Package org.kuali.rice.krad.document
Class DocumentViewAuthorizerBase
java.lang.Object
org.kuali.rice.krad.bo.DataObjectAuthorizerBase
org.kuali.rice.krad.uif.view.ViewAuthorizerBase
org.kuali.rice.krad.document.DocumentViewAuthorizerBase
- All Implemented Interfaces:
Serializable,DataObjectAuthorizer,DocumentAuthorizer,ViewAuthorizer
- Direct Known Subclasses:
MaintenanceViewAuthorizerBase,TransactionalDocumentViewAuthorizerBase
Implementation of
ViewAuthorizer for
DocumentView instances
Performs KIM permission checks for the various document actions such as save, approve, cancel
By default delegates to the DocumentAuthorizer configured for the document in the data dictionary
- Author:
- Kuali Rice Team (rice.collab@kuali.org)
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected static org.apache.logging.log4j.Loggerstatic final String -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidaddPermissionDetails(Object dataObject, Map<String, String> attributes) Override this method to populate the permission details from the primary data object or document.protected voidaddRoleQualification(Object dataObject, Map<String, String> attributes) Override this method to populate the role qualifier attributes from the primary data object or document.protected voidaddStandardAttributes(Document document, Map<String, String> attributes) booleancanAcknowledge(Document document, Person user) final booleancanAddNoteAttachment(Document document, String attachmentTypeCode, Person user) booleancanAnnotate(Document document, Person user) booleancanApprove(Document document, Person user) booleancanBlanketApprove(Document document, Person user) booleanDetermines if the user has permission to cancel the documentbooleanbooleanDetermines if the user has permission to copy the documentfinal booleancanDeleteNoteAttachment(Document document, String attachmentTypeCode, String authorUniversalIdentifier, Person user) booleancanDisapprove(Document document, Person user) booleanDetermines if the document can be edited; if false is returned, then all fields are in a read only statebooleancanEditDocumentOverview(Document document, Person user) booleancanEditView(View view, ViewModel model, Person user) Checks for an edit view permission for the view id, and if found verifies the user has that permissionbooleanfinal booleancanInitiate(String documentTypeName, Person user) Checks if a user has the permissions to initiate a documentfinal booleanChecks if a user has the permissions to open a documentbooleancanOpenView(View view, ViewModel model, Person user) Checks for an open view permission for the view id, and if found verifies the user has that permissionbooleancanPerformRouteReport(Document document, Person user) booleanfinal booleancanReceiveAdHoc(Document document, Person user, String actionRequestCode) booleanbooleanDetermines if the user has permission to route the documentbooleanfinal booleancanSendAdHocRequests(Document document, String actionRequestCd, Person user) booleancanSendAnyTypeAdHocRequests(Document document, Person user) booleancanSendNoteFyi(Document document, Person user) booleancanSuperUserApprove(Document document, Person user) Determines if the user has permission to approve a document as a super user.booleancanSuperUserDisapprove(Document document, Person user) Determines if the user has permission to disapprove a document as a super user.booleancanSuperUserTakeAction(Document document, Person user) Determines if the user has permission to take a super user action.booleancanTakeRequestedAction(Document document, String actionRequestCode, Person user) booleanChecks whether the mask authorization exists for the given property and if so whether the given user has the ability to unmask the valuefinal booleancanViewNoteAttachment(Document document, String attachmentTypeCode, String authorUniversalIdentifier, Person user) Deprecated.final booleancanViewNoteAttachment(Document document, String attachmentTypeCode, Person user) Returns the set of action flags that are authorized for the given userprotected