/krad/krad-web-framework/src/main/java/org/kuali/rice/krad/uif/authorization/AuthorizerBase.java

https://github.com/sbower/kuali-rice-1 · Java · 257 lines · 146 code · 32 blank · 79 comment · 18 complexity · 65025501f1f017ccc376f1cb990a5db5 MD5 · raw file 

    

  1. /*

    2. 

  2.  * Copyright 2011 The Kuali Foundation

    3. 

  3.  * 

    4. 

  4.  * Licensed under the Educational Community License, Version 1.0 (the

    5. 

  5.  * "License"); you may not use this file except in compliance with the License.

    6. 

  6.  * You may obtain a copy of the License at

    7. 

  7.  * 

    8. 

  8.  * http://www.opensource.org/licenses/ecl1.php

    9. 

  9.  * 

    10. 

  10.  * Unless required by applicable law or agreed to in writing, software

    11. 

  11.  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT

    12. 

  12.  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the

    13. 

  13.  * License for the specific language governing permissions and limitations under

    14. 

  14.  * the License.

    15. 

  15.  */

    16. 

  16. package org.kuali.rice.krad.uif.authorization;

    17. 

  17. 

    18. 

  18. import org.kuali.rice.kim.api.KimConstants;

    19. 

  19. import org.kuali.rice.kim.api.identity.Person;

    20. 

  20. import org.kuali.rice.kim.api.identity.PersonService;

    21. 

  21. import org.kuali.rice.kim.api.permission.PermissionService;

    22. 

  22. import org.kuali.rice.kim.api.services.KimApiServiceLocator;

    23. 

  23. import org.kuali.rice.krad.service.DataDictionaryService;

    24. 

  24. import org.kuali.rice.krad.service.KRADServiceLocatorWeb;

    25. 

  25. import org.kuali.rice.krad.service.KualiModuleService;

    26. 

  26. import org.kuali.rice.krad.util.GlobalVariables;

    27. 

  27. import org.kuali.rice.krad.util.KRADUtils;

    28. 

  28. import org.kuali.rice.krad.web.form.UifFormBase;

    29. 

  29. 

    30. 

  30. import java.util.HashMap;

    31. 

  31. import java.util.HashSet;

    32. 

  32. import java.util.Map;

    33. 

  33. import java.util.Set;

    34. 

  34. 

    35. 

  35. /**

    36. 

  36.  * @author Kuali Rice Team (rice.collab@kuali.org)

    37. 

  37.  */

    38. 

  38. public class AuthorizerBase implements Authorizer {

    39. 

  39. 

    40. 

  40.     private static PermissionService permissionService;

    41. 

  41.     private static PersonService personService;

    42. 

  42.     private static KualiModuleService kualiModuleService;

    43. 

  43.     private static DataDictionaryService dataDictionaryService;

    44. 

  44. 

    45. 

  45.     /**

    46. 

  46.      * @see org.kuali.rice.krad.uif.authorization.Authorizer#getActionFlags(org.kuali.rice.krad.web.form.UifFormBase,

    47. 

  47.      *      org.kuali.rice.kim.api.identity.Person, java.util.Set)

    48. 

  48.      */

    49. 

  49.     public Set<String> getActionFlags(UifFormBase model, Person user, Set<String> documentActions) {

    50. 

  50.         return documentActions;

    51. 

  51.     }

    52. 

  52. 

    53. 

  53.     /**

    54. 

  54.      * @see org.kuali.rice.krad.uif.authorization.Authorizer#getEditModes(org.kuali.rice.krad.web.form.UifFormBase,

    55. 

  55.      *      org.kuali.rice.kim.api.identity.Person, java.util.Set)

    56. 

  56.      */

    57. 

  57.     public Set<String> getEditModes(UifFormBase model, Person user, Set<String> editModes) {

    58. 

  58.         return editModes;

    59. 

  59.     }

    60. 

  60. 

    61. 

  61.     /**

    62. 

  62.      * @see org.kuali.rice.krad.uif.authorization.Authorizer#getSecurePotentiallyHiddenGroupIds()

    63. 

  63.      */

    64. 

  64.     public Set<String> getSecurePotentiallyHiddenGroupIds() {

    65. 

  65.         return new HashSet<String>();

    66. 

  66.     }

    67. 

  67. 

    68. 

  68.     /**

    69. 

  69.      * @see org.kuali.rice.krad.uif.authorization.Authorizer#getSecurePotentiallyReadOnlyGroupIds()

    70. 

  70.      */

    71. 

  71.     public Set<String> getSecurePotentiallyReadOnlyGroupIds() {

    72. 

  72.         return new HashSet<String>();

    73. 

  73.     }

    74. 

  74. 

    75. 

  75.     /**

    76. 

  76.      * Override this method to populate the role qualifier attributes from the

    77. 

  77.      * primary data object or document. This will only be called once per

    78. 

  78.      * request.

    79. 

