Source code

001/**
002 * Copyright 2005-2016 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.krad.kim;
017
018import org.apache.commons.lang.StringUtils;
019import org.kuali.rice.core.api.exception.RiceIllegalArgumentException;
020import org.kuali.rice.core.api.membership.MemberType;
021import org.kuali.rice.kim.api.role.RoleMembership;
022import org.kuali.rice.kim.api.services.KimApiServiceLocator;
023import org.kuali.rice.kim.api.common.assignee.Assignee;
024import org.kuali.rice.kim.api.permission.PermissionService;
025import org.kuali.rice.kns.kim.role.DerivedRoleTypeServiceBase;
026
027import java.util.ArrayList;
028import java.util.HashMap;
029import java.util.List;
030import java.util.Map;
031
032/**
033 * This is a description of what this class does - wliang don't forget to fill this in.
034 *
035 * @author Kuali Rice Team (rice.collab@kuali.org)
036 */
037public class PermissionDerivedRoleTypeServiceImpl extends DerivedRoleTypeServiceBase {
038
039
040        private static PermissionService permissionService;
041        private String permissionTemplateNamespace;
042        private String permissionTemplateName;
043        /**
044         * @return the permissionTemplateNamespace
045         */
046        public String getPermissionTemplateNamespace() {
047                return this.permissionTemplateNamespace;
048        }
049        /**
050         * @param permissionTemplateNamespace the permissionTemplateNamespace to set
051         */
052        public void setPermissionTemplateNamespace(String permissionTemplateNamespace) {
053                this.permissionTemplateNamespace = permissionTemplateNamespace;
054        }
055        /**
056         * @return the permissionTemplateName
057         */
058        public String getPermissionTemplateName() {
059                return this.permissionTemplateName;
060        }
061        /**
062         * @param permissionTemplateName the permissionTemplateName to set
063         */
064        public void setPermissionTemplateName(String permissionTemplateName) {
065                this.permissionTemplateName = permissionTemplateName;
066        }
067
068        protected List<Assignee> getPermissionAssignees(Map<String, String> qualification) {
069                return getPermissionService().getPermissionAssigneesByTemplate(permissionTemplateNamespace,
070                permissionTemplateName, new HashMap<String, String>(qualification), new HashMap<String, String>(
071                qualification));
072        }
073
074    @Override
075    public List<RoleMembership> getRoleMembersFromDerivedRole(String namespaceCode, String roleName, Map<String, String> qualification) {
076        if (StringUtils.isBlank(namespaceCode)) {
077            throw new RiceIllegalArgumentException("namespaceCode was null or blank");
078        }
079
080        if (roleName == null) {
081            throw new RiceIllegalArgumentException("roleName was null");
082        }
083        List<Assignee> permissionAssignees = getPermissionAssignees(qualification);
084        List<RoleMembership> members = new ArrayList<RoleMembership>();
085        for (Assignee permissionAssigneeInfo : permissionAssignees) {
086            if (StringUtils.isNotBlank(permissionAssigneeInfo.getPrincipalId())) {
087                members.add(RoleMembership.Builder.create(null/*roleId*/, null, permissionAssigneeInfo.getPrincipalId(), MemberType.PRINCIPAL, null).build());
088            } else if (StringUtils.isNotBlank(permissionAssigneeInfo.getGroupId())) {
089                members.add(RoleMembership.Builder.create(null/*roleId*/, null, permissionAssigneeInfo.getGroupId(), MemberType.GROUP, null).build());
090            }
091        }
092        return members;
093    }
094
095
096    @Override
097    public boolean hasDerivedRole(
098            String principalId, List<String> groupIds, String namespaceCode, String roleName, Map<String, String> qualification){
099        if (StringUtils.isBlank(principalId)) {
100            throw new RiceIllegalArgumentException("principalId was null or blank");
101        }
102
103        if (groupIds == null) {
104            throw new RiceIllegalArgumentException("groupIds was null or blank");
105        }
106
107        if (StringUtils.isBlank(namespaceCode)) {
108            throw new RiceIllegalArgumentException("namespaceCode was null or blank");
109        }
110
111        if (StringUtils.isBlank(roleName)) {
112            throw new RiceIllegalArgumentException("roleName was null or blank");
113        }
114
115        if (qualification == null) {
116            throw new RiceIllegalArgumentException("qualification was null");
117        }
118
119        // FIXME: dangerous - data changes could cause an infinite loop - should add thread-local to trap state and abort
120        return getPermissionService().isAuthorizedByTemplate(principalId, permissionTemplateNamespace,
121                permissionTemplateName, new HashMap<String, String>(qualification), new HashMap<String, String>(
122                qualification));
123    }
124
125    /**
126     * @return the documentService
127     */
128    protected PermissionService getPermissionService() {
129        if (permissionService == null) {
130            permissionService = KimApiServiceLocator.getPermissionService();
131        }
132        return permissionService;
133    }
134
135}