DocumentRequestAuthorizationCachegetDocumentRequestAuthorizationCache(Document document) voidinitializeDocumentAuthorizerIfNecessary(String documentTypeName) If the document authorizer is null, gets the authorizer from the document dictionary service for the given document type name.voidIf the document authorizer is null, gets the authorizer from the document dictionary service for the given document's class.protected booleanisDocumentInitiator(Document document, Person user) protected booleanisInitiator(ViewModel model, Person user) Checks if the user is the initiator for the current documentvoidsetDocumentAuthorizer(DocumentAuthorizer documentAuthorizer) voidsetDocumentAuthorizerClass(Class<? extends DocumentAuthorizer> documentAuthorizerClass) voidsetDocumentDictionaryService(DocumentDictionaryService documentDictionaryService) voidsetDocumentRequestAuthorizationCache(DocumentRequestAuthorizationCache documentRequestAuthorizationCache) voidsetRequestAuthorizationCache(RequestAuthorizationCache requestAuthorizationCache) Methods inherited from class org.kuali.rice.krad.uif.view.ViewAuthorizerBase
canEditField, canEditGroup, canEditLine, canEditLineField, canEditWidget, canPartialUnmaskField, canPerformAction, canPerformLineAction, canViewField, canViewGroup, canViewLine, canViewLineField, canViewWidget, getActionPermissionDetails, getConfigurationService, getDataObjectContext, getEditModes, getFieldPermissionDetails, getGroupPermissionDetails, getRequestAuthorizationCache, getWidgetPermissionDetails, isAuthorizedByTemplate, setConfigurationServiceMethods inherited from class org.kuali.rice.krad.bo.DataObjectAuthorizerBase
getPermissionDetailValues, getPermissionService, getPersonService, getRoleQualification, isAuthorized, isAuthorized, isAuthorizedByTemplate, isAuthorizedByTemplate, permissionExistsByTemplate, permissionExistsByTemplate, permissionExistsByTemplateMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.kuali.rice.krad.bo.DataObjectAuthorizer
isAuthorized, isAuthorized, isAuthorizedByTemplate, isAuthorizedByTemplate
-
Field Details
-
LOG
protected static org.apache.logging.log4j.Logger LOG -
PRE_ROUTING_ROUTE_NAME
- See Also:
-
-
Constructor Details
-
DocumentViewAuthorizerBase
public DocumentViewAuthorizerBase()
-
-
Method Details
-
getActionFlags
Returns the set of action flags that are authorized for the given userAction flags are created for views to indicate some action or feature should be enabled. These flags can be used within expressions for configuring the view content. For example: invalid input: '<'bean parent="Action" p:methodToCall="save" p:actionLabel="save" p:render="@{#actionFlags[#Constants.KUALI_ACTION_CAN_SAVE]}"/>
For each action flag, KIM is consulted to determine if a permission exist for the template associated with the action flag. If so, a check is then made to determine if the user has that permission. If the permission fails for the user, the action flag is removed from the returned set.
The Set of available action flags should first be exported by the
ViewPresentationController.getActionFlags(View, org.kuali.rice.krad.web.form.UifFormBase)method. The set returned from this method will be passed as the method argument here by the framework.- Specified by:
getActionFlagsin interfaceViewAuthorizer- Overrides:
getActionFlagsin classViewAuthorizerBase- Parameters:
view- - view instance the action flags apply tomodel- - object containing the view datauser- - user we are authorizing the actions foractions- - set of action flags to authorize- Returns:
- Set<String> set of action flags that have been authorized, this will be equal to or a subset of the actions passed in
- See Also:
-
canInitiate
Checks if a user has the permissions to initiate a document- Specified by:
canInitiatein interfaceDocumentAuthorizer- Parameters:
documentTypeName- document type nameuser- current user- Returns:
- boolean, true if the user has the permissions to initiate a document else false
-
canOpen
Checks if a user has the permissions to open a document- Specified by:
canOpenin interfaceDocumentAuthorizer- Parameters:
