Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.kuali.kfs.sec.document
Class SecurityDefinitionMaintainableImpl

java.lang.Object
  extended by org.kuali.rice.kns.maintenance.KualiMaintainableImpl
      extended by org.kuali.kfs.sys.document.FinancialSystemMaintainable
          extended by org.kuali.kfs.sec.document.SecurityDefinitionMaintainableImpl
All Implemented Interfaces:
Serializable, org.kuali.rice.kns.lookup.SelectiveReferenceRefresher, org.kuali.rice.kns.maintenance.Maintainable
public class SecurityDefinitionMaintainableImpl
extends FinancialSystemMaintainable

Maintainable implementation for the Security Definition maintenance document. Hooks into Post processing to create the KIM permissions from the definition records

See Also:
Serialized Form

Field Summary
 
Fields inherited from class org.kuali.rice.kns.maintenance.KualiMaintainableImpl
boClass, businessObject, businessObjectAuthorizationService, businessObjectDictionaryService, businessObjectMetaDataService, businessObjectService, dataDictionaryService, docTypeName, documentHelperService, documentNumber, encryptionService, inactiveRecordDisplay, maintenanceAction, maintenanceDocumentDictionaryService, maintenanceDocumentService, newCollectionLines, persistenceStructureService, personService
 
Constructor Summary
SecurityDefinitionMaintainableImpl()
           
 
Method Summary
protected  void createNewDocumentTypePermissions(String documentType, boolean active, SecurityDefinition newSecurityDefinition)
          Checks the document restrict flags on the security definition and if true calls helper method to create a new permission
protected  void createOrUpdateDefinitionRole(SecurityDefinition oldSecurityDefinition, SecurityDefinition newSecurityDefinition)
          Creates a new role for the definition (if the definition is new), then grants to the role any new permissions granted for the definition.
protected  void createOrUpdateDocumentPermissions(SecurityDefinition oldSecurityDefinition, SecurityDefinition newSecurityDefinition, boolean newMaintenanceAction)
          Iterates through the document types and creates any new document permissions necessary or updates old permissions setting inactive if needed
protected  void createOrUpdateDocumentTypePermission(String documentType, boolean active, SecurityDefinition oldSecurityDefinition, SecurityDefinition newSecurityDefinition, String templateId)
          First tries to find an existing permission for the document type, template, and definition.
protected  void createOrUpdateDocumentTypePermissions(String documentType, boolean active, SecurityDefinition oldSecurityDefinition, SecurityDefinition newSecurityDefinition)
          For each of the document templates ids calls helper method to create or update corresponding permission
protected  void createOrUpdateInquiryPermissions(SecurityDefinition oldSecurityDefinition, SecurityDefinition newSecurityDefinition, boolean newMaintenanceAction)
          First tries to find inquiry permissions for GL namespace and LD namespace.
protected  void createOrUpdateLookupPermission(SecurityDefinition oldSecurityDefinition, SecurityDefinition newSecurityDefinition, boolean newMaintenanceAction)
          First tries to retrieve a lookup permission previously setup for this definition.
 void doRouteStatusChange(org.kuali.rice.kns.bo.DocumentHeader documentHeader)
           
protected  org.kuali.rice.kim.bo.role.dto.KimPermissionInfo findDocumentPermission(SecurityDefinition securityDefinition, String templateId, String documentType)
          Calls helper method to find all permissions for the given template ID and security defintion name (permission name).
protected  List<org.kuali.rice.kim.bo.role.dto.KimPermissionInfo> findSecurityPermissionsByNameAndTemplate(String permissionName, String templateId)
          Calls permission service to find all permissions for the given name.
protected  boolean isDocumentTypeInDefinition(String documentType, SecurityDefinition oldSecurityDefinition)
          Determines whether a given document type name is included in the document type list for the given security definition
protected  org.kuali.rice.kim.bo.types.dto.AttributeSet populateDocumentTypePermissionDetails(String documentType, SecurityDefinition securityDefinition)
          Builds an AttributeSet populated from the given method parameters.
protected  org.kuali.rice.kim.bo.types.dto.AttributeSet populateInquiryPermissionDetails(String namespaceCode, SecurityDefinition securityDefinition)
          Builds an AttributeSet populated from the given method parameters.
protected  org.kuali.rice.kim.bo.types.dto.AttributeSet populateLookupPermissionDetails(SecurityDefinition securityDefinition)
          Builds an AttributeSet populated from the given method parameters.
 void processAfterCopy(org.kuali.rice.kns.document.MaintenanceDocument document, Map<String,String[]> parameters)
          Override to clear out KIM role id on copy
 void refresh(String refreshCaller, Map fieldValues, org.kuali.rice.kns.document.MaintenanceDocument document)
           
