Java TransactionalDocumentAuthorizer示例

示例#1

文件： SecTransactionalDocumentAuthorizer.java 项目： r351574nc3/kfs-maven

 public boolean isAuthorizedByTemplate(
     BusinessObject businessObject,
     String namespaceCode,
     String permissionTemplateName,
     String principalId) {
   return documentAuthorizer.isAuthorizedByTemplate(
       businessObject, namespaceCode, permissionTemplateName, principalId);
 }

示例#2

文件： SecTransactionalDocumentAuthorizer.java 项目： r351574nc3/kfs-maven

 public boolean isAuthorizedByTemplate(
     BusinessObject businessObject,
     String namespaceCode,
     String permissionTemplateName,
     String principalId,
     Map<String, String> additionalPermissionDetails,
     Map<String, String> additionalRoleQualifiers) {
   return documentAuthorizer.isAuthorizedByTemplate(
       businessObject,
       namespaceCode,
       permissionTemplateName,
       principalId,
       additionalPermissionDetails,
       additionalRoleQualifiers);
 }

示例#3

文件： SecTransactionalDocumentAuthorizer.java 项目： r351574nc3/kfs-maven

  /**
   * If user has open permission then does further checks to verify there are no access security
   * restriction setup that prevents the user from opening the document
   *
   * @see
   *     org.kuali.rice.kns.document.authorization.DocumentAuthorizer#canOpen(org.kuali.rice.kns.document.Document,
   *     org.kuali.rice.kim.bo.Person)
   */
  public boolean canOpen(Document document, Person user) {
    AccessSecurityService securityService = SpringContext.getBean(AccessSecurityService.class);

    boolean canOpen = documentAuthorizer.canOpen(document, user);
    if (canOpen) {
      AccessSecurityRestrictionInfo restrictionInfo = new AccessSecurityRestrictionInfo();
      canOpen =
          securityService.canViewDocument((AccountingDocument) document, user, restrictionInfo);
      if (!canOpen) {
        GlobalVariables.getUserSession()
            .addObject(
                SecConstants.OPEN_DOCUMENT_SECURITY_ACCESS_DENIED_ERROR_KEY, restrictionInfo);
      }
    }

    return canOpen;
  }

示例#4

文件： SecTransactionalDocumentAuthorizer.java 项目： r351574nc3/kfs-maven

  /**
   * If user has permission to view notes/attachments then does further checks to verify there are
   * no access security restriction setup that prevents the user from viewing the notes/attachments
   *
   * @see
   *     org.kuali.rice.kns.document.authorization.DocumentAuthorizer#canViewNoteAttachment(org.kuali.rice.kns.document.Document,
   *     java.lang.String, org.kuali.rice.kim.bo.Person)
   */
  public boolean canViewNoteAttachment(Document document, String attachmentTypeCode, Person user) {
    AccessSecurityService securityService = SpringContext.getBean(AccessSecurityService.class);

    boolean canView = documentAuthorizer.canViewNoteAttachment(document, attachmentTypeCode, user);
    if (canView) {
      canView =
          securityService.canViewDocumentNotesAttachments((AccountingDocument) document, user);

      if (!canView) {
        GlobalVariables.getMessageMap()
            .putInfo(
                KFSConstants.GLOBAL_ERRORS,
                SecKeyConstants.MESSAGE_DOCUMENT_NOTES_RESTRICTED,
                (String) null);
      }
    }

    return canView;
  }

示例#5

文件： CuRequisitionAction.java 项目： CU-CommunityApps/cu-kfs

  /**
   * Creates a requisition document based on information from an I Want document.
   *
   * @param mapping
   * @param form
   * @param request
   * @param response
   * @return
   * @throws Exception
   */
  @SuppressWarnings("deprecation")
  public ActionForward createReqFromIWantDoc(
      ActionMapping mapping,
      ActionForm form,
      HttpServletRequest request,
      HttpServletResponse response)
      throws Exception {

    String iWantDocumentNumber = request.getParameter(KRADConstants.PARAMETER_DOC_ID);
    RequisitionForm requisitionForm = (RequisitionForm) form;

