Package org.kuali.rice.krad.uif.view
Class ViewAuthorizerBase
java.lang.Object
org.kuali.rice.krad.bo.DataObjectAuthorizerBase
org.kuali.rice.krad.uif.view.ViewAuthorizerBase
- All Implemented Interfaces:
Serializable,DataObjectAuthorizer,ViewAuthorizer
- Direct Known Subclasses:
DocumentViewAuthorizerBase,InquiryViewAuthorizerBase,LookupViewAuthorizerBase
Implementation of
ViewAuthorizer that verifies authorization with KIM permission checks
Each permission goes through one of the isAuthorized methods provided by
DataObjectAuthorizer, these in turn call DataObjectAuthorizerBase.addPermissionDetails(Object, java.util.Map)
and DataObjectAuthorizerBase.addRoleQualification(Object, java.util.Map) for building the permission and role maps to send with
the permission check. Subclasses can override these methods to add additional attributes
- Author:
- Kuali Rice Team (rice.collab@kuali.org)
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleanbooleanbooleancanEditLine(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Person user) booleancanEditLineField(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Field field, String propertyName, Person user) booleancanEditView(View view, ViewModel model, Person user) Checks for an edit view permission for the view id, and if found verifies the user has that permissionbooleanbooleancanOpenView(View view, ViewModel model, Person user) Checks for an open view permission for the view id, and if found verifies the user has that permissionbooleancanPartialUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user) Checks whether the partial mask authorization exists for the given property and if so whether the given user has the ability to unmask the valuebooleancanPerformAction(View view, ViewModel model, Action action, String actionEvent, String actionId, Person user) booleancanPerformLineAction(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Action action, String actionEvent, String actionId, Person user) booleanChecks whether the mask authorization exists for the given property and if so whether the given user has the ability to unmask the valuebooleanbooleanbooleancanViewLine(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Person user) booleancanViewLineField(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Field field, String propertyName, Person user) booleanReturns the set of action flags that are authorized for the given usergetActionPermissionDetails(View view, Object dataObject, Action action) Builds the permission details map for an action which includes the namespace, view id, and action id and eventprotected ConfigurationServiceprotected ObjectgetDataObjectContext(View view, ViewModel model) Retrieves the object from the model that is used as the context for permission checksReturns the set of edit modes that are authorized for the given usergetFieldPermissionDetails(View view, Object dataObject, Field field) Builds the permission details map for a field which includes the component namespace, component name, and field id, in addition to property name for data binding fieldsgetGroupPermissionDetails(View view, Object dataObject, Group group) Builds the permission details map for a group which includes the component namespace, component name, and group id, in addition to property name for collection groupsprotected RequestAuthorizationCachegetWidgetPermissionDetails(View view, Object dataObject, Widget widget) Builds the permission details map for a widget which includes the namespace, view id, and widget idprotected booleanisAuthorizedByTemplate(View view, Component component, ViewModel model, String permissionTemplateName, Person user, Map<String, String> additionalPermissionDetails, Map<String, String> additionalRoleQualifications, boolean checkPermissionExistence) Performs a permission check for the given template name in the context of the given view and componentvoidsetConfigurationService(ConfigurationService configurationService) voidsetRequestAuthorizationCache(RequestAuthorizationCache requestAuthorizationCache) Methods inherited from class org.kuali.rice.krad.bo.DataObjectAuthorizerBase
addPermissionDetails, addRoleQualification, getPermissionDetailValues, getPermissionService, getPersonService, getRoleQualification, isAuthorized, isAuthorized, isAuthorizedByTemplate, isAuthorizedByTemplate, permissionExistsByTemplate, permissionExistsByTemplate, permissionExistsByTemplate
-
Constructor Details
-
ViewAuthorizerBase
public ViewAuthorizerBase()
-
-
Method Details
-
getActionFlags
Description copied from interface:ViewAuthorizerReturns the set of action flags that are authorized for the given userAction flags are created for views to indicate some action or feature should be enabled. These flags can be used within expressions for configuring the view content. For example: invalid input: '<'bean parent="Action" p:methodToCall="save" p:actionLabel="save" p:render="@{#actionFlags[#Constants.KUALI_ACTION_CAN_SAVE]}"/>
For each action flag, KIM is consulted to determine if a permission exist for the template associated with the action flag. If so, a check is then made to determine if the user has that permission. If the permission fails for the user, the action flag is removed from the returned set.