protected  void savePermission(SecurityDefinition securityDefinition, String permissionId, String permissionTemplateId, boolean active, org.kuali.rice.kim.bo.types.dto.AttributeSet permissionDetails)
          Calls PermissionUpdateService to save a permission.
 
Methods inherited from class org.kuali.kfs.sys.document.FinancialSystemMaintainable
answerSplitNodeQuestion, populateChartOfAccountsCodeFields, processAfterPost, processBeforeAddLine, refreshReferences
 
Methods inherited from class org.kuali.rice.kns.maintenance.KualiMaintainableImpl
addMultipleValueLookupResults, addNewLineToCollection, clearBusinessObjectOfRestrictedValues, clearCollectionRestrictedValues, clearFieldRestrictedValues, decryptEncryptedData, deleteBusinessObject, generateAllAffectedReferences, generateMaintenanceLocks, getAffectedReferencesFromLookup, getAllRefreshableReferences, getBoClass, getBusinessObject, getBusinessObjectAuthorizationService, getBusinessObjectDictionaryService, getBusinessObjectMetaDataService, getBusinessObjectService, getCoreSections, getCustomLockDescriptor, getDataDictionaryService, getDocumentHelperService, getDocumentTitle, getDocumentTypeName, getDuplicateIdentifierFieldsFromDataDictionary, getEncryptionService, getInactiveRecordDisplay, getLockingDocumentId, getMaintainableTitle, getMaintenanceAction, getMaintenanceDocumentDictionaryService, getMaintenanceDocumentService, getMultiValueIdentifierList, getNewCollectionLine, getPersistenceStructureService, getPersonService, getSections, getShowInactiveRecords, getWorkflowEngineDocumentIdsToLock, hasBusinessObjectExisted, initNewCollectionLine, isBoNotesEnabled, isExternalBusinessObject, isOldBusinessObjectInDocument, isRelationshipRefreshable, performCollectionForceUpperCase, performFieldForceUpperCase, performFieldForceUpperCase, performForceUpperCase, populateBusinessObject, populateNewCollectionLines, populateNewSubCollectionLines, prepareBusinessObject, prepareBusinessObjectForAdditionFromMultipleValueLookup, prepareForSave, processAfterAddLine, processAfterEdit, processAfterNew, processAfterRetrieve, saveBusinessObject, setBoClass, setBusinessObject, setDocumentNumber, setGenerateBlankRequiredValues, setGenerateDefaultValues, setMaintenanceAction, setNewCollectionLineDefaultValues, setShowInactiveRecords, setupNewFromExisting, shouldFieldBeEncrypted, useCustomLockDescriptors
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecurityDefinitionMaintainableImpl

public SecurityDefinitionMaintainableImpl()
Method Detail

refresh

public void refresh(String refreshCaller,
                    Map fieldValues,
                    org.kuali.rice.kns.document.MaintenanceDocument document)
Specified by:
refresh in interface org.kuali.rice.kns.maintenance.Maintainable
Overrides:
refresh in class org.kuali.rice.kns.maintenance.KualiMaintainableImpl
See Also:
KualiMaintainableImpl.refresh(java.lang.String, java.util.Map, org.kuali.rice.kns.document.MaintenanceDocument)

doRouteStatusChange

public void doRouteStatusChange(org.kuali.rice.kns.bo.DocumentHeader documentHeader)
Specified by:
doRouteStatusChange in interface org.kuali.rice.kns.maintenance.Maintainable
Overrides:
doRouteStatusChange in class org.kuali.rice.kns.maintenance.KualiMaintainableImpl
See Also:
KualiMaintainableImpl.doRouteStatusChange(org.kuali.rice.kns.bo.DocumentHeader)

createOrUpdateDefinitionRole

protected void createOrUpdateDefinitionRole(SecurityDefinition oldSecurityDefinition,
                                            SecurityDefinition newSecurityDefinition)
Creates a new role for the definition (if the definition is new), then grants to the role any new permissions granted for the definition. Also update role active indicator if indicator changed values on the definition

