001 /* 002 * Copyright 2011 The Kuali Foundation. 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 package org.kuali.kfs.sys.document.workflow; 017 018 import java.util.Arrays; 019 import java.util.List; 020 021 import org.kuali.kfs.sys.context.SpringContext; 022 import org.kuali.kfs.sys.document.datadictionary.FinancialSystemTransactionalDocumentEntry; 023 import org.kuali.rice.kew.doctype.SecurityAttribute; 024 import org.kuali.rice.kew.exception.WorkflowException; 025 import org.kuali.rice.kew.service.WorkflowUtility; 026 import org.kuali.rice.kim.bo.Person; 027 import org.kuali.rice.kns.datadictionary.DocumentEntry; 028 import org.kuali.rice.kns.document.Document; 029 import org.kuali.rice.kns.document.authorization.DocumentAuthorizer; 030 import org.kuali.rice.kns.service.DataDictionaryService; 031 import org.kuali.rice.kns.service.DocumentHelperService; 032 import org.kuali.rice.kns.service.DocumentService; 033 034 /** 035 * This class... 036 */ 037 public class SensitiveDataSecurityAttribute implements SecurityAttribute { 038 039 private WorkflowUtility workflowUtils = SpringContext.getBean(WorkflowUtility.class); 040 private DocumentHelperService docHelperService = SpringContext.getBean(DocumentHelperService.class); 041 private DocumentService docService = SpringContext.getBean(DocumentService.class); 042 043 /** 044 * @see org.kuali.rice.kew.doctype.SecurityAttribute#docSearchAuthorized(org.kuali.rice.kew.doctype.DocumentTypeSecurity, org.kuali.rice.kim.bo.Person, java.util.List, java.lang.String, java.lang.Long, java.lang.String, org.kuali.rice.kew.doctype.SecuritySession) 045 */ 046 public Boolean docSearchAuthorized(Person currentUser, String docTypeName, Long documentId, String initiatorPrincipalId) { 047 048 return isVisable(currentUser, docTypeName, documentId); 049 050 } 051 052 /** 053 * @see org.kuali.rice.kew.doctype.SecurityAttribute#routeLogAuthorized(org.kuali.rice.kew.doctype.DocumentTypeSecurity, org.kuali.rice.kim.bo.Person, java.util.List, java.lang.String, java.lang.Long, java.lang.String, org.kuali.rice.kew.doctype.SecuritySession) 054 */ 055 public Boolean routeLogAuthorized(Person currentUser, String docTypeName, Long documentId, String initiatorPrincipalId) { 056 057 return isVisable(currentUser, docTypeName, documentId); 058 } 059 060 private final Boolean isVisable(Person currentUser, String docTypeName, Long documentId) { 061 062 final DocumentEntry docEntry = SpringContext.getBean(DataDictionaryService.class).getDataDictionary().getDocumentEntry(docTypeName); 063 if (docEntry instanceof FinancialSystemTransactionalDocumentEntry) { 064 if (((FinancialSystemTransactionalDocumentEntry)docEntry).isPotentiallySensitive()) { 065 String[] sensitiveDataCodeArray = workflowUtils.getSearchableAttributeStringValuesByKey(documentId, "sensitive"); 066 if (sensitiveDataCodeArray != null && sensitiveDataCodeArray.length > 0) { 067 List<String> sensitiveDataCode = Arrays.asList(sensitiveDataCodeArray); 068 if ( sensitiveDataCode != null && sensitiveDataCode.contains("Y")) { 069 070 DocumentAuthorizer docAuthorizer = docHelperService.getDocumentAuthorizer(docTypeName); 071 Document doc = null; 072 try { 073 doc = docService.getByDocumentHeaderIdSessionless(documentId.toString()); 074 } catch(WorkflowException we) { 075 throw new RuntimeException(we); 076 } 077 return docAuthorizer.canOpen(doc, currentUser); 078 } 079 } 080 } 081 } 082 return true; 083 084 } 085 086 }