    IWantDocument iWantDocument =
        (IWantDocument) getDocumentService().getByDocumentHeaderId(iWantDocumentNumber);
    if (iWantDocument == null) {
      throw new WorkflowException(
          "Could not find IWantDocument with ID '" + iWantDocumentNumber + "'");
    }

    // Make sure the user is authorized to create the req in this manner.
    TransactionalDocumentPresentationController pControl =
        (TransactionalDocumentPresentationController)
            getDocumentHelperService().getDocumentPresentationController(iWantDocument);
    TransactionalDocumentAuthorizer authorizer =
        (TransactionalDocumentAuthorizer)
            getDocumentHelperService().getDocumentAuthorizer(iWantDocument);
    Set<String> iwntEditModes =
        authorizer.getEditModes(
            iWantDocument,
            GlobalVariables.getUserSession().getPerson(),
            pControl.getEditModes(iWantDocument));
    if (!iwntEditModes.contains(CUPurapConstants.IWNT_DOC_CREATE_REQ)) {
      throw new AuthorizationException(
          GlobalVariables.getUserSession().getPrincipalId(),
          CUPurapConstants.IWNT_DOC_CREATE_REQ,
          CuRequisitionDocument.class.getSimpleName(),
          "user is not authorized to create requisitions from IWantDocument '"
              + iWantDocumentNumber
              + "'",
          Collections.<String, Object>emptyMap());
    }

    // Do not allow the req to be created if the IWNT doc is already associated with another req.
    if (iWantDocument != null
        && (StringUtils.isNotBlank(iWantDocument.getReqsDocId())
            || StringUtils.isNotBlank(iWantDocument.getDvDocId()))) {
      throw new WorkflowException(
          "Cannot create requisition from IWantDocument '"
              + iWantDocumentNumber
              + "' because a DV or Requisition has already been created from that document");
    }

    IWantDocumentService iWantDocumentService = SpringContext.getBean(IWantDocumentService.class);

    createDocument(requisitionForm);

    RequisitionDocument requisitionDocument = requisitionForm.getRequisitionDocument();

    iWantDocumentService.setUpRequisitionDetailsFromIWantDoc(
        iWantDocument, requisitionDocument, requisitionForm);

    // Set the requisition doc ID reference on the IWantDocument.
    iWantDocument.setReqsDocId(requisitionDocument.getDocumentNumber());
    SpringContext.getBean(PurapService.class).saveDocumentNoValidation(iWantDocument);

    return mapping.findForward(RiceConstants.MAPPING_BASIC);
  }

示例#6

文件： SecTransactionalDocumentAuthorizer.java 项目： r351574nc3/kfs-maven

 public boolean canSendAdHocRequests(Document document, String actionRequestCd, Person user) {
   return documentAuthorizer.canSendAdHocRequests(document, actionRequestCd, user);
 }

示例#7

文件： SecTransactionalDocumentAuthorizer.java 项目： r351574nc3/kfs-maven

 public boolean canReceiveAdHoc(Document document, Person user, String actionRequestCode) {
   return documentAuthorizer.canReceiveAdHoc(document, user, actionRequestCode);
 }

示例#8

文件： SecTransactionalDocumentAuthorizer.java 项目： r351574nc3/kfs-maven

 public boolean canInitiate(String documentTypeName, Person user) {
   return documentAuthorizer.canInitiate(documentTypeName, user);
 }

示例#9

文件： SecTransactionalDocumentAuthorizer.java 项目： r351574nc3/kfs-maven

 public boolean canDeleteNoteAttachment(
     Document document, String attachmentTypeCode, String createdBySelfOnly, Person user) {
   return documentAuthorizer.canDeleteNoteAttachment(
       document, attachmentTypeCode, createdBySelfOnly, user);
 }

示例#10

文件： SecTransactionalDocumentAuthorizer.java 项目： r351574nc3/kfs-maven

 public boolean canAddNoteAttachment(Document document, String attachmentTypeCode, Person user) {
   return documentAuthorizer.canAddNoteAttachment(document, attachmentTypeCode, user);
 }

