Source code

001/**
002 * Copyright 2005-2016 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.kns.bo.authorization;
017
018import org.kuali.rice.kns.authorization.BusinessObjectAuthorizer;
019import org.kuali.rice.krad.bo.BusinessObject;
020import org.kuali.rice.krad.bo.DataObjectAuthorizerBase;
021import org.kuali.rice.krad.service.DataDictionaryService;
022import org.kuali.rice.krad.service.KRADServiceLocatorWeb;
023import org.kuali.rice.krad.service.KualiModuleService;
024import org.kuali.rice.krad.service.PersistenceStructureService;
025import org.kuali.rice.krad.util.GlobalVariables;
026
027import java.util.HashMap;
028import java.util.Map;
029
030public class BusinessObjectAuthorizerBase extends DataObjectAuthorizerBase implements BusinessObjectAuthorizer {
031    private static final long serialVersionUID = -6315759348728853851L;
032
033        private static KualiModuleService kualiModuleService;
034        private static DataDictionaryService dataDictionaryService;
035        private static PersistenceStructureService persistenceStructureService;
036
037    protected final boolean permissionExistsByTemplate(
038                        BusinessObject businessObject, String namespaceCode,
039                        String permissionTemplateName) {
040                return getPermissionService()
041                                .isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName, new HashMap<String, String>(
042                        getPermissionDetailValues(businessObject)));
043        }
044
045        protected final boolean permissionExistsByTemplate(
046                        BusinessObject businessObject, String namespaceCode,
047                        String permissionTemplateName, Map<String, String> permissionDetails) {
048                Map<String, String> combinedPermissionDetails = new HashMap<String, String>(
049                                getPermissionDetailValues(businessObject));
050                combinedPermissionDetails.putAll(permissionDetails);
051                return getPermissionService()
052                                .isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName, combinedPermissionDetails);
053        }
054
055        public final boolean isAuthorized(BusinessObject businessObject,
056                        String namespaceCode, String permissionName, String principalId) {
057                return getPermissionService().isAuthorized(principalId,
058                                namespaceCode, permissionName,
059                                new HashMap<String, String>(getRoleQualification(businessObject, principalId)));
060        }
061
062        public final boolean isAuthorizedByTemplate(BusinessObject dataObject,
063                        String namespaceCode, String permissionTemplateName,
064                        String principalId) {
065                return getPermissionService().isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName,
066                new HashMap<String, String>(getPermissionDetailValues(dataObject)), new HashMap<String, String>(
067                getRoleQualification(dataObject, principalId)));
068        }
069
070        public final boolean isAuthorized(BusinessObject businessObject,
071                        String namespaceCode, String permissionName, String principalId,
072                        Map<String, String> collectionOrFieldLevelPermissionDetails,
073                        Map<String, String> collectionOrFieldLevelRoleQualification) {
074                Map<String, String> roleQualifiers = null;
075                Map<String, String> permissionDetails = null;
076                if (collectionOrFieldLevelRoleQualification != null) {
077                        roleQualifiers = new HashMap<String, String>(
078                                        getRoleQualification(businessObject, principalId));
079                        roleQualifiers.putAll(collectionOrFieldLevelRoleQualification);
080                } else {
081                        roleQualifiers = new HashMap<String, String>(
082                                        getRoleQualification(businessObject, principalId));
083                }
084                /*if (collectionOrFieldLevelPermissionDetails != null) {
085                        permissionDetails = new HashMap<String, String>(
086                                        getPermissionDetailValues(businessObject));
087                        permissionDetails.putAll(collectionOrFieldLevelPermissionDetails);
088                } else {
089                        permissionDetails = new HashMap<String, String>(
090                                        getPermissionDetailValues(businessObject));
091                }*/
092                
093                return getPermissionService().isAuthorized(principalId,
094                                namespaceCode, permissionName,
095                                roleQualifiers);
096        }
097
098
099        /**
100         * Returns a role qualification map based off data from the primary business
101         * object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD
102         * 
103         * @param primaryBusinessObjectOrDocument
104         *            the primary business object (i.e. the main BO instance behind
105         *            the lookup result row or inquiry) or the document
106         * @return a Map containing role qualifications
107         */
108        protected final Map<String, String> getRoleQualification(
109                        BusinessObject primaryBusinessObjectOrDocument) {
110                return getRoleQualification(primaryBusinessObjectOrDocument, GlobalVariables
111                                        .getUserSession().getPerson().getPrincipalId());
112        }
113
114        /**
115         * @see org.kuali.rice.kns.authorization.BusinessObjectAuthorizer#getCollectionItemPermissionDetails(org.kuali.rice.krad.bo.BusinessObject)
116         */
117    @Override
118        public Map<String, String> getCollectionItemPermissionDetails(
119                        BusinessObject collectionItemBusinessObject) {
120                return new HashMap<String, String>();
121        }
122
123        /**
124         * @see org.kuali.rice.kns.authorization.BusinessObjectAuthorizer#getCollectionItemRoleQualifications(org.kuali.rice.krad.bo.BusinessObject)
125         */
126    @Override
127        public Map<String, String> getCollectionItemRoleQualifications(
128                        BusinessObject collectionItemBusinessObject) {
129                return new HashMap<String, String>();
130        }
131
132        protected static KualiModuleService getKualiModuleService() {
133                if (kualiModuleService == null) {
134                        kualiModuleService = KRADServiceLocatorWeb.getKualiModuleService();
135                }
136                return kualiModuleService;
137        }
138
139        protected static DataDictionaryService getDataDictionaryService() {
140                if (dataDictionaryService == null) {
141                        dataDictionaryService = KRADServiceLocatorWeb
142                                        .getDataDictionaryService();
143                }
144                return dataDictionaryService;
145        }
146}