Package org.kuali.rice.krad.uif.view

Interface ViewAuthorizer

All Known Implementing Classes:
DocumentViewAuthorizerBase, InquiryViewAuthorizerBase, LookupViewAuthorizerBase, MaintenanceViewAuthorizerBase, TransactionalDocumentViewAuthorizerBase, ViewAuthorizerBase
public interface ViewAuthorizer
Performs user based authorization for actions and components contained in a View

Note only user authorization is done by the authorizer class. For non-user based logic, use the ViewPresentationController

Author:
Kuali Rice Team (rice.collab@kuali.org)

  • Method Details

    • getActionFlags

      Set<String> getActionFlags(View view, ViewModel model, Person user, Set<String> actions)
      Returns the set of action flags that are authorized for the given user

      Action flags are created for views to indicate some action or feature should be enabled. These flags can be used within expressions for configuring the view content. For example: invalid input: '<'bean parent="Action" p:methodToCall="save" p:actionLabel="save" p:render="@{#actionFlags[#Constants.KUALI_ACTION_CAN_SAVE]}"/>

      For each action flag, KIM is consulted to determine if a permission exist for the template associated with the action flag. If so, a check is then made to determine if the user has that permission. If the permission fails for the user, the action flag is removed from the returned set.

      The Set of available action flags should first be exported by the ViewPresentationController.getActionFlags(View, org.kuali.rice.krad.web.form.UifFormBase) method. The set returned from this method will be passed as the method argument here by the framework.

      Parameters:
      view - - view instance the action flags apply to
      model - - object containing the view data
      user - - user we are authorizing the actions for
      actions - - set of action flags to authorize
      Returns:
      Set<String> set of action flags that have been authorized, this will be equal to or a subset of the actions passed in

    • getEditModes

      Set<String> getEditModes(View view, ViewModel model, Person user, Set<String> editModes)
      Returns the set of edit modes that are authorized for the given user

      An edit mode is a string that identifies a set of editable fields within the view. These are generally used when the entire view is not editable, but only certain fields. A field can be associated with an edit mode in two ways. The first is by using the edit mode in an expression when setting the field readOnly property. For example: <property name="readOnly" value="@{!#editModes['specialEdit'] and !fullEdit}" /> The second way is with the ViewPresentationController.canEditField(View, ViewModel, org.kuali.rice.krad.uif.field.Field, String) method which can look at the edit modes map on the view to determine if the given field should be editable.

      For each edit mode, KIM is consulted to determine if a permission exist for the 'Use View' template and the edit mode detail. If so, a check is then made to determine if the user has that permission. If the permission fails for the user, the edit mode is removed from the returned set.

      The Set of available edit modes should first be exported by the ViewPresentationController.getEditModes(View, org.kuali.rice.krad.web.form.UifFormBase) method. The set returned from this method will be passed as the method argument here by the framework.

      Parameters:
      view - - view instance the edit modes apply to
      model - - object containing the view data
      user - - user we are authorizing the actions for
      editModes - - set of edit modes to authorize
      Returns:
      Set<String> set of edit modes that have been authorized, this will be equal to or a subset of the edit mode set passed in

    • canOpenView

      boolean canOpenView(View view, ViewModel model, Person user)
      Determines if the given user is authorized to open the given view
      Parameters:
      view - - view instance to check authorization for
      model - - object containing the view data
      user - - user to authorize
      Returns:
      boolean true if the user is authorized to open the view, false otherwise

    • canEditView

      boolean canEditView(View view, ViewModel model, Person user)
      Determines if the given user is authorized to edit the given view
      Parameters:
      view - - view instance to check authorization for
      model - - object containing the view data
      user - - user to authorize
      Returns:
      boolean true if the user is authorized to edit the view, false otherwise

    • canUnmaskField

      boolean canUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user)
      Checks whether the mask authorization exists for the given property and if so whether the given user has the ability to unmask the value
      Parameters:
      view - - view instance the field belongs to
      model - - object containing the view data
      field - - field associated for the property and from which the ComponentSecurity will be retrieved
      propertyName - - name of the property associated with the field
      user - - user we are authorizing
      Returns:
      boolean true if the value can be unmasked, false if it should be masked

    • canPartialUnmaskField

      boolean canPartialUnmaskField(View view, ViewModel model, DataField field, String propertyName, Person user)
      Checks whether the partial mask authorization exists for the given property and if so whether the given user has the ability to unmask the value
      Parameters:
      view - - view instance the field belongs to
      model - - object containing the view data
      field - - field associated for the property and from which the ComponentSecurity will be retrieved
      propertyName - - name of the property associated with the field
      user - - user we are authorizing
      Returns:
      boolean true if the value can be unmasked, false if it should be partially masked

    • canEditField

      boolean canEditField(View view, ViewModel model, Field field, String propertyName, Person user)

    • canViewField

      boolean canViewField(View view, ViewModel model, Field field, String propertyName, Person user)

    • canEditGroup

      boolean canEditGroup(View view, ViewModel model, Group group, String groupId, Person user)

    • canViewGroup

      boolean canViewGroup(View view, ViewModel model, Group group, String groupId, Person user)

    • canEditWidget

      boolean canEditWidget(View view, ViewModel model, Widget widget, String widgetId, Person user)

    • canViewWidget

      boolean canViewWidget(View view, ViewModel model, Widget widget, String widgetId, Person user)

    • canPerformAction

      boolean canPerformAction(View view, ViewModel model, Action action, String actionEvent, String actionId, Person user)

    • canEditLine

      boolean canEditLine(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Person user)

    • canViewLine

      boolean canViewLine(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Person user)

    • canEditLineField

      boolean canEditLineField(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Field field, String propertyName, Person user)

    • canViewLineField

      boolean canViewLineField(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Field field, String propertyName, Person user)

    • canPerformLineAction

      boolean canPerformLineAction(View view, ViewModel model, CollectionGroup collectionGroup, String collectionPropertyName, Object line, Action action, String actionEvent, String actionId, Person user)

    • setRequestAuthorizationCache

      void setRequestAuthorizationCache(RequestAuthorizationCache requestAuthorizationCache)