The Set of available action flags should first be exported by the
ViewPresentationController.getActionFlags(View, org.kuali.rice.krad.web.form.UifFormBase)method. The set returned from this method will be passed as the method argument here by the framework.- Specified by:
getActionFlagsin interfaceViewAuthorizer- Parameters:
view- - view instance the action flags apply tomodel- - object containing the view datauser- - user we are authorizing the actions foractions- - set of action flags to authorize- Returns:
- Set<String> set of action flags that have been authorized, this will be equal to or a subset of the actions passed in
- See Also:
-
getEditModes
Description copied from interface:ViewAuthorizerReturns the set of edit modes that are authorized for the given userAn edit mode is a string that identifies a set of editable fields within the view. These are generally used when the entire view is not editable, but only certain fields. A field can be associated with an edit mode in two ways. The first is by using the edit mode in an expression when setting the field readOnly property. For example: <property name="readOnly" value="@{!#editModes['specialEdit'] and !fullEdit}" /> The second way is with the
ViewPresentationController.canEditField(View, ViewModel, org.kuali.rice.krad.uif.field.Field, String)method which can look at the edit modes map on the view to determine if the given field should be editable.For each edit mode, KIM is consulted to determine if a permission exist for the 'Use View' template and the edit mode detail. If so, a check is then made to determine if the user has that permission. If the permission fails for the user, the edit mode is removed from the returned set.
The Set of available edit modes should first be exported by the
ViewPresentationController.getEditModes(View, org.kuali.rice.krad.web.form.UifFormBase)method. The set returned from this method will be passed as the method argument here by the framework.- Specified by:
getEditModesin interfaceViewAuthorizer- Parameters:
view- - view instance the edit modes apply tomodel- - object containing the view datauser- - user we are authorizing the actions foreditModes- - set of edit modes to authorize- Returns:
- Set<String> set of edit modes that have been authorized, this will be equal to or a subset of the edit mode set passed in
- See Also:
-
canOpenView
Checks for an open view permission for the view id, and if found verifies the user has that permission- Specified by:
canOpenViewin interfaceViewAuthorizer- Parameters:
view- - view instance to check authorization formodel- - object containing the view datauser- - user to authorize- Returns:
- boolean true if the user is authorized to open the view, false otherwise
- See Also:
-
canEditView
Checks for an edit view permission for the view id, and if found verifies the user has that permission- Specified by:
canEditViewin interfaceViewAuthorizer- Parameters:
view- - view instance to check authorization formodel- - object containing the view datauser- - user to authorize- Returns:
- boolean true if the user is authorized to edit the view, false otherwise
- See Also:
-
canUnmaskField
public boolean canUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user) Description copied from interface:ViewAuthorizerChecks whether the mask authorization exists for the given property and if so whether the given user has the ability to unmask the value- Specified by:
canUnmaskFieldin interfaceViewAuthorizer- Parameters:
view- - view instance the field belongs tomodel- - object containing the view datafield- - field associated for the property and from which theComponentSecuritywill be retrievedpropertyName- - name of the property associated with the fielduser- - user we are authorizing- Returns:
- boolean true if the value can be unmasked, false if it should be masked
- See Also:
-
canPartialUnmaskField
public boolean canPartialUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user) Description copied from interface:ViewAuthorizerChecks whether the partial mask authorization exists for the given property and if so whether the given user has the ability to unmask the value- Specified by:
canPartialUnmaskFieldin interfaceViewAuthorizer- Parameters:
view- - view instance the field belongs tomodel- - object containing the view datafield- - field associated for the property and from which theComponentSecuritywill be retrievedpropertyName- - name of the property associated with the fielduser- - user we are authorizing- Returns:
- boolean true if the value can be unmasked, false if it should be partially masked
- See Also:
-
canEditField
public boolean canEditField(View view, ViewModel model, Field field, String propertyName, Person user) - Specified by:
canEditFieldin interfaceViewAuthorizer- See Also:
-
canViewField
public boolean canViewField(View view, ViewModel model, Field field, String propertyName, Person user) - Specified by:
canViewFieldin interfaceViewAuthorizer- See Also:
-
canEditGroup
- Specified by:
canEditGroupin interfaceViewAuthorizer- See Also:
-
canViewGroup
- Specified by:
canViewGroupin interfaceViewAuthorizer- See Also:
-
canEditWidget
public boolean canEditWidget(View view, ViewModel model, Widget widget, String widgetId, Person user) - Specified by:
canEditWidgetin interfaceViewAuthorizer- See Also:
-
canViewWidget
public boolean canViewWidget(View view, ViewModel model, Widget widget, String widgetId, Person user) - Specified by:
canViewWidgetin interfaceViewAuthorizer- See Also:
-
canPerformAction
public boolean canPerformAction(View view, ViewModel model, Action action, String actionEvent, String actionId, Person user) - Specified by:
canPerformActionin interfaceViewAuthorizer- See Also:
-
canEditLine
public boolean canEditLine(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Person user) - Specified by:
canEditLinein interfaceViewAuthorizer
-
canViewLine
public boolean canViewLine(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Person user) - Specified by:
canViewLinein interfaceViewAuthorizer
-
canEditLineField
public boolean canEditLineField(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Field field, String propertyName, Person user) - Specified by:
canEditLineFieldin interfaceViewAuthorizer
-
canViewLineField
public boolean canViewLineField(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Field field, String propertyName, Person user) - Specified by:
canViewLineFieldin interfaceViewAuthorizer
-
canPerformLineAction
public boolean canPerformLineAction(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Action action, String actionEvent, String actionId, Person user) - Specified by:
canPerformLineActionin interfaceViewAuthorizer
-
getDataObjectContext
Retrieves the object from the model that is used as the context for permission checksUsed to derive namespace and component details. Subclasses can override to return the object to be used
- Parameters:
view- view instance the permission checks are being done formodel- model object containing the data and from which the data object should be pulled- Returns:
- data object instance to use
-
getFieldPermissionDetails
Builds the permission details map for a field which includes the component namespace, component name, and field id, in addition to property name for data binding fields- Parameters:
view- view instance the field belongs todataObject- default object from the data model (used for subclasses to build details)field- field instance the details are being built for- Returns:
- permission details for the field
-
getGroupPermissionDetails
Builds the permission details map for a group which includes the component namespace, component name, and group id, in addition to property name for collection groups- Parameters:
view- view instance the group belongs todataObject- default object from the data model (used for subclasses to build details)group- group instance the details are being built for- Returns:
- permission details for the group
-
getWidgetPermissionDetails
protected Map<String,String> getWidgetPermissionDetails(View view, Object dataObject, Widget widget) Builds the permission details map for a widget which includes the namespace, view id, and widget id- Parameters:
view- view instance the widget belongs todataObject- default object from the data model (used for subclasses to build details)widget- group instance the details are being built for- Returns:
- permission details for group
-
getActionPermissionDetails
protected Map<String,String> getActionPermissionDetails(View view, Object dataObject, Action action) Builds the permission details map for an action which includes the namespace, view id, and action id and event- Parameters:
view- view instance the widget belongs todataObject- default object from the data model (used for subclasses to build details)action- action instance the details are being built for- Returns:
- permission details for action
-
isAuthorizedByTemplate
protected boolean isAuthorizedByTemplate(View view, Component component, ViewModel model, String permissionTemplateName, Person user, Map<String, String> additionalPermissionDetails, Map<String, String> additionalRoleQualifications, boolean checkPermissionExistence) Performs a permission check for the given template name in the context of the given view and componentFirst standard permission details are added based on the type of component the permission check is being done for. Then the
ComponentSecurityof the given component is used to pick up additional permission details and role qualifiers.- Parameters:
view- view instance the component belongs tocomponent- component instance the permission check is being done formodel- object containing the views datapermissionTemplateName- template name for the permission to checkuser- user to perform the authorization foradditionalPermissionDetails- additional key/value pairs to pass with the permission detailsadditionalRoleQualifications- additional key/value paris to pass with the role qualifierscheckPermissionExistence- boolean indicating whether the existence of the permission should be checked before performing the authorization- Returns:
- whether or not the user has authorization; this will be the case if the user has been granted the permission or checkPermissionExistence is true and the permission does not exist
-
getConfigurationService
-
setConfigurationService
-
getRequestAuthorizationCache
-
setRequestAuthorizationCache
- Specified by:
setRequestAuthorizationCachein interfaceViewAuthorizer
-