  79.      * 

    80. 

  80.      * @param primaryDataObjectOrDocument

    81. 

  81.      *            - the primary data object (i.e. the main object instance

    82. 

  82.      *            behind the lookup result row or inquiry) or the document

    83. 

  83.      * @param attributes

    84. 

  84.      *            - role qualifiers will be added to this map

    85. 

  85.      */

    86. 

  86.     protected void addRoleQualification(Object primaryDataObjectOrDocument, Map<String, String> attributes) {

    87. 

  87.         addStandardAttributes(primaryDataObjectOrDocument, attributes);

    88. 

  88.     }

    89. 

  89. 

    90. 

  90.     /**

    91. 

  91.      * Override this method to populate the permission details from the primary

    92. 

  92.      * data object or document. This will only be called once per request.

    93. 

  93.      * 

    94. 

  94.      * @param primaryDataObjectOrDocument

    95. 

  95.      *            - the primary data object (i.e. the main object instance

    96. 

  96.      *            behind the lookup result row or inquiry) or the document

    97. 

  97.      * @param attributes

    98. 

  98.      *            - permission details will be added to this map

    99. 

  99.      */

    100. 

  100.     protected void addPermissionDetails(Object primaryDataObjectOrDocument, Map<String, String> attributes) {

    101. 

  101.         addStandardAttributes(primaryDataObjectOrDocument, attributes);

    102. 

  102.     }

    103. 

  103. 

    104. 

  104.     /**

    105. 

  105.      * @param primaryDataObjectOrDocument

    106. 

  106.      *            - the primary data object (i.e. the main object instance

    107. 

  107.      *            behind the lookup result row or inquiry) or the document

    108. 

  108.      * @param attributes

    109. 

  109.      *            - attributes (i.e. role qualifications or permission details)

    110. 

  110.      *            will be added to this map

    111. 

  111.      */

    112. 

  112.     private void addStandardAttributes(Object primaryDataObjectOrDocument, Map<String, String> attributes) {

    113. 

  113.         attributes.putAll(KRADUtils.getNamespaceAndComponentSimpleName(primaryDataObjectOrDocument.getClass()));

    114. 

  114.     }

    115. 

  115. 

    116. 

  116.     protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,

    117. 

  117.             String permissionTemplateName) {

    118. 

  118.         return getPermissionService().isPermissionDefinedByTemplateName(namespaceCode, permissionTemplateName,

    119. 

  119.                 new HashMap<String, String>(getPermissionDetailValues(dataObject)));

    120. 

  120.     }

    121. 

  121. 

    122. 

  122.     protected final boolean permissionExistsByTemplate(String namespaceCode, String permissionTemplateName,

    123. 

  123.             Map<String, String> permissionDetails) {

    124. 

  124.         return getPermissionService().isPermissionDefinedByTemplateName(namespaceCode, permissionTemplateName,

    125. 

  125.                 new HashMap<String, String>(permissionDetails));

    126. 

  126.     }

    127. 

  127. 

    128. 

  128.     protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,

    129. 

  129.             String permissionTemplateName, Map<String, String> permissionDetails) {

    130. 

  130.         Map<String, String> combinedPermissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));

    131. 

  131.         combinedPermissionDetails.putAll(permissionDetails);

    132. 

  132. 

    133. 

  133.         return getPermissionService().isPermissionDefinedByTemplateName(namespaceCode, permissionTemplateName,

    134. 

  134.                 combinedPermissionDetails);

    135. 

  135.     }

    136. 

  136. 

    137. 

  137.     public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName, String principalId) {

    138. 

  138.         return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName,

    139. 

  139.                 new HashMap<String, String>(getPermissionDetailValues(dataObject)),

    140. 

  140.                 new HashMap<String, String>(getRoleQualification(dataObject, principalId)));

    141. 

  141.     }

    142. 

  142. 

    143. 

  143.     public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,

    144. 

  144.             String principalId) {

    145. 

  145.         return getPermissionService().isAuthorizedByTemplateName(principalId, namespaceCode,

    146. 

  146.                 permissionTemplateName, new HashMap<String, String>(getPermissionDetailValues(dataObject)),

    147. 

  147.                 new HashMap<String, String>((getRoleQualification(dataObject, principalId))));

    148. 

  148.     }

    149. 

  149. 

    150. 

  150.     public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,

    151. 

  151.             String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,

    152. 

  152.             Map<String, String> collectionOrFieldLevelRoleQualification) {

    153. 

  153.         Map<String, String> roleQualifiers;

    154. 

  154.         Map<String, String> permissionDetails;

    155. 

  155.         if (collectionOrFieldLevelRoleQualification != null) {

    156. 

  156.             roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));

    157. 

  157.             roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);

    158. 

  158.         }

    159. 

  159.         else {

    160. 

  160.             roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));

    161. 

  161.         }

    162. 