document- document to checkuser- current user- Returns:
- boolean, true if the user has the permissions to open a document else false
-
canOpenView
Checks for an open view permission for the view id, and if found verifies the user has that permission- Specified by:
canOpenViewin interfaceViewAuthorizer- Overrides:
canOpenViewin classViewAuthorizerBase- Parameters:
view- - view instance to check authorization formodel- - object containing the view datauser- - user to authorize- Returns:
- boolean true if the user is authorized to open the view, false otherwise
- See Also:
-
canEdit
Determines if the document can be edited; if false is returned, then all fields are in a read only state- Specified by:
canEditin interfaceDocumentAuthorizer- Parameters:
document- document to checkuser- current user- Returns:
- boolean, true if the user has the permissions to edit a document else false
-
canEditView
Checks for an edit view permission for the view id, and if found verifies the user has that permission- Specified by:
canEditViewin interfaceViewAuthorizer- Overrides:
canEditViewin classViewAuthorizerBase- Parameters:
view- - view instance to check authorization formodel- - object containing the view datauser- - user to authorize- Returns:
- boolean true if the user is authorized to edit the view, false otherwise
- See Also:
-
canUnmaskField
public boolean canUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user) Checks whether the mask authorization exists for the given property and if so whether the given user has the ability to unmask the value- Specified by:
canUnmaskFieldin interfaceViewAuthorizer- Overrides:
canUnmaskFieldin classViewAuthorizerBase- Parameters:
view- - view instance the field belongs tomodel- - object containing the view datafield- - field associated for the property and from which theComponentSecuritywill be retrievedpropertyName- - name of the property associated with the fielduser- - user we are authorizing- Returns:
- boolean true if the value can be unmasked, false if it should be masked
- See Also:
-
isInitiator
Checks if the user is the initiator for the current document- Parameters:
model- object containing the view datauser- user we are authorizing- Returns:
- true if user is the initiator, false otherwise
-
canAnnotate
- Specified by:
canAnnotatein interfaceDocumentAuthorizer
-
canReload
- Specified by:
canReloadin interfaceDocumentAuthorizer
-
canClose
- Specified by:
canClosein interfaceDocumentAuthorizer
-
canSave
- Specified by:
canSavein interfaceDocumentAuthorizer
-
canRoute
Determines if the user has permission to route the document- Specified by:
canRoutein interfaceDocumentAuthorizer- Parameters:
document- document to checkuser- current user- Returns:
- boolean, true if the user has permissions to route a document else false
-
canCancel
Determines if the user has permission to cancel the document- Specified by:
canCancelin interfaceDocumentAuthorizer- Parameters:
document- document to checkuser- current user- Returns:
- boolean, true if the user has permissions to cancel a document else false
-
canRecall
- Specified by:
canRecallin interfaceDocumentAuthorizer
-
canCopy
Determines if the user has permission to copy the document- Specified by:
canCopyin interfaceDocumentAuthorizer- Parameters:
document- document to checkuser- current user- Returns:
- boolean, true if the user has permissions to cancel a document else false
-
canPerformRouteReport
- Specified by:
canPerformRouteReportin interfaceDocumentAuthorizer
-
canBlanketApprove
- Specified by:
canBlanketApprovein interfaceDocumentAuthorizer
-
canApprove
- Specified by:
canApprovein interfaceDocumentAuthorizer
-
canDisapprove
- Specified by:
canDisapprovein interfaceDocumentAuthorizer
-
canSendNoteFyi
- Specified by:
canSendNoteFyiin interfaceDocumentAuthorizer
-
canFyi
- Specified by:
canFyiin interfaceDocumentAuthorizer
-
canAcknowledge
- Specified by:
canAcknowledgein interfaceDocumentAuthorizer
-
canReceiveAdHoc
- Specified by:
canReceiveAdHocin interfaceDocumentAuthorizer
-
canAddNoteAttachment
