Package org.kuali.rice.krad.document

Class DocumentViewAuthorizerBase

java.lang.Object
org.kuali.rice.krad.bo.DataObjectAuthorizerBase
org.kuali.rice.krad.uif.view.ViewAuthorizerBase
org.kuali.rice.krad.document.DocumentViewAuthorizerBase
All Implemented Interfaces:
Serializable, DataObjectAuthorizer, DocumentAuthorizer, ViewAuthorizer
Direct Known Subclasses:
MaintenanceViewAuthorizerBase, TransactionalDocumentViewAuthorizerBase
public class DocumentViewAuthorizerBase extends ViewAuthorizerBase implements DocumentAuthorizer
Implementation of ViewAuthorizer for DocumentView instances

Performs KIM permission checks for the various document actions such as save, approve, cancel

By default delegates to the DocumentAuthorizer configured for the document in the data dictionary

Author:
Kuali Rice Team (rice.collab@kuali.org)
See Also:

  • Field Details

    • LOG

      protected static org.apache.logging.log4j.Logger LOG

    • PRE_ROUTING_ROUTE_NAME

      public static final String PRE_ROUTING_ROUTE_NAME
      See Also:

  • Constructor Details

    • DocumentViewAuthorizerBase

      public DocumentViewAuthorizerBase()

  • Method Details

    • getActionFlags

      public Set<String> getActionFlags(View view, ViewModel model, org.kuali.rice.kim.api.identity.Person user, Set<String> actions)
      Returns the set of action flags that are authorized for the given user

      Action flags are created for views to indicate some action or feature should be enabled. These flags can be used within expressions for configuring the view content. For example: invalid input: '<'bean parent="Action" p:methodToCall="save" p:actionLabel="save" p:render="@{#actionFlags[#Constants.KUALI_ACTION_CAN_SAVE]}"/>

      For each action flag, KIM is consulted to determine if a permission exist for the template associated with the action flag. If so, a check is then made to determine if the user has that permission. If the permission fails for the user, the action flag is removed from the returned set.

      The Set of available action flags should first be exported by the ViewPresentationController.getActionFlags(View, org.kuali.rice.krad.web.form.UifFormBase) method. The set returned from this method will be passed as the method argument here by the framework.

      Specified by:
      getActionFlags in interface ViewAuthorizer
      Overrides:
      getActionFlags in class ViewAuthorizerBase
      Parameters:
      view - - view instance the action flags apply to
      model - - object containing the view data
      user - - user we are authorizing the actions for
      actions - - set of action flags to authorize
      Returns:
      Set<String> set of action flags that have been authorized, this will be equal to or a subset of the actions passed in
      See Also:

    • canInitiate

      public final boolean canInitiate(String documentTypeName, org.kuali.rice.kim.api.identity.Person user)
      Checks if a user has the permissions to initiate a document
      Specified by:
      canInitiate in interface DocumentAuthorizer
      Parameters:
      documentTypeName - document type name
      user - current user
      Returns:
      boolean, true if the user has the permissions to initiate a document else false

    • canOpen

      public final boolean canOpen(Document document, org.kuali.rice.kim.api.identity.Person user)
      Checks if a user has the permissions to open a document
      Specified by:
      canOpen in interface DocumentAuthorizer
      Parameters:
      document - document to check
      user - current user
      Returns:
      boolean, true if the user has the permissions to open a document else false

    • canOpenView

      public boolean canOpenView(View view, ViewModel model, org.kuali.rice.kim.api.identity.Person user)
      Checks for an open view permission for the view id, and if found verifies the user has that permission
      Specified by:
      canOpenView in interface ViewAuthorizer
      Overrides:
      canOpenView in class ViewAuthorizerBase
      Parameters:
      view - - view instance to check authorization for
      model - - object containing the view data
      user - - user to authorize
      Returns:
      boolean true if the user is authorized to open the view, false otherwise
      See Also:

    • canEdit

      public boolean canEdit(Document document, org.kuali.rice.kim.api.identity.Person user)
      Determines if the document can be edited; if false is returned, then all fields are in a read only state
      Specified by:
      canEdit in interface DocumentAuthorizer
      Parameters:
      document - document to check
      user - current user
      Returns:
      boolean, true if the user has the permissions to edit a document else false

    • canEditView

      public boolean canEditView(View view, ViewModel model, org.kuali.rice.kim.api.identity.Person user)
      Checks for an edit view permission for the view id, and if found verifies the user has that permission
      Specified by:
      canEditView in interface ViewAuthorizer
      Overrides:
      canEditView in class ViewAuthorizerBase
      Parameters:
      view - - view instance to check authorization for
      model - - object containing the view data
      user - - user to authorize
      Returns:
      boolean true if the user is authorized to edit the view, false otherwise
      See Also:

