320 if (documentActions.contains(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT) && !canPerformRouteReport(document,
321 user)) {
322 documentActions.remove(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT);
323 }
324
325 DocumentStatus documentStatus = document.getDocumentHeader().getWorkflowDocument().getStatus();
326
327 if (DocumentStatus.INITIATED.equals(documentStatus) || DocumentStatus.SAVED.equals(documentStatus)) {
328 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
329 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
330 } else if (DocumentStatus.FINAL.equals(documentStatus)) {
331 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
332 documentActions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
333 }
334
335 return documentActions;
336 }
337
338 }