public final boolean canAddNoteAttachment(Document document, String attachmentTypeCode, Person user) - Specified by:
canAddNoteAttachmentin interfaceDocumentAuthorizer
-
canDeleteNoteAttachment
public final boolean canDeleteNoteAttachment(Document document, String attachmentTypeCode, String authorUniversalIdentifier, Person user) - Specified by:
canDeleteNoteAttachmentin interfaceDocumentAuthorizer
-
canViewNoteAttachment
public final boolean canViewNoteAttachment(Document document, String attachmentTypeCode, Person user) - Specified by:
canViewNoteAttachmentin interfaceDocumentAuthorizer
-
canViewNoteAttachment
@Deprecated public final boolean canViewNoteAttachment(Document document, String attachmentTypeCode, String authorUniversalIdentifier, Person user) Deprecated.- Specified by:
canViewNoteAttachmentin interfaceDocumentAuthorizer
-
canSendAdHocRequests
- Specified by:
canSendAdHocRequestsin interfaceDocumentAuthorizer
-
canEditDocumentOverview
- Specified by:
canEditDocumentOverviewin interfaceDocumentAuthorizer
-
canSendAnyTypeAdHocRequests
- Specified by:
canSendAnyTypeAdHocRequestsin interfaceDocumentAuthorizer
-
canTakeRequestedAction
- Specified by:
canTakeRequestedActionin interfaceDocumentAuthorizer
-
canSuperUserTakeAction
Determines if the user has permission to take a super user action.- Specified by:
canSuperUserTakeActionin interfaceDocumentAuthorizer- Parameters:
document- document to checkuser- current user- Returns:
- true if the user has permissions to take a super user action, otherwise false
-
canSuperUserApprove
Determines if the user has permission to approve a document as a super user.- Specified by:
canSuperUserApprovein interfaceDocumentAuthorizer- Parameters:
document- document to checkuser- current user- Returns:
- true if the user has permissions to approve a document as a super user, otherwise false
-
canSuperUserDisapprove
Determines if the user has permission to disapprove a document as a super user.- Specified by:
canSuperUserDisapprovein interfaceDocumentAuthorizer- Parameters:
document- document to checkuser- current user- Returns:
- true if the user has permissions to disapprove a document as a super user, otherwise false
-
addPermissionDetails
Override this method to populate the permission details from the primary data object or document. This will only be called once per request.- Overrides:
addPermissionDetailsin classDataObjectAuthorizerBase- Parameters:
dataObject- - the primary data object (i.e. the main object instance behind the lookup result row or inquiry) or the documentattributes- - permission details will be added to this map
-
addRoleQualification
Override this method to populate the role qualifier attributes from the primary data object or document. This will only be called once per request.- Overrides:
addRoleQualificationin classDataObjectAuthorizerBase- Parameters:
dataObject- - the primary data object (i.e. the main object instance behind the lookup result row or inquiry) or the documentattributes- - role qualifiers will be added to this map
-
addStandardAttributes
-
isDocumentInitiator
-
initializeDocumentAuthorizerIfNecessary
If the document authorizer is null, gets the authorizer from the document dictionary service for the given document's class.- Parameters:
document- document instance to get authorizer for
-
initializeDocumentAuthorizerIfNecessary
If the document authorizer is null, gets the authorizer from the document dictionary service for the given document type name.- Parameters:
documentTypeName- document type to get authorizer for
-
getDocumentAuthorizer
-
setDocumentAuthorizer
-
setDocumentAuthorizerClass
-
getDocumentDictionaryService
-
setDocumentDictionaryService
-
getDocumentRequestAuthorizationCache
-
setDocumentRequestAuthorizationCache
public void setDocumentRequestAuthorizationCache(DocumentRequestAuthorizationCache documentRequestAuthorizationCache) - Specified by:
setDocumentRequestAuthorizationCachein interfaceDocumentAuthorizer
-
setRequestAuthorizationCache
- Specified by:
setRequestAuthorizationCachein interfaceViewAuthorizer- Overrides:
setRequestAuthorizationCachein classViewAuthorizerBase
-