View Javadoc

1   /**
2    * Copyright 2005-2013 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.krad.document;
17  
18  import org.apache.commons.lang.StringUtils;
19  import org.apache.commons.logging.Log;
20  import org.apache.commons.logging.LogFactory;
21  import org.kuali.rice.kew.api.WorkflowDocument;
22  import org.kuali.rice.kim.api.KimConstants;
23  import org.kuali.rice.kim.api.identity.Person;
24  import org.kuali.rice.krad.UserSessionUtils;
25  import org.kuali.rice.krad.data.DataObjectUtils;
26  import org.kuali.rice.krad.datadictionary.AttributeSecurity;
27  import org.kuali.rice.krad.service.KRADServiceLocatorWeb;
28  import org.kuali.rice.krad.uif.field.DataField;
29  import org.kuali.rice.krad.uif.util.ObjectPropertyUtils;
30  import org.kuali.rice.krad.uif.view.View;
31  import org.kuali.rice.krad.uif.view.ViewAuthorizerBase;
32  import org.kuali.rice.krad.uif.view.ViewModel;
33  import org.kuali.rice.krad.util.GlobalVariables;
34  import org.kuali.rice.krad.util.KRADConstants;
35  import org.kuali.rice.krad.web.form.DocumentFormBase;
36  
37  import java.util.Map;
38  import java.util.Set;
39  
40  /**
41   * Implementation of {@link org.kuali.rice.krad.uif.view.ViewAuthorizer} for
42   * {@link org.kuali.rice.krad.uif.view.DocumentView} instances
43   *
44   * <p>
45   * Performs KIM permission checks for the various document actions such as save, approve, cancel
46   * </p>
47   *
48   * <p>
49   * By default delegates to the {@link DocumentAuthorizer} configured for the document in the data dictionary
50   * </p>
51   *
52   * @author Kuali Rice Team (rice.collab@kuali.org)
53   */
54  public class DocumentViewAuthorizerBase extends ViewAuthorizerBase implements DocumentAuthorizer {
55      private static final long serialVersionUID = 3800780934223224565L;
56  
57      protected static Log LOG = LogFactory.getLog(DocumentViewAuthorizerBase.class);
58  
59      public static final String PRE_ROUTING_ROUTE_NAME = "PreRoute";
60  
61      private DocumentAuthorizer documentAuthorizer;
62  
63      /**
64       * @see org.kuali.rice.krad.uif.view.ViewAuthorizer#getActionFlags(org.kuali.rice.krad.uif.view.View,
65       *      org.kuali.rice.krad.uif.view.ViewModel, org.kuali.rice.kim.api.identity.Person,
66       *      java.util.Set<java.lang.String>)
67       */
68      @Override
69      public Set<String> getActionFlags(View view, ViewModel model, Person user, Set<String> actions) {
70          Document document = ((DocumentFormBase) model).getDocument();
71  
72          if (LOG.isDebugEnabled()) {
73              LOG.debug("calling DocumentAuthorizerBase.getDocumentActionFlags for document '"
74                      + document.getDocumentNumber()
75                      + "'. user '"
76                      + user.getPrincipalName()
77                      + "'");
78          }
79  
80          if (actions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT) && !canEdit(document, user)) {
81              actions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT);
82          }
83  
84          if (actions.contains(KRADConstants.KUALI_ACTION_CAN_COPY) && !canCopy(document, user)) {
85              actions.remove(KRADConstants.KUALI_ACTION_CAN_COPY);
86          }
87  
88          if (actions.contains(KRADConstants.KUALI_ACTION_CAN_CLOSE) && !canClose(document, user)) {
89              actions.remove(KRADConstants.KUALI_ACTION_CAN_CLOSE);
90          }
91  
92          if (actions.contains(KRADConstants.KUALI_ACTION_CAN_RELOAD) && !canReload(document, user)) {
93              actions.remove(KRADConstants.KUALI_ACTION_CAN_RELOAD);
94          }
95  
96          if (actions.contains(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE) && !canBlanketApprove(document, user)) {
97              actions.remove(KRADConstants.KUALI_ACTION_CAN_BLANKET_APPROVE);
98          }
99  
100         if (actions.contains(KRADConstants.KUALI_ACTION_CAN_CANCEL) && !canCancel(document, user)) {
101             actions.remove(KRADConstants.KUALI_ACTION_CAN_CANCEL);
102         }
103 
