001: /*
002: * Copyright 2005-2007 The Kuali Foundation.
003: *
004: * Licensed under the Educational Community License, Version 1.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.opensource.org/licenses/ecl1.php
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016: package org.kuali.core.service.impl;
017:
018: import java.util.Iterator;
019: import java.util.Map;
020: import java.util.Set;
021:
022: import org.apache.commons.lang.StringUtils;
023: import org.apache.commons.logging.Log;
024: import org.apache.commons.logging.LogFactory;
025: import org.kuali.core.authorization.AuthorizationStore;
026: import org.kuali.core.bo.user.UniversalUser;
027: import org.kuali.core.datadictionary.AuthorizationDefinition;
028: import org.kuali.core.datadictionary.DocumentEntry;
029: import org.kuali.core.service.AuthorizationService;
030: import org.kuali.core.service.DataDictionaryService;
031:
032: /**
033: * Most frequently, isAuthorized(group,action,targetType) will be called from isAuthorized(user,action,target) from inside the loop,
034: * so it'd be a good idea to optimize getting an answer for a given group...
035: */
036: public class AuthorizationServiceImpl implements AuthorizationService {
037: // logger
038: private static Log LOG = LogFactory
039: .getLog(AuthorizationServiceImpl.class);
040:
041: private AuthorizationStore authorizationStore;
042: private DataDictionaryService dataDictionaryService;
043:
044: private boolean disabled;
045:
046: /**
047: * Constructs an empty AuthorizationServiceImpl instance
048: */
049: public AuthorizationServiceImpl() {
050: disabled = false;
051: authorizationStore = new AuthorizationStore();
052: }
053:
054: // /**
055: // * Creates and initializes the authorizationStore which will be used by the authorizationService
056: // */
057: // public void completeInitialization( DataDictionary dataDictionary ) {
058: // LOG.info("loading authorization data");
059: //
060: // Map documentEntries = dataDictionary.getDocumentEntries();
061: // for (Iterator i = documentEntries.entrySet().iterator(); i.hasNext();) {
062: // DocumentEntry documentEntry = (DocumentEntry) ((Map.Entry) i.next()).getValue();
063: //
064: // String documentType = documentEntry.getDocumentTypeName();
065: // Map authorizationDefinitions = documentEntry.getAuthorizationDefinitions();
066: // for (Iterator j = authorizationDefinitions.entrySet().iterator(); j.hasNext();) {
067: // AuthorizationDefinition auth = (AuthorizationDefinition) ((Map.Entry) j.next()).getValue();
068: //
069: // String authorizedAction = auth.getAction();
070: // Set authorizedGroups = auth.getGroupNames();
071: // for (Iterator k = authorizedGroups.iterator(); k.hasNext();) {
072: // String authorizedGroup = (String) k.next();
073: //
074: // authorizationStore.addAuthorization(authorizedGroup, authorizedAction, documentType);
075: // }
076: // }
077: // }
078: // LOG.info("completed loading authorization data");
079: // }
080:
081: public void setupAuthorizations(DocumentEntry documentEntry) {
082:
083: String documentType = documentEntry.getDocumentTypeName();
084: Map authorizationDefinitions = documentEntry
085: .getAuthorizationDefinitions();
086: for (Iterator j = authorizationDefinitions.entrySet()
087: .iterator(); j.hasNext();) {
088: AuthorizationDefinition auth = (AuthorizationDefinition) ((Map.Entry) j
089: .next()).getValue();
090:
091: String authorizedAction = auth.getAction();
092: Set authorizedGroups = auth.getGroupNames();
093: for (Iterator k = authorizedGroups.iterator(); k.hasNext();) {
094: String authorizedGroup = (String) k.next();
095:
096: authorizationStore.addAuthorization(authorizedGroup,
097: authorizedAction, documentType);
098: }
099: }
100: }
101:
102: /**
103: * @see org.kuali.core.service.AuthorizationService#isAuthorized(org.kuali.core.bo.user.KualiUser, java.lang.String,
104: * java.lang.String)
105: */
106: public boolean isAuthorized(UniversalUser user, String action,
107: String targetType) {
108: return disabled
109: || authorizationStore.isAuthorized(user, action,
110: targetType);
111: }
112:
113: /**
114: * @see org.kuali.core.service.AuthorizationService#getAuthorizedWorkgroups(java.lang.String, java.lang.String)
115: */
116: public Set getAuthorizedWorkgroups(String action, String targetType) {
117: Map authorizedActions = authorizationStore
118: .authorizedActions(targetType);
119: return authorizationStore.authorizedGroups(authorizedActions,
120: action);
121: }
122:
123: /**
124: * @see org.kuali.core.service.AuthorizationService#isAuthorizedToViewAttribute(org.kuali.core.bo.user.KualiUser,
125: * java.lang.String, java.lang.String)
126: */
127: public boolean isAuthorizedToViewAttribute(UniversalUser user,
128: String entryName, String attributeName) {
129: boolean authorized = true;
130:
131: String displayWorkgroupName = this .dataDictionaryService
132: .getAttributeDisplayWorkgroup(entryName, attributeName);
133: if (StringUtils.isNotBlank(displayWorkgroupName)) {
134: if (!user.isMember(displayWorkgroupName)) {
135: authorized = false;
136: }
137: }
138:
139: return authorized;
140: }
141:
142: /**
143: * If disable is true, isAuthorized will thenceforth always return true regardless of the contents of the authorzationStore; if
144: * false, isAuthorized will return results based on the contents of the authorizationStore.
145: *
146: * @param hackedValue
147: */
148: public void disableAuthorization(boolean disable) {
149: this .disabled = disable;
150: }
151:
152: /* spring-injected services */
153: public void setDataDictionaryService(
154: DataDictionaryService dataDictionaryService) {
155: this .dataDictionaryService = dataDictionaryService;
156: }
157:
158: public DataDictionaryService getDataDictionaryService() {
159: return this.dataDictionaryService;
160: }
161: }
|