View Javadoc

1   /**
2    * Copyright 2005-2011 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.bo.authorization;
17  
18  import org.kuali.rice.kim.api.KimConstants;
19  import org.kuali.rice.kim.api.identity.PersonService;
20  import org.kuali.rice.kim.api.permission.PermissionService;
21  import org.kuali.rice.kim.api.services.KimApiServiceLocator;
22  import org.kuali.rice.krad.authorization.BusinessObjectAuthorizer;
23  import org.kuali.rice.krad.bo.BusinessObject;
24  import org.kuali.rice.krad.service.DataDictionaryService;
25  import org.kuali.rice.krad.service.KRADServiceLocatorWeb;
26  import org.kuali.rice.krad.service.KualiModuleService;
27  import org.kuali.rice.krad.service.PersistenceStructureService;
28  import org.kuali.rice.krad.util.GlobalVariables;
29  import org.kuali.rice.krad.util.KRADUtils;
30  
31  import java.util.HashMap;
32  import java.util.Map;
33  
34  public class BusinessObjectAuthorizerBase implements BusinessObjectAuthorizer {
35  //	private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger
36  //			.getLogger(BusinessObjectAuthorizerBase.class);
37  
38  	private static PermissionService permissionService;
39  	private static PersonService personService;
40  	private static KualiModuleService kualiModuleService;
41  	private static DataDictionaryService dataDictionaryService;
42  	private static PersistenceStructureService persistenceStructureService;
43  
44  	/**
45  	 * Override this method to populate the role qualifier attributes from the
46  	 * primary business object or document. This will only be called once per
47  	 * request.
48  	 * 
49  	 * @param primaryBusinessObjectOrDocument
50  	 *            the primary business object (i.e. the main BO instance behind
51  	 *            the lookup result row or inquiry) or the document
52  	 * @param attributes
53  	 *            role qualifiers will be added to this map
54  	 */
55  	protected void addRoleQualification(
56  			Object primaryDataObjectOrDocument,
57  			Map<String, String> attributes) {
58  		addStandardAttributes(primaryDataObjectOrDocument, attributes);
59  	}
60  
61  	/**
62  	 * Override this method to populate the permission details from the primary
63  	 * business object or document. This will only be called once per request.
64  	 * 
65  	 * @param primaryBusinessObjectOrDocument
66  	 *            the primary business object (i.e. the main BO instance behind
67  	 *            the lookup result row or inquiry) or the document
68  	 * @param attributes
69  	 *            permission details will be added to this map
70  	 */
71  	protected void addPermissionDetails(
72  			Object primaryDataObjectOrDocument,
73  			Map<String, String> attributes) {
74  		addStandardAttributes(primaryDataObjectOrDocument, attributes);
75  	}
76  
77  	/**
78  	 * @param primaryBusinessObjectOrDocument
79  	 *            the primary business object (i.e. the main BO instance behind
80  	 *            the lookup result row or inquiry) or the document
81  	 * @param attributes
82  	 *            attributes (i.e. role qualifications or permission details)
83  	 *            will be added to this map
84  	 */
85  	private void addStandardAttributes(
86  			Object primaryDataObjectOrDocument,
87  			Map<String, String> attributes) {
88  		attributes
89  				.putAll(KRADUtils
90  						.getNamespaceAndComponentSimpleName(primaryDataObjectOrDocument.getClass()));
91  	}
92  
93  	protected final boolean permissionExistsByTemplate(
94  			BusinessObject businessObject, String namespaceCode,
95  			String permissionTemplateName) {
96  		return getPermissionService()
97  				.isPermissionDefinedByTemplateName(namespaceCode, permissionTemplateName, new HashMap<String, String>(
98                          getPermissionDetailValues(businessObject)));
99  	}
100 
101 	protected final boolean permissionExistsByTemplate(String namespaceCode,
102 			String permissionTemplateName, Map<String, String> permissionDetails) {
103 		return getPermissionService()
104 				.isPermissionDefinedByTemplateName(namespaceCode, permissionTemplateName, new HashMap<String, String>(
105                         permissionDetails));
106 	}
107 
108 	protected final boolean permissionExistsByTemplate(
109 			BusinessObject businessObject, String namespaceCode,
110 			String permissionTemplateName, Map<String, String> permissionDetails) {
111 		Map<String, String> combinedPermissionDetails = new HashMap<String, String>(
112 				getPermissionDetailValues(businessObject));
113 		combinedPermissionDetails.putAll(permissionDetails);
114 		return getPermissionService()
115 				.isPermissionDefinedByTemplateName(namespaceCode, permissionTemplateName, combinedPermissionDetails);
116 	}
117 
118 	public final boolean isAuthorized(BusinessObject businessObject,
119 			String namespaceCode, String permissionName, String principalId) {
120 		return getPermissionService().isAuthorized(principalId,
121 				namespaceCode, permissionName,
122 				new HashMap<String, String>(getPermissionDetailValues(businessObject)),
123 				new HashMap<String, String>(getRoleQualification(businessObject, principalId)));
124 	}
125 
126 	public final boolean isAuthorizedByTemplate(BusinessObject dataObject,
127 			String namespaceCode, String permissionTemplateName,
128 			String principalId) {
129 		return getPermissionService().isAuthorizedByTemplateName(
130 				principalId, namespaceCode, permissionTemplateName,
131 				new HashMap<String, String>(getPermissionDetailValues(dataObject)),
132 				new HashMap<String, String>(getRoleQualification(dataObject, principalId)));
133 	}
134 
135 	public final boolean isAuthorized(BusinessObject businessObject,
