Source code

001/**
002 * Copyright 2005-2016 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.krad.bo;
017
018import org.kuali.rice.kim.api.KimConstants;
019import org.kuali.rice.kim.api.identity.PersonService;
020import org.kuali.rice.kim.api.permission.PermissionService;
021import org.kuali.rice.kim.api.services.KimApiServiceLocator;
022import org.kuali.rice.krad.util.KRADUtils;
023
024import java.io.Serializable;
025import java.util.HashMap;
026import java.util.Map;
027
028/**
029 * @author Kuali Rice Team (rice.collab@kuali.org)
030 */
031public class DataObjectAuthorizerBase implements DataObjectAuthorizer, Serializable {
032    private static final long serialVersionUID = 3987953326458974964L;
033
034    /**
035     * @see DataObjectAuthorizer#isAuthorized(java.lang.Object, java.lang.String, java.lang.String, java.lang.String)
036     */
037    public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,
038            String principalId) {
039        return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName,
040                new HashMap<String, String>(getRoleQualification(dataObject, principalId)));
041    }
042
043    /**
044     * @see DataObjectAuthorizer#isAuthorizedByTemplate(java.lang.Object, java.lang.String, java.lang.String,
045     * java.lang.String)
046     */
047    public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
048            String principalId) {
049        return getPermissionService().isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName,
050                new HashMap<String, String>(getPermissionDetailValues(dataObject)), new HashMap<String, String>(
051                (getRoleQualification(dataObject, principalId))));
052    }
053
054    /**
055     * @see DataObjectAuthorizer#isAuthorized(java.lang.Object, java.lang.String, java.lang.String, java.lang.String)
056     */
057    public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName,
058            String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
059            Map<String, String> collectionOrFieldLevelRoleQualification) {
060        Map<String, String> roleQualifiers;
061        Map<String, String> permissionDetails;
062        if (collectionOrFieldLevelRoleQualification != null) {
063            roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
064            roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
065        } else {
066            roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
067        }
068
069        if (collectionOrFieldLevelPermissionDetails != null) {
070            permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
071            permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
072        } else {
073            permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
074        }
075
076        return getPermissionService().isAuthorized(principalId, namespaceCode, permissionName, roleQualifiers);
077    }
078
079    /**
080     * @see DataObjectAuthorizer#isAuthorizedByTemplate(java.lang.Object, java.lang.String, java.lang.String,
081     * java.lang.String)
082     */
083    public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
084            String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails,
085            Map<String, String> collectionOrFieldLevelRoleQualification) {
086        Map<String, String> roleQualifiers = new HashMap<String, String>(getRoleQualification(dataObject, principalId));
087        Map<String, String> permissionDetails = new HashMap<String, String>(getPermissionDetailValues(dataObject));
088
089        if (collectionOrFieldLevelRoleQualification != null) {
090            roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
091        }
092
093        if (collectionOrFieldLevelPermissionDetails != null) {
094            permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
095        }
096
097        return getPermissionService().isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName,
098                permissionDetails, roleQualifiers);
099    }
100
101    /**
102     * Override this method to populate the role qualifier attributes from the
103     * primary data object or document. This will only be called once per
104     * request.
105     *
106     * @param primaryDataObjectOrDocument - the primary data object (i.e. the main object instance
107     * behind the lookup result row or inquiry) or the document
108     * @param attributes - role qualifiers will be added to this map
109     */
110    protected void addRoleQualification(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
111        addStandardAttributes(primaryDataObjectOrDocument, attributes);
112    }
113
114    /**
115     * Override this method to populate the permission details from the primary
116     * data object or document. This will only be called once per request.
117     *
118     * @param primaryDataObjectOrDocument - the primary data object (i.e. the main object instance
119     * behind the lookup result row or inquiry) or the document
120     * @param attributes - permission details will be added to this map
121     */
122    protected void addPermissionDetails(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
123        addStandardAttributes(primaryDataObjectOrDocument, attributes);
124    }
125
126    /**
127     * @param primaryDataObjectOrDocument - the primary data object (i.e. the main object instance
128     * behind the lookup result row or inquiry) or the document
129     * @param attributes - attributes (i.e. role qualifications or permission details)
130     * will be added to this map
131     */
132    private void addStandardAttributes(Object primaryDataObjectOrDocument, Map<String, String> attributes) {
133        attributes.putAll(KRADUtils.getNamespaceAndComponentSimpleName(primaryDataObjectOrDocument.getClass()));
134    }
135
136    protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
137            String permissionTemplateName) {
138        return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
139                new HashMap<String, String>(getPermissionDetailValues(dataObject)));
140    }
141
142    protected final boolean permissionExistsByTemplate(String namespaceCode, String permissionTemplateName,
143            Map<String, String> permissionDetails) {
144        return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
145                new HashMap<String, String>(permissionDetails));
146    }
147
148    protected final boolean permissionExistsByTemplate(Object dataObject, String namespaceCode,
149            String permissionTemplateName, Map<String, String> permissionDetails) {
150        Map<String, String> combinedPermissionDetails = new HashMap<String, String>(getPermissionDetailValues(
151                dataObject));
152        combinedPermissionDetails.putAll(permissionDetails);
153
154        return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
155                combinedPermissionDetails);
156    }
157
158    /**
159     * Returns a role qualification map based off data from the primary business
160     * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
161     *
162     * @param primaryDataObjectOrDocument the primary data object (i.e. the main object instance behind
163     * the lookup result row or inquiry) or the document
164     * @return a Map containing role qualifications
165     */
166    protected final Map<String, String> getRoleQualification(Object primaryDataObjectOrDocument, String principalId) {
167        Map<String, String> roleQualification = new HashMap<String, String>();
168        addRoleQualification(primaryDataObjectOrDocument, roleQualification);
169        roleQualification.put(KimConstants.AttributeConstants.PRINCIPAL_ID, principalId);
170
171        return roleQualification;
172    }
173
174    /**
175     * Returns a permission details map based off data from the primary business
176     * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
177     *
178     * @param primaryDataObjectOrDocument the primary data object (i.e. the main object instance behind
179     * the lookup result row or inquiry) or the document
180     * @return a Map containing permission details
181     */
182    protected final Map<String, String> getPermissionDetailValues(Object primaryDataObjectOrDocument) {
183        Map<String, String> permissionDetails = new HashMap<String, String>();
184        addPermissionDetails(primaryDataObjectOrDocument, permissionDetails);
185
186        return permissionDetails;
187    }
188
189    protected static PermissionService getPermissionService() {
190        return KimApiServiceLocator.getPermissionService();
191    }
192
193    protected static PersonService getPersonService() {
194        return KimApiServiceLocator.getPersonService();
195    }
196}