  162.         if (collectionOrFieldLevelPermissionDetails != null) {

    163. 

  163.             permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));

    164. 

  164.             permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);

    165. 

  165.         }

    166. 

  166.         else {

    167. 

  167.             permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));

    168. 

  168.         }

    169. 

  169. 

    170. 

  170.         return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName,

    171. 

  171.                 permissionDetails, roleQualifiers);

    172. 

  172.     }

    173. 

  173. 

    174. 

  174.     public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,

    175. 

  175.             String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,

    176. 

  176.             Map<String, String> collectionOrFieldLevelRoleQualification) {

    177. 

  177.         Map<String, String> roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));

    178. 

  178.         Map<String, String> permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));

    179. 

  179. 

    180. 

  180.         if (collectionOrFieldLevelRoleQualification != null) {

    181. 

  181.             roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);

    182. 

  182.         }

    183. 

  183.         if (collectionOrFieldLevelPermissionDetails != null) {

    184. 

  184.             permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);

    185. 

  185.         }

    186. 

  186. 

    187. 

  187.         return getPermissionService().isAuthorizedByTemplateName(principalId, namespaceCode,

    188. 

  188.                 permissionTemplateName, permissionDetails, roleQualifiers);

    189. 

  189.     }

    190. 

  190. 

    191. 

  191.     /**

    192. 

  192.      * Returns a role qualification map based off data from the primary business

    193. 

  193.      * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD

    194. 

  194.      * 

    195. 

  195.      * @param primaryDataObjectOrDocument

    196. 

  196.      *            the primary data object (i.e. the main object instance behind

    197. 

  197.      *            the lookup result row or inquiry) or the document

    198. 

  198.      * @return a Map containing role qualifications

    199. 

  199.      */

    200. 

  200.     protected final Map<String, String> getRoleQualification(Object primaryDataObjectOrDocument) {

    201. 

  201.         return getRoleQualification(primaryDataObjectOrDocument, GlobalVariables.getUserSession().getPerson()

    202. 

  202.                 .getPrincipalId());

    203. 

  203.     }

    204. 

  204. 

    205. 

  205.     protected final Map<String, String> getRoleQualification(Object primaryDataObjectOrDocument, String principalId) {

    206. 

  206.         Map<String, String> roleQualification = new HashMap<String, String>();

    207. 

  207.         addRoleQualification(primaryDataObjectOrDocument, roleQualification);

    208. 

  208.         roleQualification.put(KimConstants.AttributeConstants.PRINCIPAL_ID, principalId);

    209. 

  209. 

    210. 

  210.         return roleQualification;

    211. 

  211.     }

    212. 

  212. 

    213. 

  213.     /**

    214. 

  214.      * Returns a permission details map based off data from the primary business

    215. 

  215.      * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD

    216. 

  216.      * 

    217. 

  217.      * @param primaryDataObjectOrDocument

    218. 

  218.      *            the primary data object (i.e. the main object instance behind

    219. 

  219.      *            the lookup result row or inquiry) or the document

    220. 

  220.      * @return a Map containing permission details

    221. 

  221.      */

    222. 

  222.     protected final Map<String, String> getPermissionDetailValues(Object primaryDataObjectOrDocument) {

    223. 

  223.         Map<String, String> permissionDetails = new HashMap<String, String>();

    224. 

  224.         addPermissionDetails(primaryDataObjectOrDocument, permissionDetails);

    225. 

  225. 

    226. 

  226.         return permissionDetails;

    227. 

  227.     }

    228. 

  228. 

    229. 

  229.     protected static final PermissionService getPermissionService() {

    230. 

  230.         if (permissionService == null) {

    231. 

  231.             permissionService = KimApiServiceLocator.getPermissionService();

    232. 

  232.         }

    233. 

  233.         return permissionService;

    234. 

  234.     }

    235. 

  235. 

    236. 

  236.     protected static final PersonService getPersonService() {

    237. 

  237.         if (personService == null) {

    238. 

  238.             personService = KimApiServiceLocator.getPersonService();

    239. 

  239.         }

    240. 

  240.         return personService;

    241. 

  241.     }

    242. 

  242. 

    243. 

  243.     protected static final KualiModuleService getKualiModuleService() {

    244. 

  244.         if (kualiModuleService == null) {

    245. 

  245.             kualiModuleService = KRADServiceLocatorWeb.getKualiModuleService();

    246. 

  246.         }

    247. 

  247.         return kualiModuleService;

    248. 

  248.     }

    249. 

  249. 

    250. 

  250.     protected static final DataDictionaryService getDataDictionaryService() {

    251. 

  251.         if (dataDictionaryService == null) {

    252. 

  252.             dataDictionaryService = KRADServiceLocatorWeb.getDataDictionaryService();

    253. 

  253.         }

    254. 

  254.         return dataDictionaryService;

    255. 

  255.     }

    256. 

  256. 

    257. 

  257. }
    258.