Parameters:
oldSecurityDefinition - SecurityDefinition record before updates
newSecurityDefinition - SecurityDefinition after updates

createOrUpdateDocumentPermissions

protected void createOrUpdateDocumentPermissions(SecurityDefinition oldSecurityDefinition,
                                                 SecurityDefinition newSecurityDefinition,
                                                 boolean newMaintenanceAction)
Iterates through the document types and creates any new document permissions necessary or updates old permissions setting inactive if needed

Parameters:
oldSecurityDefinition - SecurityDefiniton record before requested changes (old side of maintenance document)
newSecurityDefinition - SecurityDefinition record with requested changes (new side of maintenance document)
newMaintenanceAction - Indicates whether this is a new maintenance record (old side in empty)

createOrUpdateLookupPermission

protected void createOrUpdateLookupPermission(SecurityDefinition oldSecurityDefinition,
                                              SecurityDefinition newSecurityDefinition,
                                              boolean newMaintenanceAction)
First tries to retrieve a lookup permission previously setup for this definition. If old permission found it will be updated with the new details and its active indicator will be set based on the definition active indicator and restrict lookup indicator value. If old permission does not exist but restrict lookup indicator is true on new side then a new permission will be created and will be active if definition is active on new side.

Parameters:
oldSecurityDefinition - SecurityDefiniton record before requested changes (old side of maintenance document)
newSecurityDefinition - SecurityDefinition record with requested changes (new side of maintenance document)
newMaintenanceAction - Indicates whether this is a new maintenance record (old side in empty)

createOrUpdateInquiryPermissions

protected void createOrUpdateInquiryPermissions(SecurityDefinition oldSecurityDefinition,
                                                SecurityDefinition newSecurityDefinition,
                                                boolean newMaintenanceAction)
First tries to find inquiry permissions for GL namespace and LD namespace. If old permissions are found they will be updated with the new details and active indicator will be set based on the definition active indicator and restrict gl indicator (for gl inqury permission) and restrict ld inquiry (for ld inquiry permission). If an old permission does not exist for one or both of the namespaces and the corresponding indicators are set to true on new side then new permissions will be created with active indicator set to true if definition is active on new side.

Parameters:
oldSecurityDefinition - SecurityDefiniton record before requested changes (old side of maintenance document)
newSecurityDefinition - SecurityDefinition record with requested changes (new side of maintenance document)
newMaintenanceAction - Indicates whether this is a new maintenance record (old side in empty)

createNewDocumentTypePermissions

protected void createNewDocumentTypePermissions(String documentType,
                                                boolean active,
                                                SecurityDefinition newSecurityDefinition)
Checks the document restrict flags on the security definition and if true calls helper method to create a new permission

Parameters:
documentType - workflow document type name for permission detail
active - boolean indicating whether the permissions should be set to active (true) or non-active (false)
newSecurityDefinition - SecurityDefintion which contains values for the permissions

createOrUpdateDocumentTypePermissions

protected void createOrUpdateDocumentTypePermissions(String documentType,
                                                     boolean active,
                                                     SecurityDefinition oldSecurityDefinition,
                                                     SecurityDefinition newSecurityDefinition)
For each of the document templates ids calls helper method to create or update corresponding permission

Parameters:
documentType - workflow document type name for permission detail
active - boolean indicating whether the permissions should be set to active (true) or non-active (false)
oldSecurityDefinition - SecurityDefiniton record before requested changes (old side of maintenance document)
newSecurityDefinition - SecurityDefinition record with requested changes (new side of maintenance document)

createOrUpdateDocumentTypePermission

protected void createOrUpdateDocumentTypePermission(String documentType,
                                                    boolean active,
                                                    SecurityDefinition oldSecurityDefinition,
                                                    SecurityDefinition newSecurityDefinition,
                                                    String templateId)
First tries to find an existing permission for the document type, template, and definition. If found the permission will be updated with the new details and the active indicator will be updated based on the active parameter. If not found and active parameter is true, then a new permission is created for the given doc type, template, and definition.

