Source code

001/**
002 * Copyright 2005-2014 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.kim.rules.ui;
017
018import org.apache.commons.lang.StringUtils;
019import org.kuali.rice.core.api.util.RiceKeyConstants;
020import org.kuali.rice.kim.api.KimConstants;
021import org.kuali.rice.kim.api.permission.Permission;
022import org.kuali.rice.kim.bo.ui.KimDocumentRolePermission;
023import org.kuali.rice.kim.document.IdentityManagementRoleDocument;
024import org.kuali.rice.kim.rule.event.ui.AddPermissionEvent;
025import org.kuali.rice.kim.rule.ui.AddPermissionRule;
026import org.kuali.rice.kns.rules.DocumentRuleBase;
027import org.kuali.rice.krad.util.GlobalVariables;
028
029import java.util.HashMap;
030import java.util.Map;
031
032/**
033 * This is a description of what this class does - shyu don't forget to fill this in. 
034 * 
035 * @author Kuali Rice Team (rice.collab@kuali.org)
036 *
037 */
038public class KimDocumentPermissionRule extends DocumentRuleBase implements AddPermissionRule {
039
040        public static final String ERROR_PATH = "document.permission.permissionId";
041        
042        public boolean processAddPermission(AddPermissionEvent addPermissionEvent) {
043                KimDocumentRolePermission newPermission = addPermissionEvent.getPermission();
044                if(newPermission==null || StringUtils.isEmpty(newPermission.getPermissionId())){
045                        GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, new String[] {"Permission"});
046                        return false;
047                }
048
049                Permission kimPermissionInfo = newPermission.getPermission();
050                if(kimPermissionInfo==null){
051                        GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, new String[] {"Permission"});
052                        return false;
053                }
054            boolean rulePassed = true;
055                IdentityManagementRoleDocument document = (IdentityManagementRoleDocument)addPermissionEvent.getDocument();
056                if(!hasPermissionToGrantPermission(kimPermissionInfo, document)){
057                GlobalVariables.getMessageMap().putError(KimDocumentPermissionRule.ERROR_PATH, RiceKeyConstants.ERROR_ASSIGN_PERMISSION, 
058                                new String[] {kimPermissionInfo.getNamespaceCode(), kimPermissionInfo.getTemplate().getName()});
059                return false;
060                }
061
062                if (newPermission == null || StringUtils.isBlank(newPermission.getPermissionId())) {
063            rulePassed = false;
064            GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, new String[] {"Permission"});
065        } else {
066                    int i = 0;
067                for (KimDocumentRolePermission permission: document.getPermissions()) {
068                        if (permission.getPermissionId().equals(newPermission.getPermissionId())) {
069                            rulePassed = false;
070                            GlobalVariables.getMessageMap().putError("document.permissions["+i+"].permissionId", RiceKeyConstants.ERROR_DUPLICATE_ENTRY, new String[] {"Permission"});
071                        }
072                        i++;
073                    }
074        }
075                return rulePassed;
076        } 
077
078        public boolean hasPermissionToGrantPermission(Permission kimPermissionInfo , IdentityManagementRoleDocument document){
079                Map<String,String> permissionDetails = new HashMap<String,String>();
080                permissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, kimPermissionInfo.getNamespaceCode());
081                permissionDetails.put(KimConstants.AttributeConstants.PERMISSION_NAME, kimPermissionInfo.getTemplate().getName());
082                if (!getDocumentDictionaryService().getDocumentAuthorizer(document).isAuthorizedByTemplate(
083                                document, 
084                                KimConstants.NAMESPACE_CODE, 
085                                KimConstants.PermissionTemplateNames.GRANT_PERMISSION,
086                                GlobalVariables.getUserSession().getPerson().getPrincipalId(), 
087                                permissionDetails, null)) {
088                return false;
089                }
090                return true;
091        }
092        
093}