    • canUnmaskField

      public boolean canUnmaskField(View view, ViewModel model, DataField field, String propertyName, org.kuali.rice.kim.api.identity.Person user)
      Checks whether the mask authorization exists for the given property and if so whether the given user has the ability to unmask the value
      Specified by:
      canUnmaskField in interface ViewAuthorizer
      Overrides:
      canUnmaskField in class ViewAuthorizerBase
      Parameters:
      view - - view instance the field belongs to
      model - - object containing the view data
      field - - field associated for the property and from which the ComponentSecurity will be retrieved
      propertyName - - name of the property associated with the field
      user - - user we are authorizing
      Returns:
      boolean true if the value can be unmasked, false if it should be masked
      See Also:

    • isInitiator

      protected boolean isInitiator(ViewModel model, org.kuali.rice.kim.api.identity.Person user)
      Checks if the user is the initiator for the current document
      Parameters:
      model - object containing the view data
      user - user we are authorizing
      Returns:
      true if user is the initiator, false otherwise

    • canAnnotate

      public boolean canAnnotate(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canAnnotate in interface DocumentAuthorizer

    • canReload

      public boolean canReload(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canReload in interface DocumentAuthorizer

    • canClose

      public boolean canClose(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canClose in interface DocumentAuthorizer

    • canSave

      public boolean canSave(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canSave in interface DocumentAuthorizer

    • canRoute

      public boolean canRoute(Document document, org.kuali.rice.kim.api.identity.Person user)
      Determines if the user has permission to route the document
      Specified by:
      canRoute in interface DocumentAuthorizer
      Parameters:
      document - document to check
      user - current user
      Returns:
      boolean, true if the user has permissions to route a document else false

    • canCancel

      public boolean canCancel(Document document, org.kuali.rice.kim.api.identity.Person user)
      Determines if the user has permission to cancel the document
      Specified by:
      canCancel in interface DocumentAuthorizer
      Parameters:
      document - document to check
      user - current user
      Returns:
      boolean, true if the user has permissions to cancel a document else false

    • canRecall

      public boolean canRecall(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canRecall in interface DocumentAuthorizer

    • canCopy

      public boolean canCopy(Document document, org.kuali.rice.kim.api.identity.Person user)
      Determines if the user has permission to copy the document
      Specified by:
      canCopy in interface DocumentAuthorizer
      Parameters:
      document - document to check
      user - current user
      Returns:
      boolean, true if the user has permissions to cancel a document else false

    • canPerformRouteReport

      public boolean canPerformRouteReport(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canPerformRouteReport in interface DocumentAuthorizer

    • canBlanketApprove

      public boolean canBlanketApprove(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canBlanketApprove in interface DocumentAuthorizer

    • canApprove

      public boolean canApprove(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canApprove in interface DocumentAuthorizer

    • canDisapprove

      public boolean canDisapprove(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canDisapprove in interface DocumentAuthorizer

    • canSendNoteFyi

      public boolean canSendNoteFyi(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canSendNoteFyi in interface DocumentAuthorizer

    • canFyi

      public boolean canFyi(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canFyi in interface DocumentAuthorizer

    • canAcknowledge

      public boolean canAcknowledge(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canAcknowledge in interface DocumentAuthorizer

    • canReceiveAdHoc

      public final boolean canReceiveAdHoc(Document document, org.kuali.rice.kim.api.identity.Person user, String actionRequestCode)
      Specified by:
      canReceiveAdHoc in interface DocumentAuthorizer

    • canAddNoteAttachment

      public final boolean canAddNoteAttachment(Document document, String attachmentTypeCode, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canAddNoteAttachment in interface DocumentAuthorizer

    • canDeleteNoteAttachment

      public final boolean canDeleteNoteAttachment(Document document, String attachmentTypeCode, String authorUniversalIdentifier, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canDeleteNoteAttachment in interface DocumentAuthorizer

    • canViewNoteAttachment

      public final boolean canViewNoteAttachment(Document document, String attachmentTypeCode, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canViewNoteAttachment in interface DocumentAuthorizer

    • canViewNoteAttachment

      @Deprecated public final boolean canViewNoteAttachment(Document document, String attachmentTypeCode, String authorUniversalIdentifier, org.kuali.rice.kim.api.identity.Person user)
      Deprecated.
      Specified by:
      canViewNoteAttachment in interface DocumentAuthorizer

    • canSendAdHocRequests

      public final boolean canSendAdHocRequests(Document document, String actionRequestCd, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canSendAdHocRequests in interface DocumentAuthorizer