104         if (actions.contains(KRADConstants.KUALI_ACTION_CAN_RECALL) && !canRecall(document, user)) {
105             actions.remove(KRADConstants.KUALI_ACTION_CAN_RECALL);
106         }
107 
108         if (actions.contains(KRADConstants.KUALI_ACTION_CAN_SAVE) && !canSave(document, user)) {
109             actions.remove(KRADConstants.KUALI_ACTION_CAN_SAVE);
110         }
111 
112         if (actions.contains(KRADConstants.KUALI_ACTION_CAN_ROUTE) && !canRoute(document, user)) {
113             actions.remove(KRADConstants.KUALI_ACTION_CAN_ROUTE);
114         }
115 
116         if (actions.contains(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE) && !canAcknowledge(document, user)) {
117             actions.remove(KRADConstants.KUALI_ACTION_CAN_ACKNOWLEDGE);
118         }
119 
120         if (actions.contains(KRADConstants.KUALI_ACTION_CAN_FYI) && !canFyi(document, user)) {
121             actions.remove(KRADConstants.KUALI_ACTION_CAN_FYI);
122         }
123 
124         if (actions.contains(KRADConstants.KUALI_ACTION_CAN_APPROVE) && !canApprove(document, user)) {
125             actions.remove(KRADConstants.KUALI_ACTION_CAN_APPROVE);
126         }
127 
128         if (actions.contains(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE) && !canDisapprove(document, user)) {
129             actions.remove(KRADConstants.KUALI_ACTION_CAN_DISAPPROVE);
130         }
131 
132         if (!canSendAnyTypeAdHocRequests(document, user)) {
133             actions.remove(KRADConstants.KUALI_ACTION_CAN_ADD_ADHOC_REQUESTS);
134             actions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_ADHOC_REQUESTS);
135             actions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
136         }
137 
138         if (actions.contains(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI) && !canSendNoteFyi(document, user)) {
139             actions.remove(KRADConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
140         }
141 
142         if (actions.contains(KRADConstants.KUALI_ACTION_CAN_ANNOTATE) && !canAnnotate(document, user)) {
143             actions.remove(KRADConstants.KUALI_ACTION_CAN_ANNOTATE);
144         }
145 
146         if (actions.contains(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW) && !canEditDocumentOverview(
147                 document, user)) {
148             actions.remove(KRADConstants.KUALI_ACTION_CAN_EDIT_DOCUMENT_OVERVIEW);
149         }
150 
151         if (actions.contains(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT) && !canPerformRouteReport(document,
152                 user)) {
153             actions.remove(KRADConstants.KUALI_ACTION_PERFORM_ROUTE_REPORT);
154         }
155 
156         return actions;
157     }
158 
159     public final boolean canInitiate(String documentTypeName, Person user) {
160         return getDocumentAuthorizer().canInitiate(documentTypeName, user);
161     }
162 
163     public final boolean canOpen(Document document, Person user) {
164         return getDocumentAuthorizer().canOpen(document, user);
165     }
166 
167     @Override
168     public boolean canOpenView(View view, ViewModel model, Person user) {
169         DocumentFormBase documentForm = (DocumentFormBase) model;
170 
171         return super.canOpenView(view, model, user) && canOpen(documentForm.getDocument(), user);
172     }
173 
174     public boolean canEdit(Document document, Person user) {
175         return getDocumentAuthorizer().canEdit(document, user);
176     }
177 
178     @Override
179     public boolean canEditView(View view, ViewModel model, Person user) {
180         DocumentFormBase documentForm = (DocumentFormBase) model;
181 
182         return super.canEditView(view, model, user) && canEdit(documentForm.getDocument(), user);
183     }
184 
185     /**
186      * @see org.kuali.rice.krad.uif.view.ViewAuthorizer#canUnmaskField(org.kuali.rice.krad.uif.view.View, org.kuali.rice.krad.uif.view.ViewModel,
187      * org.kuali.rice.krad.uif.field.DataField, java.lang.String, org.kuali.rice.kim.api.identity.Person)
188      */
