001 /*
002 * Copyright 2011 The Kuali Foundation.
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.kfs.sec.document.validation.impl;
017
018 import org.kuali.kfs.sec.SecKeyConstants;
019 import org.kuali.kfs.sec.businessobject.AccessSecurityRestrictionInfo;
020 import org.kuali.kfs.sec.service.AccessSecurityService;
021 import org.kuali.kfs.sys.businessobject.AccountingLine;
022 import org.kuali.kfs.sys.context.SpringContext;
023 import org.kuali.kfs.sys.document.AccountingDocument;
024 import org.kuali.kfs.sys.document.validation.event.AccountingLineEvent;
025 import org.kuali.kfs.sys.document.validation.event.AddAccountingLineEvent;
026 import org.kuali.kfs.sys.document.validation.event.AttributedDocumentEvent;
027 import org.kuali.kfs.sys.document.validation.event.UpdateAccountingLineEvent;
028 import org.kuali.kfs.sys.document.validation.impl.AccountingRuleEngineRuleBase;
029 import org.kuali.rice.kns.util.GlobalVariables;
030
031
032 /**
033 * Hooks into rules to make access security checks for accounting documents
034 */
035 public class AccessSecurityAccountingDocumentRuleBase extends AccountingRuleEngineRuleBase {
036
037 /**
038 * For add or update accounting line events checks the given user has access permissions for the line
039 *
040 * @see org.kuali.kfs.sys.document.validation.impl.AccountingRuleEngineRuleBase#validateForEvent(org.kuali.kfs.sys.document.validation.event.AttributedDocumentEvent)
041 */
042 @Override
043 public boolean validateForEvent(AttributedDocumentEvent event) {
044 boolean isValid = super.validateForEvent(event);
045
046 if (isValid && (event instanceof AddAccountingLineEvent || event instanceof UpdateAccountingLineEvent)) {
047 AccountingLineEvent accountingLineEvent = (AccountingLineEvent) event;
048 isValid = checkEditAccessForAccountingLine((AccountingDocument) accountingLineEvent.getDocument(), accountingLineEvent.getAccountingLine());
049 }
050
051 return isValid;
052 }
053
054 /**
055 * Calls AccessSecurityService to check access edit permissions on accounting line for the current user
056 *
057 * @param document AccountingDocument containing the line to check
058 * @param line AccountingLine to check access on
059 * @return boolean true if user is allowed to edit the accounting line, false if the user is not allowed to
060 */
061 protected boolean checkEditAccessForAccountingLine(AccountingDocument document, AccountingLine line) {
062 boolean editAccessAllowed = true;
063
064 AccessSecurityRestrictionInfo restrictionInfo = new AccessSecurityRestrictionInfo();
065 boolean hasEditAccessPermission = SpringContext.getBean(AccessSecurityService.class).canEditDocumentAccountingLine(document, line, GlobalVariables.getUserSession().getPerson(), restrictionInfo);
066
067 if (!hasEditAccessPermission) {
068 GlobalVariables.getMessageMap().putError(restrictionInfo.getPropertyName(), SecKeyConstants.ERROR_ACCOUNTING_LINE_ADD_OR_UPDATE, restrictionInfo.getPropertyLabel(), restrictionInfo.getRetrictedValue());
069 editAccessAllowed = false;
070 }
071
072 return editAccessAllowed;
073 }
074
075 }