001/** 002 * Copyright 2005-2017 The Kuali Foundation 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.kuali.rice.kew.doctype.service.impl; 017 018import org.kuali.rice.kew.api.action.ActionType; 019import org.kuali.rice.kew.api.doctype.DocumentType; 020import org.kuali.rice.kew.api.document.Document; 021import org.kuali.rice.kew.framework.document.security.AuthorizableAction; 022import org.kuali.rice.kew.framework.document.security.Authorization; 023import org.kuali.rice.kew.framework.document.security.DocumentTypeAuthorizer; 024import org.kuali.rice.kew.routeheader.DocumentRouteHeaderValue; 025 026import java.util.Collection; 027import java.util.Map; 028 029/** 030 * Default DocumentTypeAuthorizer implementation which performs KIM checks for authorizable actions. 031 * @since 2.1.3 032 */ 033public class KimDocumentTypeAuthorizer extends DocumentActionsPermissionBase implements DocumentTypeAuthorizer { 034 private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(KimDocumentTypeAuthorizer.class); 035 036 @Override 037 public Authorization isActionAuthorized(AuthorizableAction action, String principalId, DocumentType documentType, Document document, Map<ActionArgument, Object> actionParameters) { 038 org.kuali.rice.kew.doctype.bo.DocumentType documentTypeBo = org.kuali.rice.kew.doctype.bo.DocumentType.from(documentType); 039 boolean success = false; 040 switch (action.type) { 041 case INITIATION: 042 success = canInitiate(principalId, documentTypeBo); 043 break; 044 case SU_APPROVE_ACTION_REQUEST: 045 success = canSuperUserApproveSingleActionRequest(principalId, documentTypeBo, (Collection<String>) actionParameters.get(ActionArgument.ROUTENODE_NAMES), (String) actionParameters.get(ActionArgument.DOCSTATUS)); 046 break; 047 case ACTION: 048 switch (action.actionType) { 049 case BLANKET_APPROVE: 050 success = canBlanketApprove(principalId, DocumentRouteHeaderValue.from(document)); 051 break; 052 case SU_APPROVE: 053 success = canSuperUserApproveDocument(principalId, documentTypeBo, (Collection<String>) actionParameters.get(ActionArgument.ROUTENODE_NAMES), (String) actionParameters.get(ActionArgument.DOCSTATUS)); 054 break; 055 case SU_DISAPPROVE: 056 success = canSuperUserDisapproveDocument(principalId, documentTypeBo, (Collection<String>) actionParameters.get(ActionArgument.ROUTENODE_NAMES), (String) actionParameters.get(ActionArgument.DOCSTATUS)); 057 break; 058 case CANCEL: 059 success = canCancel(principalId, DocumentRouteHeaderValue.from(document)); 060 break; 061 case RECALL: 062 success = canRecall(principalId, DocumentRouteHeaderValue.from(document)); 063 break; 064 case ROUTE : 065 success = canRoute(principalId, DocumentRouteHeaderValue.from(document)); 066 break; 067 case SAVE: 068 success = canSave(principalId, DocumentRouteHeaderValue.from(document)); 069 break; 070 default: 071 throw new RuntimeException("Unknown document action check"); 072 } 073 break; 074 default: 075 throw new RuntimeException("Unknown authorization check"); 076 } 077 return new Authorization(success); 078 } 079}