001 /*
002 * Copyright 2011 The Kuali Foundation.
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.kfs.sec.service;
017
018 import java.util.List;
019
020 import org.kuali.kfs.sec.businessobject.AccessSecurityRestrictionInfo;
021 import org.kuali.kfs.sys.businessobject.AccountingLine;
022 import org.kuali.kfs.sys.document.AccountingDocument;
023 import org.kuali.rice.kim.bo.Person;
024 import org.kuali.rice.kim.bo.types.dto.AttributeSet;
025 import org.kuali.rice.kns.bo.BusinessObject;
026
027
028 /**
029 * Exposes methods to apply access security restrictions to business objects from the various framework points (lookups, inquiries,
030 * document accounting lines)
031 */
032 public interface AccessSecurityService {
033
034 /**
035 * Retrieves any setup security permissions (with lookup template) for the given person and evaluates against List of business
036 * objects. Any instances not passing validation are removed from given list.
037 *
038 * @param results List of business object instances with data to check
039 * @param person Person to apply security for
040 */
041 public void applySecurityRestrictionsForLookup(List<? extends BusinessObject> results, Person person);
042
043 /**
044 * Retrieves any setup security permissions (with gl inquiry template) for the given person and evaluates against List of
045 * business objects. Any instances not passing validation are removed from given list.
046 *
047 * @param results List of business object instances with data to check
048 * @param person Person to apply security for
049 */
050 public void applySecurityRestrictionsForGLInquiry(List<? extends BusinessObject> results, Person person);
051
052 /**
053 * Retrieves any setup security permissions (with ld inquiry template) for the given person and evaluates against List of
054 * business objects. Any instances not passing validation are removed from given list.
055 *
056 * @param results List of business object instances with data to check
057 * @param person Person to apply security for
058 */
059 public void applySecurityRestrictionsForLaborInquiry(List<? extends BusinessObject> results, Person person);
060
061 /**
062 * Retrieves any setup security permissions for the given person and evaluates against List of business objects. Any instances
063 * not passing validation are removed from given list.
064 *
065 * @param results List of business object instances with data to check
066 * @param person Person to apply security for
067 * @param templateId KIM template id for permissions to check
068 * @param additionalPermissionDetails Any additional details that should be matched on when retrieving permissions
069 */
070 public void applySecurityRestrictions(List<? extends BusinessObject> results, Person person, String templateId, AttributeSet additionalPermissionDetails);
071
072 /**
073 * Retrieves any access security permissions that are assigned to the user and applicable for the given business object, then
074 * evaluates permissions against the business object instance
075 *
076 * @param businessObject BusinessObject instance to check access permissions against
077 * @param person Person to retrieve access permissions for
078 * @param restrictionInfo Object providing information on a restriction if one is found
079 * @return boolean true if all access permissions pass (or none are found), false if at least one access permission fails
080 */
081 public boolean checkSecurityRestrictionsForBusinessObject(BusinessObject businessObject, Person person, AccessSecurityRestrictionInfo restrictionInfo);
082
083 /**
084 * Checks any view access security permissions setup for the user and for accounting lines of the given document type
085 *
086 * @param document AccountingDocument that contains the line to be validated, doc type of instance is used for retrieving
087 * permissions
088 * @param accountingLine AccountingLine instance with values to check
089 * @param person the user who we are checking access for
090 * @return boolean true if user has view access for the accounting line, false otherwise
091 */
092 public boolean canViewDocumentAccountingLine(AccountingDocument document, AccountingLine accountingLine, Person person);
093
094 /**
095 * Checks any edit access security permissions setup for the user and for accounting lines of the given document type
096 *
097 * @param document AccountingDocument instance that contains the line to be validated, doc type of instance is used for
098 * retrieving permissions
099 * @param accountingLine AccountingLine instance with values to check
100 * @param person the user who we are checking access for
101 * @return boolean true if user has edit access for the accounting line, false otherwise
102 */
103 public boolean canEditDocumentAccountingLine(AccountingDocument document, AccountingLine accountingLine, Person person);
104
105 /**
106 * Checks any edit access security permissions setup for the user and for accounting lines of the given document type
107 *
108 * @param document AccountingDocument instance that contains the line to be validated, doc type of instance is used for
109 * retrieving permissions
110 * @param accountingLine AccountingLine instance with values to check
111 * @param person the user who we are checking access for
112 * @param restrictionInfo Object providing information on a restriction if one is found
113 * @return boolean true if user has edit access for the accounting line, false otherwise
114 */
115 public boolean canEditDocumentAccountingLine(AccountingDocument document, AccountingLine accountingLine, Person person, AccessSecurityRestrictionInfo restrictionInfo);
116
117 /**
118 * Checks view access on all accounting lines contained on the document for given user
119 *
120 * @param document AccountingDocument instance with accounting lines to check, doc type of instance is used for retrieving
121 * permissions
122 * @param person the user who we are checking access for
123 * @param restrictionInfo Object providing information on a restriction if one is found
124 * @return boolean true if the user has view access for all accounting lines on the document, false if access is denied on one
125 * or more lines
126 */
127 public boolean canViewDocument(AccountingDocument document, Person person, AccessSecurityRestrictionInfo restrictionInfo);
128
129 /**
130 * Checks edit access on all accounting lines contained on the document for given user
131 *
132 * @param document AccountingDocument instance with accounting lines to check, doc type of instance is used for retrieving
133 * permissions
134 * @param person the user who we are checking access for
135 * @return boolean true if the user has edit access for all accounting lines on the document, false if access is denied on one
136 * or more lines
137 */
138 public boolean canEditDocument(AccountingDocument document, Person person);
139
140 /**
141 * Checks access is allowed to view document notes based on the document's accounting lines
142 *
143 * @param document AccountingDocument instance with accounting lines to check, doc type of instance is used for retrieving
144 * permissions
145 * @param person the user who we are checking access for
146 * @return boolean true if the user has permission to view the notes/attachments, false otherwise
147 */
148 public boolean canViewDocumentNotesAttachments(AccountingDocument document, Person person);
149
150 /**
151 * Gets the View Document With Field Values template ID.
152 *
153 * @return the View Document With Field Values template ID
154 */
155 public String getViewDocumentWithFieldValueTemplateId();
156
157 /**
158 * Gets the View Accounting Line With Field Value Template Id.
159 *
160 * @return the View Accounting Line With Field Value Template Id
161 */
162 public String getViewAccountingLineWithFieldValueTemplateId();
163
164 /**
165 * Gets the View Notes Attachments With Field Value Template Id.
166 *
167 * @return the View Notes Attachments With Field Value Template Id
168 */
169 public String getViewNotesAttachmentsWithFieldValueTemplateId();
170
171 /**
172 * Gets the Edit Document With Field Value Template Id.
173 *
174 * @return the Edit Document With Field Value Template Id
175 */
176 public String getEditDocumentWithFieldValueTemplateId();
177
178 /**
179 * Gets the Edit Accounting Line With Field Value Template Id.
180 *
181 * @return the Edit Accounting Line With Field Value Template Id
182 */
183 public String getEditAccountingLineWithFieldValueTemplateId();
184
185 /**
186 * Gets the Lookup With Field Value Template Id.
187 *
188 * @return the Lookup With Field Value Template Id
189 */
190 public String getLookupWithFieldValueTemplateId();
191
192 /**
193 * Gets the Inquiry With Field Value Template Id.
194 *
195 * @return the InquiryWithFieldValueTemplateId
196 */
197 public String getInquiryWithFieldValueTemplateId();
198
199
200 }