Package org.kuali.rice.krad.service

Interface DataObjectAuthorizationService

public interface DataObjectAuthorizationService
Provides methods for checking authorization for actions on a given data object class including the security of fields within the class
Author:
Kuali Rice Team (rice.collab@kuali.org)

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    attributeValueNeedsToBeEncryptedOnFormsAndLinks(Class<?> dataObjectClass, String attributeName)
    Indicates whether the given attribute of the given data object class has any security defined (such as read-only, masked, ...) and therefore data for the attribute should be securely passed
    boolean
    canCreate(Class<?> dataObjectClass, org.kuali.rice.kim.api.identity.Person user, String docTypeName)
    Indicates whether the given user has permission to create records of the given data object class with the given document type
    boolean
    canMaintain(Object dataObject, org.kuali.rice.kim.api.identity.Person user, String docTypeName)
    Indicates whether the given user has permission to maintain (edit/delete) the give data object instance with the given document type

  • Method Details

    • attributeValueNeedsToBeEncryptedOnFormsAndLinks

      boolean attributeValueNeedsToBeEncryptedOnFormsAndLinks(Class<?> dataObjectClass, String attributeName)
      Indicates whether the given attribute of the given data object class has any security defined (such as read-only, masked, ...) and therefore data for the attribute should be securely passed
      Parameters:
      dataObjectClass - - class that contains the attribute
      attributeName - - name of the attribute (property) within the class
      Returns:
      boolean true if the attribute should be secured, false if security is not needed

    • canCreate

      boolean canCreate(Class<?> dataObjectClass, org.kuali.rice.kim.api.identity.Person user, String docTypeName)
      Indicates whether the given user has permission to create records of the given data object class with the given document type
      Parameters:
      dataObjectClass - - class of data object to check authorization for
      user - - person requesting action
      docTypeName - - name of the document type that provides the action
      Returns:
      boolean true if the user has create authorization, false if not

    • canMaintain

      boolean canMaintain(Object dataObject, org.kuali.rice.kim.api.identity.Person user, String docTypeName)
      Indicates whether the given user has permission to maintain (edit/delete) the give data object instance with the given document type
      Parameters:
      dataObject - - data object instance to check authorization for
      user - - person requesting action
      docTypeName - - name of the document type that provides the action
      Returns:
      boolean true if the user has maintain authorization, false if not