189     public boolean canUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user) {
190         if (field.getDataFieldSecurity() == null) {
191             return true;
192         }
193 
194         // check mask authz flag is set
195         AttributeSecurity attributeSecurity = field.getDataFieldSecurity().getAttributeSecurity();
196         if (attributeSecurity == null || !attributeSecurity.isMask()) {
197             return true;
198         }
199 
200         // don't mask empty fields when user is the initiator (allows document creation when masked field exists)
201         String fieldValue = ObjectPropertyUtils.getPropertyValue(model, field.getBindingInfo().getBindingPath());
202         if (StringUtils.isBlank(fieldValue) && isInitiator(model, user)) {
203             return true;
204         }
205 
206         return super.canUnmaskField(view, model, field, propertyName, user);
207     }
208 
209     /**
210      * Checks if the user is the initiator for the current document
211      *
212      * @param model object containing the view data
213      * @param user user we are authorizing
214      * @return true if user is the initiator, false otherwise
215      */
216     protected boolean isInitiator(ViewModel model, Person user) {
217             WorkflowDocument workflowDocument = UserSessionUtils.getWorkflowDocument(GlobalVariables.getUserSession(),
218                     ((DocumentFormBase) model).getDocument().getDocumentNumber());
219             return StringUtils.equals(user.getPrincipalId(), workflowDocument.getInitiatorPrincipalId());
220     }
221 
222 
223     public boolean canAnnotate(Document document, Person user) {
224         return getDocumentAuthorizer().canAnnotate(document, user);
225     }
226 
227     public boolean canReload(Document document, Person user) {
228         return getDocumentAuthorizer().canReload(document, user);
229     }
230 
231     public boolean canClose(Document document, Person user) {
232         return getDocumentAuthorizer().canClose(document, user);
233     }
234 
235     public boolean canSave(Document document, Person user) {
236         return getDocumentAuthorizer().canSave(document, user);
237     }
238 
239     public boolean canRoute(Document document, Person user) {
240         return getDocumentAuthorizer().canRoute(document, user);
241     }
242 
243     public boolean canCancel(Document document, Person user) {
244         return getDocumentAuthorizer().canCancel(document, user);
245     }
246 
247     public boolean canRecall(Document document, Person user) {
248         return getDocumentAuthorizer().canRecall(document, user);
249     }
250 
251     public boolean canCopy(Document document, Person user) {
252         return getDocumentAuthorizer().canCopy(document, user);
253     }
254 
255     public boolean canPerformRouteReport(Document document, Person user) {
256         return getDocumentAuthorizer().canPerformRouteReport(document, user);
257     }
258 
259     public boolean canBlanketApprove(Document document, Person user) {
260         return getDocumentAuthorizer().canBlanketApprove(document, user);
261     }
262 
263     public boolean canApprove(Document document, Person user) {
264         return getDocumentAuthorizer().canApprove(document, user);
265     }
266 
267     public boolean canDisapprove(Document document, Person user) {
268         return getDocumentAuthorizer().canDisapprove(document, user);
269     }
270 
271     public boolean canSendNoteFyi(Document document, Person user) {
272         return getDocumentAuthorizer().canSendNoteFyi(document, user);
273     }
274 
275     public boolean canFyi(Document document, Person user) {
276         return getDocumentAuthorizer().canFyi(document, user);
277     }
278 
279     public boolean canAcknowledge(Document document, Person user) {
280         return getDocumentAuthorizer().canAcknowledge(document, user);
281     }
282 
283     public final boolean canReceiveAdHoc(Document document, Person user, String actionRequestCode) {
284         return getDocumentAuthorizer().canReceiveAdHoc(document, user, actionRequestCode);
