001: /*
002: * Copyright 2007 The Kuali Foundation.
003: *
004: * Licensed under the Educational Community License, Version 1.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.opensource.org/licenses/ecl1.php
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016: package org.kuali.core.document.authorization;
017:
018: import java.util.HashMap;
019: import java.util.Map;
020:
021: import org.kuali.RiceConstants;
022: import org.kuali.RicePropertyConstants;
023: import org.kuali.core.authorization.AuthorizationConstants;
024: import org.kuali.core.bo.user.UniversalUser;
025: import org.kuali.core.document.Document;
026: import org.kuali.core.document.MaintenanceDocument;
027: import org.kuali.core.service.KualiConfigurationService;
028: import org.kuali.rice.KNSServiceLocator;
029:
030: /**
031: * Universal User specific authorization rules.
032: *
033: *
034: */
035: public class UniversalUserDocumentAuthorizer extends
036: MaintenanceDocumentAuthorizerBase {
037:
038: //private static final Logger LOG = Logger.getLogger(UniversalUserDocumentAuthorizer.class);
039:
040: private transient static KualiConfigurationService configService;
041: private transient static String userEditWorkgroupName;
042: private transient static boolean usersMaintainedByKuali;
043: private transient static boolean passwordEditingEnabled;
044:
045: /**
046: * Constructs a UniversalUserDocumentAuthorizer.
047: */
048: public UniversalUserDocumentAuthorizer() {
049: super ();
050: }
051:
052: /**
053: * @see org.kuali.core.document.MaintenanceDocumentAuthorizerBase#getEditMode(org.kuali.core.document.Document, org.kuali.core.bo.user.KualiUser)
054: */
055: @Override
056: public Map getEditMode(Document document, UniversalUser user) {
057: Map editModes = new HashMap();
058: if (!(document.getDocumentHeader().getWorkflowDocument()
059: .stateIsInitiated() || document.getDocumentHeader()
060: .getWorkflowDocument().stateIsSaved())) {
061: editModes
062: .put(
063: AuthorizationConstants.MaintenanceEditMode.VIEW_ONLY,
064: "TRUE");
065: } else {
066: editModes = super .getEditMode(document, user);
067: }
068: initStatics();
069:
070: // check for ssn edit mode
071: if (user.isMember(userEditWorkgroupName)) {
072: editModes
073: .put(
074: AuthorizationConstants.MaintenanceEditMode.SSN_EDIT_ENTRY,
075: "TRUE");
076: }
077:
078: return editModes;
079: }
080:
081: public MaintenanceDocumentAuthorizations getFieldAuthorizations(
082: MaintenanceDocument document, UniversalUser user) {
083: MaintenanceDocumentAuthorizations auths = new MaintenanceDocumentAuthorizations();
084: initStatics();
085:
086: // prevent users not in the UU edit group from changing base UU properties
087: if (!(usersMaintainedByKuali && user
088: .isMember(userEditWorkgroupName))) {
089: auths
090: .addReadonlyAuthField(RicePropertyConstants.PERSON_USER_IDENTIFIER);
091: auths
092: .addReadonlyAuthField(RicePropertyConstants.PERSON_UNIVERSAL_IDENTIFIER);
093: auths.addHiddenAuthField("personTaxIdentifier");
094: auths.addHiddenAuthField("personTaxIdentifierTypeCode");
095: auths
096: .addReadonlyAuthField(RicePropertyConstants.PERSON_NAME);
097: auths
098: .addReadonlyAuthField(RicePropertyConstants.CAMPUS_CODE);
099: auths.addReadonlyAuthField("primaryDepartmentCode");
100: auths.addHiddenAuthField("personPayrollIdentifier");
101: auths
102: .addReadonlyAuthField(RicePropertyConstants.EMPLOYEE_STATUS_CODE);
103: auths
104: .addReadonlyAuthField(RicePropertyConstants.EMPLOYEE_TYPE_CODE);
105: auths.addReadonlyAuthField("student");
106: auths.addReadonlyAuthField("staff");
107: auths.addReadonlyAuthField("faculty");
108: auths.addReadonlyAuthField("affiliate");
109: auths
110: .addHiddenAuthField(RicePropertyConstants.PERSON_FIRST_NAME);
111: auths
112: .addHiddenAuthField(RicePropertyConstants.PERSON_LAST_NAME);
113: auths.addHiddenAuthField("personMiddleName");
114: auths
115: .addHiddenAuthField(RicePropertyConstants.PERSON_LOCAL_PHONE_NUMBER);
116: auths
117: .addHiddenAuthField(RicePropertyConstants.PERSON_CAMPUS_ADDRESS);
118: auths
119: .addHiddenAuthField(RicePropertyConstants.PERSON_EMAIL_ADDRESS);
120: auths
121: .addHiddenAuthField(RicePropertyConstants.PERSON_BASE_SALARY_AMOUNT);
122: auths
123: .addHiddenAuthField("financialSystemsEncryptedPasswordText");
124: } else {
125: if (!passwordEditingEnabled) {
126: auths
127: .addHiddenAuthField("financialSystemsEncryptedPasswordText");
128: }
129: }
130:
131: return auths;
132: }
133:
134: private void initStatics() {
135: if (configService == null) {
136: configService = KNSServiceLocator
137: .getKualiConfigurationService();
138: }
139: // get the group name that we need here
140: if (userEditWorkgroupName == null) {
141: userEditWorkgroupName = configService
142: .getParameterValue(
143: RiceConstants.KNS_NAMESPACE,
144: RiceConstants.DetailTypes.UNIVERSAL_USER_DETAIL_TYPE,
145: RiceConstants.CoreApcParms.UNIVERSAL_USER_EDIT_WORKGROUP);
146: // check whether users are editable within Kuali
147: usersMaintainedByKuali = configService
148: .getPropertyAsBoolean(RiceConstants.MAINTAIN_USERS_LOCALLY_KEY);
149: // check whether local CAS is in use
150: passwordEditingEnabled = KNSServiceLocator
151: .getWebAuthenticationService().isValidatePassword();
152: }
153: }
154: }
|