Package org.kuali.rice.kim.document.rule

Class IdentityManagementRoleDocumentRule

java.lang.Object
org.kuali.rice.krad.rules.DocumentRuleBase
org.kuali.rice.kns.rules.DocumentRuleBase
org.kuali.rice.kns.rules.TransactionalDocumentRuleBase
org.kuali.rice.kim.document.rule.IdentityManagementRoleDocumentRule
All Implemented Interfaces:
AddResponsibilityRule, AddDelegationMemberRule, AddDelegationRule, AddMemberRule, AddPermissionRule, AddAdHocRoutePersonRule, AddAdHocRouteWorkgroupRule, AddCollectionLineRule, AddNoteRule, ApproveDocumentRule, BusinessRule, CompleteDocumentRule, RouteDocumentRule, SaveDocumentRule, SendAdHocRequestsRule
public class IdentityManagementRoleDocumentRule extends TransactionalDocumentRuleBase implements AddPermissionRule, AddResponsibilityRule, AddMemberRule, AddDelegationRule, AddDelegationMemberRule
Author:
Kuali Rice Team (rice.collab@kuali.org)

  • Field Details

  • Constructor Details

    • IdentityManagementRoleDocumentRule

      public IdentityManagementRoleDocumentRule()

  • Method Details

    • getIdentityService

      protected org.kuali.rice.kim.api.identity.IdentityService getIdentityService()

    • processCustomSaveDocumentBusinessRules

      protected boolean processCustomSaveDocumentBusinessRules(Document document)
      Overrides:
      processCustomSaveDocumentBusinessRules in class DocumentRuleBase

    • validRoleNamespace

      protected boolean validRoleNamespace(IdentityManagementRoleDocument roleDoc)
      Ensures the IdentityManagementRoleDocument role namespace is not null or an empty string.
      Parameters:
      roleDoc - the IdentityManagementRoleDocument to validate.
      Returns:
      TRUE if the role namespace is not null or an empty string, FALSE otherwise.

    • validRoleName

      protected boolean validRoleName(IdentityManagementRoleDocument roleDoc)
      ensures the
      invalid reference 
      IdentitymangaementRoleDocument
      role name is not null or an empty string
      Parameters:
      roleDoc - the IdentityManagementRoleDocument to validate.
      Returns:
      TRUE if the role name is not null or an empty string, FALSE otherwise.

    • canUserAssignRoleMembers

      protected boolean canUserAssignRoleMembers(IdentityManagementRoleDocument document)

    • validRoleMemberPrincipalIDs

      protected boolean validRoleMemberPrincipalIDs(List<KimDocumentRoleMember> roleMembers)

    • validDuplicateRoleName

      protected boolean validDuplicateRoleName(IdentityManagementRoleDocument roleDoc)

    • validRoleMemberActiveDates

      protected boolean validRoleMemberActiveDates(List<KimDocumentRoleMember> roleMembers)

    • validDelegationMemberActiveDates

      protected boolean validDelegationMemberActiveDates(List<RoleDocumentDelegationMember> delegationMembers)

    • validPermissions

      protected boolean validPermissions(IdentityManagementRoleDocument document)

    • validResponsibilities

      protected boolean validResponsibilities(IdentityManagementRoleDocument document)

    • validRoleResponsibilitiesActions

      protected boolean validRoleResponsibilitiesActions(List<KimDocumentRoleResponsibility> roleResponsibilities)

    • validRoleMembersResponsibilityActions

      protected boolean validRoleMembersResponsibilityActions(List<KimDocumentRoleMember> roleMembers)

    • validateRoleResponsibilityAction

      protected boolean validateRoleResponsibilityAction(String errorPath, KimDocumentRoleResponsibilityAction roleRspAction)

    • validateRoleQualifier

      protected boolean validateRoleQualifier(List<KimDocumentRoleMember> roleMembers, org.kuali.rice.kim.api.type.KimType kimType)

