Class DocumentActionsPermissionBase
java.lang.Object
org.kuali.rice.kew.doctype.service.impl.DocumentActionsPermissionBase
- Direct Known Subclasses:
DocumentTypePermissionServiceImpl,KimDocumentTypeAuthorizer
Base class which implements default KIM permission checks for various workflow document actions.
This implementation can be used as a base class for a DocumentTypePermissionService or DocumentTypeAuthorizer implementation
- Since:
- 2.1.3
- Author:
- Kuali Rice Team (rice.collab@kuali.org)
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbuildDocumentRoleQualifiers(DocumentRouteHeaderValue document, String routeNodeName) Generates role qualifiers for authorization check.buildDocumentTypePermissionDetails(DocumentType documentType, String documentStatus, String actionRequestCode, String routeNodeName) Generates permission details map for KIM permission checks.buildDocumentTypePermissionDetailsForNodes(DocumentType documentType, Collection<String> routeNodeNames, String documentStatus, String actionRequestCode) This method generates the permission details for the given document with current active route nodes.booleancanBlanketApprove(String principalId, DocumentRouteHeaderValue document) booleancanCancel(String principalId, DocumentRouteHeaderValue document) booleancanInitiate(String principalId, DocumentType documentType) booleancanRecall(String principalId, DocumentRouteHeaderValue document) booleancanReturnToPreviousRouteNode(String principalId, DocumentRouteHeaderValue document) booleancanRoute(String principalId, DocumentRouteHeaderValue document) booleancanSave(String principalId, DocumentRouteHeaderValue document) protected booleancanSuperUserApproveDocument(String principalId, DocumentType documentType, Collection<String> routeNodeNames, String routeStatusCode) protected booleancanSuperUserApproveSingleActionRequest(String principalId, DocumentType documentType, Collection<String> routeNodeNames, String routeStatusCode) protected booleancanSuperUserDisapproveDocument(String principalId, DocumentType documentType, Collection<String> routeNodeNames, String routeStatusCode) protected org.kuali.rice.kim.api.permission.PermissionServiceprotected booleanuseKimPermission(String namespace, String permissionTemplateName, Map<String, String> permissionDetails, boolean checkKimPriorityInd) Returns whether to invoke KIM to perform permission checks.protected voidvalidateDocument(DocumentRouteHeaderValue document) Validates document parameterprotected voidvalidateDocumentStatus(String documentStatus) Validates documentStatus parameterprotected voidvalidateDocumentType(DocumentType documentType) Validates documenttype parameterprotected voidvalidatePrincipalId(String principalId) Validates principal id parameterprotected voidvalidateRouteNodeNames(List<String> routeNodeNames) Validates routeNodeNames parameter
-
Constructor Details
-
DocumentActionsPermissionBase
public DocumentActionsPermissionBase()
-
-
Method Details
-
canInitiate
-
canRoute
-
canSuperUserApproveSingleActionRequest
protected boolean canSuperUserApproveSingleActionRequest(String principalId, DocumentType documentType, Collection<String> routeNodeNames, String routeStatusCode) -
canSuperUserApproveDocument
protected boolean canSuperUserApproveDocument(String principalId, DocumentType documentType, Collection<String> routeNodeNames, String routeStatusCode) -
canSuperUserDisapproveDocument
protected boolean canSuperUserDisapproveDocument(String principalId, DocumentType documentType, Collection<String> routeNodeNames, String routeStatusCode) -
canCancel
-
canReturnToPreviousRouteNode
-
canRecall
-
canBlanketApprove
-
canSave
-
buildDocumentTypePermissionDetails
protected Map<String,String> buildDocumentTypePermissionDetails(DocumentType documentType, String documentStatus, String actionRequestCode, String routeNodeName) Generates permission details map for KIM permission checks. Details are derived from document type, status, action request code (if non-null) and routeNode name (if non-null). If the document status is not a routed state, "PreRoute" is used. Note that this has to match the required data defined in krim_typ_attr_t for the krim_typ_t with srvc_nm='documentTypeAndNodeOrStatePermissionTypeService'. TODO: See KULRICE-3490, make assembly of permission details dynamic based on db config- Parameters:
documentType- the KEW DocumentTypedocumentStatus- the document statusactionRequestCode- action request code if applicablerouteNodeName- routeNode name if applicable- Returns:
- map of permission details for permission check
-
buildDocumentTypePermissionDetailsForNodes
protected List<Map<String,String>> buildDocumentTypePermissionDetailsForNodes(DocumentType documentType, Collection<String> routeNodeNames, String documentStatus, String actionRequestCode) This method generates the permission details for the given document with current active route nodes. This method simply invokesbuildDocumentTypePermissionDetails(org.kuali.rice.kew.doctype.bo.DocumentType, String, String, String)for each node (or once if no node names are provided).- Parameters:
documentType- the DocumentTyperouteNodeNames- active route nodes for which to generate permission detailsdocumentStatus- document statusactionRequestCode- action request code if applicable- Returns:
- list of permission details maps, one for each route node inspected
-
buildDocumentRoleQualifiers
protected Map<String,String> buildDocumentRoleQualifiers(DocumentRouteHeaderValue document, String routeNodeName) Generates role qualifiers for authorization check. If the document status is a non-routed status, "PreRoute" is used. The namespaceCode attribute is derived from the KRAD DataDictionary if there is a mapping for the document type.- Parameters:
document- the document instancerouteNodeName- name of the applicable routenode- Returns:
- map of role qualifiers
-
useKimPermission
protected boolean useKimPermission(String namespace, String permissionTemplateName, Map<String, String> permissionDetails, boolean checkKimPriorityInd) Returns whether to invoke KIM to perform permission checks. First consults theKewApiConstants.KIM_PRIORITY_ON_DOC_TYP_PERMS_INDsystem parameter to determine whether we should check for permission existence. If this parameter is unset or is true, we proceed to invokePermissionService.isPermissionDefinedByTemplate(String, String, java.util.Map)to determine whether the given permission is defined anywhere in the system.- Parameters:
namespace- namespace of permission we are queryingpermissionTemplateName- template name of permissions we are queryingpermissionDetails- details of permissions we are queryingcheckKimPriorityInd- whether to consult theKewApiConstants.KIM_PRIORITY_ON_DOC_TYP_PERMS_INDparameter to determine whether the check for permission definition- Returns:
- whether there are any permissions defined for the given permission template, or false if we are checking the kim priority indicator and
the
} system parameter is disabled.
invalid @link
{@link KewApiConstants@KIM_PRIORITY_ON_DOC_TYP_PERMS_IND
-
validatePrincipalId
Validates principal id parameter- Parameters:
principalId- the principal id
-
validateDocument
Validates document parameter- Parameters:
document- the document
-
validateDocumentType
Validates documenttype parameter- Parameters:
documentType- the document type
-
validateRouteNodeNames
Validates routeNodeNames parameter- Parameters:
routeNodeNames- the routeNode names
-
validateDocumentStatus
Validates documentStatus parameter- Parameters:
documentStatus- the document status
-
getPermissionService
protected org.kuali.rice.kim.api.permission.PermissionService getPermissionService()
-