Source code

001/**
002 * Copyright 2005-2016 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.krad.kim;
017
018import org.apache.commons.lang.StringUtils;
019import org.kuali.rice.kim.api.KimConstants;
020import org.kuali.rice.kim.api.permission.Permission;
021import org.kuali.rice.kim.impl.permission.PermissionBo;
022
023import java.util.ArrayList;
024import java.util.List;
025import java.util.Map;
026
027/**
028 * @author Kuali Rice Team (rice.collab@kuali.org)
029 *
030 * The order of precedence for this permission type service is as follows:
031 *
032 * 1 - Group Name
033 * 2 - Kim Type Name
034 * 3 - Group Namespace
035 *
036 * If there is a permission that is an exact match for any of these, less granular permissions will not be considered.
037 *
038 * For example, if there is a populate group permission for KFS-VND groups, a populate group permission for KFS* groups
039 * will not be considered.   Likewise, if there is a populate group permission for the group ContractManagers (which has
040 * group namespace of KFS-VND), both the populate group permisson for KFS-VND and KFS* will NOT be considered.
041 *
042 *  ALSO NOTE - At a minimum, a group namespace attribute must be specifed on any populate group permission, even if
043 *              it is only a partial namespace.
044 */
045public class PopulateGroupPermissionTypeServiceImpl extends NamespaceWildcardAllowedAndOrStringExactMatchPermissionTypeServiceImpl {
046
047    @Override
048    protected List<Permission> performPermissionMatches(Map<String, String> requestedDetails, List<Permission> permissionsList) {
049        String requestedGroupName = requestedDetails.get(KimConstants.AttributeConstants.GROUP_NAME);
050        String requestedKimTypeName = requestedDetails.get(KimConstants.AttributeConstants.KIM_TYPE_NAME);
051        String requestedNamespaceCode = requestedDetails.get(KimConstants.AttributeConstants.NAMESPACE_CODE);
052
053        List<Permission> exactMatchingPermissions = new ArrayList<Permission>();
054        List<Permission> nonKimTypeMatchingPermissions = new ArrayList<Permission>();
055
056        for (Permission kpi : permissionsList ) {
057            PermissionBo bo = PermissionBo.from(kpi);
058            String groupName = bo.getDetails().get(KimConstants.AttributeConstants.GROUP_NAME);
059            if (StringUtils.equals(requestedGroupName, groupName)) {
060                exactMatchingPermissions.add(kpi);
061            }
062        }
063
064        if  (exactMatchingPermissions.isEmpty()) {
065            for (Permission kpi : permissionsList ) {
066                PermissionBo bo = PermissionBo.from(kpi);
067                String kimTypeName = bo.getDetails().get(KimConstants.AttributeConstants.KIM_TYPE_NAME);
068                String namespaceCode = bo.getDetails().get(KimConstants.AttributeConstants.NAMESPACE_CODE);
069                if (StringUtils.equals(requestedKimTypeName, kimTypeName) && StringUtils.isNotBlank(namespaceCode) && StringUtils.isNotBlank(requestedNamespaceCode) &&
070                    requestedNamespaceCode.matches(namespaceCode.replaceAll("\\*", ".*"))) {
071                        exactMatchingPermissions.add(kpi);
072                } else if (StringUtils.isEmpty(kimTypeName)) {
073                    nonKimTypeMatchingPermissions.add(kpi);
074                }
075            }
076        }
077
078        if  (exactMatchingPermissions.isEmpty()) {
079            for (Permission kpi : permissionsList ) {
080                PermissionBo bo = PermissionBo.from(kpi);
081                String namespaceCode = bo.getDetails().get(KimConstants.AttributeConstants.NAMESPACE_CODE);
082                if (StringUtils.equals(requestedNamespaceCode, namespaceCode)) {
083                    exactMatchingPermissions.add(kpi);
084                }
085            }
086        }
087
088        if  (!exactMatchingPermissions.isEmpty()) {
089            return super.performPermissionMatches(requestedDetails, exactMatchingPermissions);
090        } else {
091            return super.performPermissionMatches(requestedDetails, nonKimTypeMatchingPermissions);
092        }
093    }
094}