Parameters:
documentType - workflow document type name for permission detail
active - boolean indicating whether the permissions should be set to active (true) or non-active (false)
oldSecurityDefinition - SecurityDefiniton record before requested changes (old side of maintenance document)
newSecurityDefinition - SecurityDefinition record with requested changes (new side of maintenance document)
templateId - KIM template id for the permission record that is should be created or updated

populateDocumentTypePermissionDetails

protected org.kuali.rice.kim.bo.types.dto.AttributeSet populateDocumentTypePermissionDetails(String documentType,
                                                                                             SecurityDefinition securityDefinition)
Builds an AttributeSet populated from the given method parameters. Details are set based on the KIM 'Security Document Permission' type.

Parameters:
documentType - workflow document type name
securityDefinition - SecurityDefiniton record
Returns:
AttributeSet populated with document type name, property name, operator, and property value details

populateLookupPermissionDetails

protected org.kuali.rice.kim.bo.types.dto.AttributeSet populateLookupPermissionDetails(SecurityDefinition securityDefinition)
Builds an AttributeSet populated from the given method parameters. Details are set based on the KIM 'Security Lookup Permission' type.

Parameters:
securityDefinition - SecurityDefiniton record
Returns:
AttributeSet populated with property name, operator, and property value details

populateInquiryPermissionDetails

protected org.kuali.rice.kim.bo.types.dto.AttributeSet populateInquiryPermissionDetails(String namespaceCode,
                                                                                        SecurityDefinition securityDefinition)
Builds an AttributeSet populated from the given method parameters. Details are set based on the KIM 'Security Inquiry Permission' type.

Parameters:
namespaceCode - KIM namespace code
securityDefinition - SecurityDefiniton record
Returns:
AttributeSet populated with namespace, property name, operator, and property value details

findDocumentPermission

protected org.kuali.rice.kim.bo.role.dto.KimPermissionInfo findDocumentPermission(SecurityDefinition securityDefinition,
                                                                                  String templateId,
                                                                                  String documentType)
Calls helper method to find all permissions for the given template ID and security defintion name (permission name). Iterates through the results to find the permission with matching document type detail

Parameters:
securityDefinition - SecurityDefiniton record for permission
templateId - KIM template ID for permission
documentType - KEW document type name for permission detail
Returns:
KimPermissionInfo provides information on the matching permission

findSecurityPermissionsByNameAndTemplate

protected List<org.kuali.rice.kim.bo.role.dto.KimPermissionInfo> findSecurityPermissionsByNameAndTemplate(String permissionName,
                                                                                                          String templateId)
Calls permission service to find all permissions for the given name. Iterates through results and finds ones that match given template ID as well

Parameters:
permissionName - name of permission to find
templateId - KIM template ID of permission to find
Returns:
List List of matching permissions
See Also:
org.kuali.rice.kim.service.PermissionService#getPermissionsByName()

isDocumentTypeInDefinition

protected boolean isDocumentTypeInDefinition(String documentType,
                                             SecurityDefinition oldSecurityDefinition)
Determines whether a given document type name is included in the document type list for the given security definition

Parameters:
documentType - KEW document type name
oldSecurityDefinition - SecurityDefinition record
Returns:
boolean indicating whether the document type is associated with the given security definition

savePermission

protected void savePermission(SecurityDefinition securityDefinition,
                              String permissionId,
                              String permissionTemplateId,
                              boolean active,
                              org.kuali.rice.kim.bo.types.dto.AttributeSet permissionDetails)
Calls PermissionUpdateService to save a permission.

Parameters:
securityDefinition - SecurityDefinition record
permissionId - ID for the permission being saved, or empty for new permission
permissionTemplateId - KIM template ID for permission to save
active - boolean indicating whether the permission should be set to active (true) or non-active (false)
permissionDetails - AttributeSet representing the permission details
See Also:
org.kuali.rice.kim.service.PermissionUpdateService#savePermission()

processAfterCopy

public void processAfterCopy(org.kuali.rice.kns.document.MaintenanceDocument document,
                             Map<String,String[]> parameters)
Override to clear out KIM role id on copy

Specified by:
processAfterCopy in interface org.kuali.rice.kns.maintenance.Maintainable
Overrides:
processAfterCopy in class org.kuali.rice.kns.maintenance.KualiMaintainableImpl
See Also:
KualiMaintainableImpl.processAfterCopy(org.kuali.rice.kns.document.MaintenanceDocument, java.util.Map)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2005-2012 The Kuali Foundation. All Rights Reserved.