    • figureOutUniqueQualificationSet

      protected Set<String> figureOutUniqueQualificationSet(List<KimDocumentRoleMember> memberships, List<org.kuali.rice.kim.api.type.KimAttributeField> attributeDefinitions)
      Finds the names of the unique qualification attributes which this role should be checking against
      Parameters:
      memberships - the memberships (we take the qualification from the first)
      attributeDefinitions - information about the attributeDefinitions
      Returns:
      a Set of unique attribute ids (with their indices, for error reporting)

    • validateUniquePersonRoleQualifiersUniqueForRoleMembership

      protected boolean validateUniquePersonRoleQualifiersUniqueForRoleMembership(KimDocumentRoleMember membershipToCheck, int membershipToCheckIndex, List<KimDocumentRoleMember> memberships, Set<String> uniqueQualifierIds, List<RemotableAttributeError> validationErrors)
      Checks all the qualifiers for the given membership, so that all qualifiers which should be unique are guaranteed to be unique
      Parameters:
      membershipToCheck - the membership to check
      membershipToCheckIndex - the index of the person's membership in the role (for error reporting purposes)
      validationErrors - Mapinvalid input: '<'String, String> of errors to report
      Returns:
      true if all unique values are indeed unique, false otherwise

    • sameMembership

      protected boolean sameMembership(KimDocumentRoleMember membershipA, KimDocumentRoleMember membershipB)
      Determines if two memberships represent the same member being added: that is, the two memberships have the same type code and id
      Parameters:
      membershipA - the first membership to check
      membershipB - the second membership to check
      Returns:
      true if the two memberships represent the same member; false if they do not, or if it could not be profitably determined if the members were the same

    • sameUniqueMembershipQualifications

      protected boolean sameUniqueMembershipQualifications(KimDocumentRoleMember membershipA, KimDocumentRoleMember membershipB, Set<String> uniqueAttributeIds)
      Given two memberships which represent the same member, do they share qualifications?
      Parameters:
      membershipA - the first membership to check
      membershipB - the second membership to check
      uniqueAttributeIds - the Set of attribute definition ids which should be unique
      Returns:

    • getRoleMemberForDelegation

      protected KimDocumentRoleMember getRoleMemberForDelegation(List<KimDocumentRoleMember> roleMembers, RoleDocumentDelegationMember delegationMember, List<KimDocumentRoleMember> modifiedRoleMembers)

    • validateDelegationMemberRoleQualifier

      protected boolean validateDelegationMemberRoleQualifier(List<KimDocumentRoleMember> modifiedRoleMembers, List<RoleDocumentDelegationMember> delegationMembers, org.kuali.rice.kim.api.type.KimType kimType, List<KimDocumentRoleMember> nonModifiedRoleMembers)

    • figureOutUniqueQualificationSetForDelegation

      protected Set<String> figureOutUniqueQualificationSetForDelegation(List<RoleDocumentDelegationMember> memberships, List<org.kuali.rice.kim.api.type.KimAttributeField> attributeDefinitions)
      Finds the names of the unique qualification attributes which this role should be checking against
      Parameters:
      memberships - the memberships (we take the qualification from the first)
      attributeDefinitions - information about the attributeDefinitions
      Returns:
      a Set of unique attribute ids (with their indices, for error reporting)

    • validateUniquePersonRoleQualifiersUniqueForRoleDelegation

      protected boolean validateUniquePersonRoleQualifiersUniqueForRoleDelegation(RoleDocumentDelegationMember delegationMembershipToCheck, int membershipToCheckIndex, List<RoleDocumentDelegationMember> delegationMemberships, Set<String> uniqueQualifierIds, List<RemotableAttributeError> validationErrors)
      Checks all the qualifiers for the given membership, so that all qualifiers which should be unique are guaranteed to be unique
      Parameters:
      delegationMembershipToCheck - the membership to check
      membershipToCheckIndex - the index of the person's membership in the role (for error reporting purposes)
      validationErrors - Mapinvalid input: '<'String, String> of errors to report
      Returns:
      true if all unique values are indeed unique, false otherwise

