001/** 002 * Copyright 2005-2016 The Kuali Foundation 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.kuali.rice.kim.document.authorization; 017 018import org.kuali.rice.kim.api.KimConstants; 019import org.kuali.rice.kim.api.identity.Person; 020import org.kuali.rice.kim.bo.ui.PersonDocumentGroup; 021import org.kuali.rice.kim.bo.ui.PersonDocumentRole; 022import org.kuali.rice.kim.document.IdentityManagementPersonDocument; 023import org.kuali.rice.kns.document.authorization.TransactionalDocumentAuthorizerBase; 024import org.kuali.rice.krad.document.Document; 025 026import java.util.HashMap; 027import java.util.HashSet; 028import java.util.Map; 029import java.util.Set; 030 031/** 032 * This is a description of what this class does - shyu don't forget to fill this in. 033 * 034 * @author Kuali Rice Team (rice.collab@kuali.org) 035 * 036 */ 037public class IdentityManagementKimDocumentAuthorizer extends TransactionalDocumentAuthorizerBase { 038 039 public Map<String,Set<String>> getUnpopulateableGroups(Document document, Person user) { 040 Map<String,Set<String>> unpopulateableGroups = new HashMap<String,Set<String>>(); 041 for (PersonDocumentGroup personDocumentGroup : ((IdentityManagementPersonDocument)document).getGroups()) { 042 Map<String,String> collectionOrFieldLevelPermissionDetails = new HashMap<String,String>(); 043 collectionOrFieldLevelPermissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, personDocumentGroup.getNamespaceCode()); 044 collectionOrFieldLevelPermissionDetails.put(KimConstants.AttributeConstants.GROUP_NAME, personDocumentGroup.getGroupName()); 045 if (!isAuthorizedByTemplate(document, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.POPULATE_GROUP, user.getPrincipalId(), collectionOrFieldLevelPermissionDetails, null)) { 046 if (!unpopulateableGroups.containsKey(personDocumentGroup.getNamespaceCode())) { 047 unpopulateableGroups.put(personDocumentGroup.getNamespaceCode(), new HashSet<String>()); 048 } 049 unpopulateableGroups.get(personDocumentGroup.getNamespaceCode()).add(personDocumentGroup.getGroupName()); 050 } 051 } 052 return unpopulateableGroups; 053 } 054 055 public Map<String,Set<String>> getUnassignableRoles(Document document, Person user) { 056 Map<String,Set<String>> unassignableRoles = new HashMap<String,Set<String>>(); 057 for (PersonDocumentRole personDocumentRole : ((IdentityManagementPersonDocument)document).getRoles()) { 058 Map<String,String> collectionOrFieldLevelPermissionDetails = new HashMap<String,String>(); 059 collectionOrFieldLevelPermissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, personDocumentRole.getNamespaceCode()); 060 collectionOrFieldLevelPermissionDetails.put(KimConstants.AttributeConstants.ROLE_NAME, personDocumentRole.getRoleName()); 061 if (!isAuthorizedByTemplate(document, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.ASSIGN_ROLE, user.getPrincipalId(), collectionOrFieldLevelPermissionDetails, null)) { 062 if (!unassignableRoles.containsKey(personDocumentRole.getNamespaceCode())) { 063 unassignableRoles.put(personDocumentRole.getNamespaceCode(), new HashSet<String>()); 064 } 065 unassignableRoles.get(personDocumentRole.getNamespaceCode()).add(personDocumentRole.getRoleName()); 066 } 067 } 068 return unassignableRoles; 069 } 070}