285     }
286 
287     public final boolean canAddNoteAttachment(Document document, String attachmentTypeCode, Person user) {
288         return getDocumentAuthorizer().canAddNoteAttachment(document, attachmentTypeCode, user);
289     }
290 
291     public final boolean canDeleteNoteAttachment(Document document, String attachmentTypeCode,
292             String authorUniversalIdentifier, Person user) {
293         return getDocumentAuthorizer().canDeleteNoteAttachment(document, attachmentTypeCode, authorUniversalIdentifier,
294                 user);
295     }
296 
297     public final boolean canViewNoteAttachment(Document document, String attachmentTypeCode,
298             String authorUniversalIdentifier, Person user) {
299         return getDocumentAuthorizer().canViewNoteAttachment(document, attachmentTypeCode, authorUniversalIdentifier,
300                 user);
301     }
302 
303     public final boolean canSendAdHocRequests(Document document, String actionRequestCd, Person user) {
304         return getDocumentAuthorizer().canSendAdHocRequests(document, actionRequestCd, user);
305     }
306 
307     public boolean canEditDocumentOverview(Document document, Person user) {
308         return getDocumentAuthorizer().canEditDocumentOverview(document, user);
309     }
310 
311     public boolean canSendAnyTypeAdHocRequests(Document document, Person user) {
312         return getDocumentAuthorizer().canSendAnyTypeAdHocRequests(document, user);
313     }
314 
315     public boolean canTakeRequestedAction(Document document, String actionRequestCode, Person user) {
316         return getDocumentAuthorizer().canTakeRequestedAction(document, actionRequestCode, user);
317     }
318 
319     @Override
320     protected void addPermissionDetails(Object dataObject, Map<String, String> attributes) {
321         super.addPermissionDetails(dataObject, attributes);
322 
323         if (dataObject instanceof Document) {
324             addStandardAttributes((Document) dataObject, attributes);
325         }
326     }
327 
328     @Override
329     protected void addRoleQualification(Object dataObject, Map<String, String> attributes) {
330         super.addRoleQualification(dataObject, attributes);
331 
332         if (dataObject instanceof Document) {
333             addStandardAttributes((Document) dataObject, attributes);
334         }
335     }
336 
337     protected void addStandardAttributes(Document document, Map<String, String> attributes) {
338         WorkflowDocument wd = document.getDocumentHeader().getWorkflowDocument();
339         attributes.put(KimConstants.AttributeConstants.DOCUMENT_NUMBER, document.getDocumentNumber());
340         attributes.put(KimConstants.AttributeConstants.DOCUMENT_TYPE_NAME, wd.getDocumentTypeName());
341 
342         if (wd.isInitiated() || wd.isSaved()) {
343             attributes.put(KimConstants.AttributeConstants.ROUTE_NODE_NAME, PRE_ROUTING_ROUTE_NAME);
344         } else {
345             attributes.put(KimConstants.AttributeConstants.ROUTE_NODE_NAME,
346                     KRADServiceLocatorWeb.getWorkflowDocumentService().getCurrentRouteNodeNames(wd));
347         }
348 
349         attributes.put(KimConstants.AttributeConstants.ROUTE_STATUS_CODE, wd.getStatus().getCode());
350     }
351 
352     protected boolean isDocumentInitiator(Document document, Person user) {
353         WorkflowDocument workflowDocument = document.getDocumentHeader().getWorkflowDocument();
354 
355         return workflowDocument.getInitiatorPrincipalId().equalsIgnoreCase(user.getPrincipalId());
356     }
357 
358     public DocumentAuthorizer getDocumentAuthorizer() {
359         return documentAuthorizer;
360     }
361 
362     public void setDocumentAuthorizer(DocumentAuthorizer documentAuthorizer) {
363         this.documentAuthorizer = documentAuthorizer;
364     }
365 
366     public void setDocumentAuthorizerClass(Class<? extends DocumentAuthorizer> documentAuthorizerClass) {
367         this.documentAuthorizer = DataObjectUtils.newInstance(documentAuthorizerClass);
368     }
369 }