Source code

001/**
002 * Copyright 2005-2016 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.krad.uif.view;
017
018import org.kuali.rice.kim.api.identity.Person;
019import org.kuali.rice.krad.uif.container.CollectionGroup;
020import org.kuali.rice.krad.uif.container.Group;
021import org.kuali.rice.krad.uif.field.ActionField;
022import org.kuali.rice.krad.uif.field.DataField;
023import org.kuali.rice.krad.uif.field.Field;
024import org.kuali.rice.krad.uif.field.InputField;
025import org.kuali.rice.krad.uif.widget.Widget;
026import org.kuali.rice.krad.web.form.UifFormBase;
027
028import java.util.Set;
029
030/**
031 * Performs user based authorization for actions and components contained in a {@link View}
032 *
033 * <p>
034 * Note only user authorization is done by the authorizer class. For non-user based logic, use the
035 * {@link ViewPresentationController}
036 * </p>
037 *
038 * @author Kuali Rice Team (rice.collab@kuali.org)
039 */
040public interface ViewAuthorizer {
041
042    /**
043     * Returns the set of action flags that are authorized for the given user
044     *
045     * <p>
046     * Action flags are created for views to indicate some action or feature should be enabled. These flags can be
047     * used within expressions for configuring the view content.
048     *
049     * For example:
050     * <bean parent="ActionField" p:methodToCall="save" p:actionLabel="save"
051     * p:render="@{#actionFlags[#Constants.KUALI_ACTION_CAN_SAVE]}"/>
052     * </p>
053     *
054     * <p>
055     * For each action flag, KIM is consulted to determine if a permission exist for the template associated with
056     * the action flag. If so, a check is then made to determine if the user has that permission. If the permission
057     * fails for the user, the action flag is removed from the returned set.
058     * </p>
059     *
060     * <p>
061     * The Set of available action flags should first be exported by the
062     * {@link ViewPresentationController#getActionFlags(View, org.kuali.rice.krad.web.form.UifFormBase)} method. The
063     * set returned from this method will be passed as the method argument here by the framework.
064     * </p>
065     *
066     * @param view - view instance the action flags apply to
067     * @param model - object containing the view data
068     * @param user - user we are authorizing the actions for
069     * @param actions - set of action flags to authorize
070     * @return Set<String> set of action flags that have been authorized, this will be equal to or a subset of the
071     *         actions passed in
072     */
073    public Set<String> getActionFlags(View view, ViewModel model, Person user, Set<String> actions);
074
075    /**
076     * Returns the set of edit modes that are authorized for the given user
077     *
078     * <p>
079     * An edit mode is a string that identifies a set of editable fields within the view. These are generally used
080     * when the entire view is not editable, but only certain fields. A field can be associated with an edit mode in
081     * two ways. The first is by using the edit mode in an expression when setting the field readOnly property.
082     *
083     * For example:
084     * <property name="readOnly" value="@{!#editModes['specialEdit'] and !fullEdit}" />
085     *
086     * The second way is with the
087     * {@link ViewPresentationController#canEditField(View, ViewModel, org.kuali.rice.krad.uif.field.Field, String)}
088     * method which can look at the edit modes map on the view to determine if the given field should be editable.
089     * </p>
090     *
091     * <p>
092     * For each edit mode, KIM is consulted to determine if a permission exist for the 'Use View' template and
093     * the edit mode detail. If so, a check is then made to determine if the user has that permission. If the
094     * permission
095     * fails for the user, the edit mode is removed from the returned set.
096     * </p>
097     *
098     * <p>
099     * The Set of available edit modes should first be exported by the
100     * {@link ViewPresentationController#getEditModes(View, org.kuali.rice.krad.web.form.UifFormBase)} method. The
101     * set returned from this method will be passed as the method argument here by the framework.
102     * </p>
103     *
104     * @param view - view instance the edit modes apply to
105     * @param model - object containing the view data
106     * @param user - user we are authorizing the actions for
107     * @param editModes - set of edit modes to authorize
108     * @return Set<String> set of edit modes that have been authorized, this will be equal to or a subset of the
109     *         edit mode set passed in
110     */
111    public Set<String> getEditModes(View view, ViewModel model, Person user, Set<String> editModes);
112
113    /**
114     * Determines if the given user is authorized to open the given view
115     *
116     * @param view - view instance to check authorization for
117     * @param model - object containing the view data
118     * @param user - user to authorize
119     * @return boolean true if the user is authorized to open the view, false otherwise
120     */
121    public boolean canOpenView(View view, ViewModel model, Person user);
122
123    /**
124     * Determines if the given user is authorized to edit the given view
125     *
126     * @param view - view instance to check authorization for
127     * @param model - object containing the view data
128     * @param user - user to authorize
129     * @return boolean true if the user is authorized to edit the view, false otherwise
130     */
131    public boolean canEditView(View view, ViewModel model, Person user);
132
133    /**
134     * Checks whether the mask authorization exists for the given property and if so whether the given user has the
135     * ability to unmask the value
136     *
137     * @param view - view instance the field belongs to
138     * @param model - object containing the view data
139     * @param field - field associated for the property and from which the
140     * {@link org.kuali.rice.krad.uif.component.ComponentSecurity} will be retrieved
141     * @param propertyName - name of the property associated with the field
142     * @param user - user we are authorizing
143     * @return boolean true if the value can be unmasked, false if it should be masked
144     */
145    public boolean canUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user);
146
147    /**
148     * Checks whether the partial mask authorization exists for the given property and if so whether the given user
149     * has the ability to unmask the value
150     *
151     * @param view - view instance the field belongs to
152     * @param model - object containing the view data
153     * @param field - field associated for the property and from which the
154     * {@link org.kuali.rice.krad.uif.component.ComponentSecurity} will be retrieved
155     * @param propertyName - name of the property associated with the field
156     * @param user - user we are authorizing
157     * @return boolean true if the value can be unmasked, false if it should be partially masked
158     */
159    public boolean canPartialUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user);
160
161    public boolean canEditField(View view, ViewModel model, Field field, String propertyName, Person user);
162
163    public boolean canViewField(View view, ViewModel model, Field field, String propertyName, Person user);
164
165    public boolean canEditGroup(View view, ViewModel model, Group group, String groupId, Person user);
166
167    public boolean canViewGroup(View view, ViewModel model, Group group, String groupId, Person user);
168
169    public boolean canEditWidget(View view, ViewModel model, Widget widget, String widgetId, Person user);
170
171    public boolean canViewWidget(View view, ViewModel model, Widget widget, String widgetId, Person user);
172
173    public boolean canPerformAction(View view, ViewModel model, ActionField actionField, String actionEvent,
174            String actionId, Person user);
175
176    public boolean canEditLine(View view, ViewModel model, CollectionGroup collectionGroup,
177            String collectionPropertyName, Object line, Person user);
178
179    public boolean canViewLine(View view, ViewModel model, CollectionGroup collectionGroup,
180            String collectionPropertyName, Object line, Person user);
181
182    public boolean canEditLineField(View view, ViewModel model, CollectionGroup collectionGroup,
183            String collectionPropertyName, Object line, Field field, String propertyName, Person user);
184
185    public boolean canViewLineField(View view, ViewModel model, CollectionGroup collectionGroup,
186            String collectionPropertyName, Object line, Field field, String propertyName, Person user);
187
188    public boolean canPerformLineAction(View view, ViewModel model, CollectionGroup collectionGroup,
189            String collectionPropertyName, Object line, ActionField actionField, String actionEvent, String actionId,
190            Person user);
191
192}