136 			String namespaceCode, String permissionName, String principalId,
137 			Map<String, String> collectionOrFieldLevelPermissionDetails,
138 			Map<String, String> collectionOrFieldLevelRoleQualification) {
139 		Map<String, String> roleQualifiers = null;
140 		Map<String, String> permissionDetails = null;
141 		if (collectionOrFieldLevelRoleQualification != null) {
142 			roleQualifiers = new HashMap<String, String>(
143 					getRoleQualification(businessObject, principalId));
144 			roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
145 		} else {
146 			roleQualifiers = new HashMap<String, String>(
147 					getRoleQualification(businessObject, principalId));
148 		}
149 		if (collectionOrFieldLevelPermissionDetails != null) {
150 			permissionDetails = new HashMap<String, String>(
151 					getPermissionDetailValues(businessObject));
152 			permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
153 		} else {
154 			permissionDetails = new HashMap<String, String>(
155 					getPermissionDetailValues(businessObject));
156 		}
157 		
158 		return getPermissionService().isAuthorized(principalId,
159 				namespaceCode, permissionName, permissionDetails,
160 				roleQualifiers);
161 	}
162 
163 	public final boolean isAuthorizedByTemplate(Object dataObject,
164 			String namespaceCode, String permissionTemplateName,
165 			String principalId,
166 			Map<String, String> collectionOrFieldLevelPermissionDetails,
167 			Map<String, String> collectionOrFieldLevelRoleQualification) {
168 		Map<String, String> roleQualifiers = new HashMap<String, String>(
169 				getRoleQualification(dataObject, principalId));
170 		Map<String, String> permissionDetails = new HashMap<String, String>(
171 				getPermissionDetailValues(dataObject));
172 		if (collectionOrFieldLevelRoleQualification != null) {
173 			roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
174 		}
175 		if (collectionOrFieldLevelPermissionDetails != null) {
176 			permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
177 		}
178 		
179 		return getPermissionService().isAuthorizedByTemplateName(
180 				principalId, namespaceCode, permissionTemplateName,
181 				permissionDetails, roleQualifiers);
182 	}
183 
184 	/**
185 	 * Returns a role qualification map based off data from the primary business
186 	 * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
187 	 * 
188 	 * @param primaryBusinessObjectOrDocument
189 	 *            the primary business object (i.e. the main BO instance behind
190 	 *            the lookup result row or inquiry) or the document
191 	 * @return a Map containing role qualifications
192 	 */
193 	protected final Map<String, String> getRoleQualification(
194 			BusinessObject primaryBusinessObjectOrDocument) {
195 		return getRoleQualification(primaryBusinessObjectOrDocument, GlobalVariables
196 					.getUserSession().getPerson().getPrincipalId());
197 	}
198 	
199 	protected final Map<String, String> getRoleQualification(
200 			Object primaryDataObjectOrDocument, String principalId) {
201 			Map<String, String> roleQualification = new HashMap<String, String>();
202 			addRoleQualification(primaryDataObjectOrDocument,
203 					roleQualification);
204 			roleQualification.put(KimConstants.AttributeConstants.PRINCIPAL_ID, principalId);
205 		return roleQualification;
206 	}
207 
208 
209 	/**
210 	 * @see org.kuali.rice.krad.authorization.BusinessObjectAuthorizer#getCollectionItemPermissionDetails(org.kuali.rice.krad.bo.BusinessObject)
211 	 */
212 	public Map<String, String> getCollectionItemPermissionDetails(
213 			BusinessObject collectionItemBusinessObject) {
214 		return new HashMap<String, String>();
215 	}
216 
217 	/**
218 	 * @see org.kuali.rice.krad.authorization.BusinessObjectAuthorizer#getCollectionItemRoleQualifications(org.kuali.rice.krad.bo.BusinessObject)
219 	 */
220 	public Map<String, String> getCollectionItemRoleQualifications(
221 			BusinessObject collectionItemBusinessObject) {
222 		return new HashMap<String, String>();
223 	}
224 
225 	/**
226 	 * Returns a permission details map based off data from the primary business
227 	 * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
228 	 * 
229 	 * @param primaryBusinessObjectOrDocument
230 	 *            the primary business object (i.e. the main BO instance behind
231 	 *            the lookup result row or inquiry) or the document
232 	 * @return a Map containing permission details
233 	 */
234 	protected final Map<String, String> getPermissionDetailValues(
235 			Object dataObject) {
236 		Map<String, String> permissionDetails = new HashMap<String, String>();
237 		addPermissionDetails(dataObject, permissionDetails);
238 		return permissionDetails;
239 	}
240 
241 	protected static final PermissionService getPermissionService() {
242 		if (permissionService == null) {
243 			permissionService = KimApiServiceLocator
244 					.getPermissionService();
245 		}
246 		return permissionService;
247 	}
248 
249 	protected static final PersonService getPersonService() {
250 		if (personService == null) {
251 			personService = KimApiServiceLocator.getPersonService();
252 		}
253 		return personService;
254 	}
255 
256 	protected static final KualiModuleService getKualiModuleService() {
257 		if (kualiModuleService == null) {
258 			kualiModuleService = KRADServiceLocatorWeb.getKualiModuleService();
259 		}
260 		return kualiModuleService;
261 	}
262 
263 	protected static final DataDictionaryService getDataDictionaryService() {
264 		if (dataDictionaryService == null) {
265 			dataDictionaryService = KRADServiceLocatorWeb
266 					.getDataDictionaryService();
267 		}
268 		return dataDictionaryService;
269 	}
270 }