Package org.kuali.rice.krad.bo
Class DataObjectAuthorizerBase
java.lang.Object
org.kuali.rice.krad.bo.DataObjectAuthorizerBase
- All Implemented Interfaces:
Serializable,DataObjectAuthorizer
- Direct Known Subclasses:
DocumentAuthorizerBase,ViewAuthorizerBase
- Author:
- Kuali Rice Team (rice.collab@kuali.org)
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidaddPermissionDetails(Object primaryDataObjectOrDocument, Map<String, String> attributes) Override this method to populate the permission details from the primary data object or document.protected voidaddRoleQualification(Object primaryDataObjectOrDocument, Map<String, String> attributes) Override this method to populate the role qualifier attributes from the primary data object or document.getPermissionDetailValues(Object primaryDataObjectOrDocument) Returns a permission details map based off data from the primary business object or the document.protected static org.kuali.rice.kim.api.permission.PermissionServiceprotected static org.kuali.rice.kim.api.identity.PersonServicegetRoleQualification(Object primaryDataObjectOrDocument, String principalId) Returns a role qualification map based off data from the primary business object or the document.final booleanisAuthorized(Object dataObject, String namespaceCode, String permissionName, String principalId) Determines whether the user identified by the given principal ID has the given permission in the context of the data objectfinal booleanisAuthorized(Object dataObject, String namespaceCode, String permissionName, String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails, Map<String, String> collectionOrFieldLevelRoleQualification) Determines whether the user identified by the given principal ID has the given permission in the context of the data object, the additional permission details and role qualifiers are used for the checkfinal booleanisAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName, String principalId) Determines whether the user identified by the given principal ID has been granted a permission of the given template in the context of the data objectfinal booleanisAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName, String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails, Map<String, String> collectionOrFieldLevelRoleQualification) Determines whether the user identified by the given principal ID has been granted a permission of the given template in the context of the data object, the additional permission details and role qualifiers are used for the checkprotected final booleanpermissionExistsByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName) protected final booleanpermissionExistsByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName, Map<String, String> permissionDetails) protected final booleanpermissionExistsByTemplate(String namespaceCode, String permissionTemplateName, Map<String, String> permissionDetails)
-
Constructor Details
-
DataObjectAuthorizerBase
public DataObjectAuthorizerBase()
-
-
Method Details
-
isAuthorized
public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName, String principalId) Description copied from interface:DataObjectAuthorizerDetermines whether the user identified by the given principal ID has the given permission in the context of the data object- Specified by:
isAuthorizedin interfaceDataObjectAuthorizer- Parameters:
dataObject-namespaceCode-permissionName-principalId-- Returns:
- boolean true if the user is authorized, false if not
- See Also:
-
isAuthorizedByTemplate
public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName, String principalId) Description copied from interface:DataObjectAuthorizerDetermines whether the user identified by the given principal ID has been granted a permission of the given template in the context of the data object- Specified by:
isAuthorizedByTemplatein interfaceDataObjectAuthorizer- Parameters:
dataObject-namespaceCode-permissionTemplateName-principalId-- Returns:
- boolean true if the user is authorized, false if not
- See Also:
-
isAuthorized
public final boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName, String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails, Map<String, String> collectionOrFieldLevelRoleQualification) Description copied from interface:DataObjectAuthorizerDetermines whether the user identified by the given principal ID has the given permission in the context of the data object, the additional permission details and role qualifiers are used for the check- Specified by:
isAuthorizedin interfaceDataObjectAuthorizer- Parameters:
dataObject-namespaceCode-permissionName-principalId-collectionOrFieldLevelPermissionDetails-collectionOrFieldLevelRoleQualification-- Returns:
- boolean true if the user is authorized, false if not
- See Also:
-
isAuthorizedByTemplate
public final boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName, String principalId, Map<String, String> collectionOrFieldLevelPermissionDetails, Map<String, String> collectionOrFieldLevelRoleQualification) Description copied from interface:DataObjectAuthorizerDetermines whether the user identified by the given principal ID has been granted a permission of the given template in the context of the data object, the additional permission details and role qualifiers are used for the check- Specified by:
isAuthorizedByTemplatein interfaceDataObjectAuthorizer- Parameters:
dataObject-namespaceCode-permissionTemplateName-principalId-collectionOrFieldLevelPermissionDetails-collectionOrFieldLevelRoleQualification-- Returns:
- boolean true if the user is authorized, false if not
- See Also:
-
addRoleQualification
protected void addRoleQualification(Object primaryDataObjectOrDocument, Map<String, String> attributes) Override this method to populate the role qualifier attributes from the primary data object or document. This will only be called once per request.- Parameters:
primaryDataObjectOrDocument- - the primary data object (i.e. the main object instance behind the lookup result row or inquiry) or the documentattributes- - role qualifiers will be added to this map
-
addPermissionDetails
protected void addPermissionDetails(Object primaryDataObjectOrDocument, Map<String, String> attributes) Override this method to populate the permission details from the primary data object or document. This will only be called once per request.- Parameters:
primaryDataObjectOrDocument- - the primary data object (i.e. the main object instance behind the lookup result row or inquiry) or the documentattributes- - permission details will be added to this map
-
permissionExistsByTemplate
-
permissionExistsByTemplate
-
permissionExistsByTemplate
-
getRoleQualification
protected final Map<String,String> getRoleQualification(Object primaryDataObjectOrDocument, String principalId) Returns a role qualification map based off data from the primary business object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD- Parameters:
primaryDataObjectOrDocument- the primary data object (i.e. the main object instance behind the lookup result row or inquiry) or the documentprincipalId-- Returns:
- a Map containing role qualifications
-
getPermissionDetailValues
Returns a permission details map based off data from the primary business object or the document. DO NOT MODIFY THE MAP RETURNED BY THIS METHOD- Parameters:
primaryDataObjectOrDocument- the primary data object (i.e. the main object instance behind the lookup result row or inquiry) or the document- Returns:
- a Map containing permission details
-
getPermissionService
protected static org.kuali.rice.kim.api.permission.PermissionService getPermissionService() -
getPersonService
protected static org.kuali.rice.kim.api.identity.PersonService getPersonService()
-