    • sameDelegationMembership

      protected boolean sameDelegationMembership(RoleDocumentDelegationMember membershipA, RoleDocumentDelegationMember membershipB)
      Determines if two memberships represent the same member being added: that is, the two memberships have the same type code and id
      Parameters:
      membershipA - the first membership to check
      membershipB - the second membership to check
      Returns:
      true if the two memberships represent the same member; false if they do not, or if it could not be profitably determined if the members were the same

    • sameUniqueDelegationMembershipQualifications

      protected boolean sameUniqueDelegationMembershipQualifications(RoleDocumentDelegationMember membershipA, RoleDocumentDelegationMember membershipB, Set<String> uniqueAttributeIds)
      Given two memberships which represent the same member, do they share qualifications?
      Parameters:
      membershipA - the first membership to check
      membershipB - the second membership to check
      uniqueAttributeIds - the Set of attribute definition ids which should be unique
      Returns:

    • validateActiveDate

      protected boolean validateActiveDate(String errorPath, Timestamp activeFromDate, Timestamp activeToDate)

    • checkForCircularRoleMembership

      protected boolean checkForCircularRoleMembership(AddMemberEvent addMemberEvent)
      This method checks to see if adding a role to role membership creates a circular reference.
      Parameters:
      addMemberEvent -
      Returns:
      true - ok to assign, no circular references false - do not make assignment, will create circular reference.

    • getAddResponsibilityRule

      public AddResponsibilityRule getAddResponsibilityRule()
      Returns:
      the addResponsibilityRule

    • getAddPermissionRule

      public AddPermissionRule getAddPermissionRule()
      Returns:
      the addPermissionRule

    • getAddMemberRule

      public AddMemberRule getAddMemberRule()
      Returns:
      the addMemberRule

    • getAddDelegationRule

      public AddDelegationRule getAddDelegationRule()
      Returns:
      the addDelegationRule

    • getAddDelegationMemberRule

      public AddDelegationMemberRule getAddDelegationMemberRule()
      Returns:
      the addDelegationMemberRule

    • processAddPermission

      public boolean processAddPermission(AddPermissionEvent addPermissionEvent)
      Specified by:
      processAddPermission in interface AddPermissionRule

    • hasPermissionToGrantPermission

      public boolean hasPermissionToGrantPermission(org.kuali.rice.kim.api.permission.Permission kimPermissionInfo, IdentityManagementRoleDocument document)
      Specified by:
      hasPermissionToGrantPermission in interface AddPermissionRule

    • processAddResponsibility

      public boolean processAddResponsibility(AddResponsibilityEvent addResponsibilityEvent)
      Specified by:
      processAddResponsibility in interface AddResponsibilityRule

    • hasPermissionToGrantResponsibility

      public boolean hasPermissionToGrantResponsibility(org.kuali.rice.kim.api.responsibility.Responsibility kimResponsibilityInfo, IdentityManagementRoleDocument document)
      Specified by:
      hasPermissionToGrantResponsibility in interface AddResponsibilityRule

    • processAddMember

      public boolean processAddMember(AddMemberEvent addMemberEvent)
      Specified by:
      processAddMember in interface AddMemberRule

    • processAddDelegation

      public boolean processAddDelegation(AddDelegationEvent addDelegationEvent)
      Specified by:
      processAddDelegation in interface AddDelegationRule

    • processAddDelegationMember

      public boolean processAddDelegationMember(AddDelegationMemberEvent addDelegationMemberEvent)
      Specified by:
      processAddDelegationMember in interface AddDelegationMemberRule

    • getResponsibilityInternalService

      public ResponsibilityInternalService getResponsibilityInternalService()

    • getRoleTypeService

      protected org.kuali.rice.kim.framework.role.RoleTypeService getRoleTypeService(org.kuali.rice.kim.api.type.KimType typeInfo)

    • getVersionedRoleTypeService

      protected org.kuali.rice.kim.document.rule.IdentityManagementRoleDocumentRule.VersionedService<org.kuali.rice.kim.framework.role.RoleTypeService> getVersionedRoleTypeService(org.kuali.rice.kim.api.type.KimType typeInfo)