示例#11

文件： SecTransactionalDocumentAuthorizer.java 项目： r351574nc3/kfs-maven

 public Set<String> getEditModes(Document document, Person user, Set<String> editModes) {
   return documentAuthorizer.getEditModes(document, user, editModes);
 }

示例#12

文件： SecTransactionalDocumentAuthorizer.java 项目： r351574nc3/kfs-maven

 public Map<String, String> getCollectionItemRoleQualifications(
     BusinessObject collectionItemBusinessObject) {
   return documentAuthorizer.getCollectionItemRoleQualifications(collectionItemBusinessObject);
 }

示例#13

文件： SecTransactionalDocumentAuthorizer.java 项目： r351574nc3/kfs-maven

 public Map<String, String> getCollectionItemPermissionDetails(
     BusinessObject collectionItemBusinessObject) {
   return documentAuthorizer.getCollectionItemPermissionDetails(collectionItemBusinessObject);
 }

示例#14

文件： SecTransactionalDocumentAuthorizer.java 项目： r351574nc3/kfs-maven

  /**
   * If there are line restrictions and the initiator override flag is turned on, we need to disable
   * the copy and error correct buttons since those would result in documents displaying the
   * restricted lines
   *
   * @see
   *     org.kuali.rice.kns.document.authorization.DocumentAuthorizer#getDocumentActions(org.kuali.rice.kns.document.Document,
   *     org.kuali.rice.kim.bo.Person, java.util.Set)
   */
  public Set<String> getDocumentActions(
      Document document, Person user, Set<String> documentActions) {
    Set<String> documentActionsToReturn =
        documentAuthorizer.getDocumentActions(document, user, documentActions);

    AccessSecurityService securityService = SpringContext.getBean(AccessSecurityService.class);

    boolean alwaysAllowInitiatorAccess =
        SpringContext.getBean(ParameterService.class)
            .getIndicatorParameter(
                SecConstants.ACCESS_SECURITY_NAMESPACE_CODE,
                SecConstants.ALL_PARAMETER_DETAIL_COMPONENT,
                SecConstants.SecurityParameterNames.ALWAYS_ALLOW_INITIATOR_LINE_ACCESS_IND);
    if (alwaysAllowInitiatorAccess) {
      // determine if any lines are view restricted
      boolean hasViewRestrictions = false;

      AccountingDocument accountingDocument = (AccountingDocument) document;
      for (Iterator iterator = accountingDocument.getSourceAccountingLines().iterator();
          iterator.hasNext(); ) {
        AccountingLine line = (AccountingLine) iterator.next();
        if (!securityService.canViewDocumentAccountingLine(accountingDocument, line, user)) {
          hasViewRestrictions = true;
          break;
        }
      }

      if (!hasViewRestrictions) {
        for (Iterator iterator = accountingDocument.getTargetAccountingLines().iterator();
            iterator.hasNext(); ) {
          AccountingLine line = (AccountingLine) iterator.next();
          if (!securityService.canViewDocumentAccountingLine(accountingDocument, line, user)) {
            hasViewRestrictions = true;
            break;
          }
        }
      }

      // if we have restrictions then disable copy and error correction
      if (hasViewRestrictions) {
        if (documentActionsToReturn.contains(KNSConstants.KUALI_ACTION_CAN_COPY)) {
          documentActionsToReturn.remove(KNSConstants.KUALI_ACTION_CAN_COPY);
          GlobalVariables.getMessageMap()
              .putInfo(
                  KFSConstants.GLOBAL_ERRORS,
                  SecKeyConstants.MESSAGE_DOCUMENT_COPY_RESTRICTED,
                  (String) null);
        }

        if (documentActionsToReturn.contains(KFSConstants.KFS_ACTION_CAN_ERROR_CORRECT)) {
          documentActionsToReturn.remove(KFSConstants.KFS_ACTION_CAN_ERROR_CORRECT);
          GlobalVariables.getMessageMap()
              .putInfo(
                  KFSConstants.GLOBAL_ERRORS,
                  SecKeyConstants.MESSAGE_DOCUMENT_ERROR_CORRECT_RESTRICTED,
                  (String) null);
        }
      }
    }

    return documentActionsToReturn;
  }