    • canEditDocumentOverview

      public boolean canEditDocumentOverview(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canEditDocumentOverview in interface DocumentAuthorizer

    • canSendAnyTypeAdHocRequests

      public boolean canSendAnyTypeAdHocRequests(Document document, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canSendAnyTypeAdHocRequests in interface DocumentAuthorizer

    • canTakeRequestedAction

      public boolean canTakeRequestedAction(Document document, String actionRequestCode, org.kuali.rice.kim.api.identity.Person user)
      Specified by:
      canTakeRequestedAction in interface DocumentAuthorizer

    • canSuperUserTakeAction

      public boolean canSuperUserTakeAction(Document document, org.kuali.rice.kim.api.identity.Person user)
      Determines if the user has permission to take a super user action.
      Specified by:
      canSuperUserTakeAction in interface DocumentAuthorizer
      Parameters:
      document - document to check
      user - current user
      Returns:
      true if the user has permissions to take a super user action, otherwise false

    • canSuperUserApprove

      public boolean canSuperUserApprove(Document document, org.kuali.rice.kim.api.identity.Person user)
      Determines if the user has permission to approve a document as a super user.
      Specified by:
      canSuperUserApprove in interface DocumentAuthorizer
      Parameters:
      document - document to check
      user - current user
      Returns:
      true if the user has permissions to approve a document as a super user, otherwise false

    • canSuperUserDisapprove

      public boolean canSuperUserDisapprove(Document document, org.kuali.rice.kim.api.identity.Person user)
      Determines if the user has permission to disapprove a document as a super user.
      Specified by:
      canSuperUserDisapprove in interface DocumentAuthorizer
      Parameters:
      document - document to check
      user - current user
      Returns:
      true if the user has permissions to disapprove a document as a super user, otherwise false

    • addPermissionDetails

      protected void addPermissionDetails(Object dataObject, Map<String,String> attributes)
      Override this method to populate the permission details from the primary data object or document. This will only be called once per request.
      Overrides:
      addPermissionDetails in class DataObjectAuthorizerBase
      Parameters:
      dataObject - - the primary data object (i.e. the main object instance behind the lookup result row or inquiry) or the document
      attributes - - permission details will be added to this map

    • addRoleQualification

      protected void addRoleQualification(Object dataObject, Map<String,String> attributes)
      Override this method to populate the role qualifier attributes from the primary data object or document. This will only be called once per request.
      Overrides:
      addRoleQualification in class DataObjectAuthorizerBase
      Parameters:
      dataObject - - the primary data object (i.e. the main object instance behind the lookup result row or inquiry) or the document
      attributes - - role qualifiers will be added to this map

    • addStandardAttributes

      protected void addStandardAttributes(Document document, Map<String,String> attributes)

    • isDocumentInitiator

      protected boolean isDocumentInitiator(Document document, org.kuali.rice.kim.api.identity.Person user)

    • initializeDocumentAuthorizerIfNecessary

      public void initializeDocumentAuthorizerIfNecessary(Document document)
      If the document authorizer is null, gets the authorizer from the document dictionary service for the given document's class.
      Parameters:
      document - document instance to get authorizer for

    • initializeDocumentAuthorizerIfNecessary

      public void initializeDocumentAuthorizerIfNecessary(String documentTypeName)
      If the document authorizer is null, gets the authorizer from the document dictionary service for the given document type name.
      Parameters:
      documentTypeName - document type to get authorizer for

    • getDocumentAuthorizer

      public DocumentAuthorizer getDocumentAuthorizer()

    • setDocumentAuthorizer

      public void setDocumentAuthorizer(DocumentAuthorizer documentAuthorizer)

    • setDocumentAuthorizerClass

      public void setDocumentAuthorizerClass(Class<? extends DocumentAuthorizer> documentAuthorizerClass)

    • getDocumentDictionaryService

      public DocumentDictionaryService getDocumentDictionaryService()

    • setDocumentDictionaryService

      public void setDocumentDictionaryService(DocumentDictionaryService documentDictionaryService)

    • getDocumentRequestAuthorizationCache

      protected DocumentRequestAuthorizationCache getDocumentRequestAuthorizationCache(Document document)

    • setDocumentRequestAuthorizationCache

      public void setDocumentRequestAuthorizationCache(DocumentRequestAuthorizationCache documentRequestAuthorizationCache)
      Specified by:
      setDocumentRequestAuthorizationCache in interface DocumentAuthorizer

    • setRequestAuthorizationCache

      public void setRequestAuthorizationCache(RequestAuthorizationCache requestAuthorizationCache)
      Specified by:
      setRequestAuthorizationCache in interface ViewAuthorizer
      Overrides:
      setRequestAuthorizationCache in class ViewAuthorizerBase