001/** 002 * Copyright 2005-2016 The Kuali Foundation 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.kuali.rice.krad.lookup; 017 018import org.kuali.rice.core.api.exception.RiceRuntimeException; 019import org.kuali.rice.kim.api.KimConstants; 020import org.kuali.rice.kim.api.identity.Person; 021import org.kuali.rice.krad.service.KRADServiceLocatorWeb; 022import org.kuali.rice.krad.uif.view.View; 023import org.kuali.rice.krad.uif.view.ViewAuthorizerBase; 024import org.kuali.rice.krad.uif.view.ViewModel; 025import org.kuali.rice.krad.util.KRADConstants; 026import org.kuali.rice.krad.util.KRADUtils; 027import org.kuali.rice.krad.web.form.LookupForm; 028 029import java.util.Map; 030 031/** 032 * Implementation of {@link org.kuali.rice.krad.uif.view.ViewAuthorizer} for 033 * {@link org.kuali.rice.krad.uif.view.LookupView} instances 034 * 035 * @author Kuali Rice Team (rice.collab@kuali.org) 036 */ 037public class LookupViewAuthorizerBase extends ViewAuthorizerBase { 038 private static final long serialVersionUID = 3755133641536256283L; 039 private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(LookupViewAuthorizerBase.class); 040 041 /** 042 * Override to check the for permissions of type 'Look Up Records' in addition to the open view check 043 * done in super 044 */ 045 @Override 046 public boolean canOpenView(View view, ViewModel model, Person user) { 047 boolean canOpen = super.canOpenView(view, model, user); 048 049 if (canOpen) { 050 LookupForm lookupForm = (LookupForm) model; 051 052 Map<String, String> additionalPermissionDetails; 053 try { 054 additionalPermissionDetails = KRADUtils.getNamespaceAndComponentSimpleName(Class.forName( 055 lookupForm.getDataObjectClassName())); 056 } catch (ClassNotFoundException e) { 057 throw new RiceRuntimeException( 058 "Unable to create class for lookup class name: " + lookupForm.getDataObjectClassName()); 059 } 060 061 if (permissionExistsByTemplate(model, KRADConstants.KNS_NAMESPACE, 062 KimConstants.PermissionTemplateNames.LOOK_UP_RECORDS, additionalPermissionDetails)) { 063 canOpen = isAuthorizedByTemplate(model, KRADConstants.KNS_NAMESPACE, 064 KimConstants.PermissionTemplateNames.LOOK_UP_RECORDS, user.getPrincipalId(), 065 additionalPermissionDetails, null); 066 } 067 } 068 069 return canOpen; 070 } 071 072 /** 073 * Check if user is allowed to initiate the document 074 * 075 * @param lookupForm - The lookup form of the document 076 * @param user - user we are authorizing the actions for 077 * @return true if user is authorized to initiate the document, false otherwise 078 */ 079 public boolean canInitiateDocument(LookupForm lookupForm, Person user) { 080 boolean canInitiateDocument = false; 081 082 try { 083 Class<?> dataObjectClass = Class.forName(lookupForm.getDataObjectClassName()); 084 // check if creating documents is allowed 085 String documentTypeName = KRADServiceLocatorWeb.getDocumentDictionaryService() 086 .getMaintenanceDocumentTypeName(dataObjectClass); 087 if ((documentTypeName != null) && 088 KRADServiceLocatorWeb.getDocumentDictionaryService().getDocumentAuthorizer(documentTypeName) 089 .canInitiate(documentTypeName, user)) { 090 canInitiateDocument = true; 091 } 092 } catch (ClassNotFoundException e) { 093 LOG.warn("Unable to load Data Object Class: " + lookupForm.getDataObjectClassName(), e); 094 } 095 096 return canInitiateDocument; 097 } 098}