001    /*
002     * Copyright 2011 The Kuali Foundation.
003     * 
004     * Licensed under the Educational Community License, Version 2.0 (the "License");
005     * you may not use this file except in compliance with the License.
006     * You may obtain a copy of the License at
007     * 
008     * http://www.opensource.org/licenses/ecl2.php
009     * 
010     * Unless required by applicable law or agreed to in writing, software
011     * distributed under the License is distributed on an "AS IS" BASIS,
012     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013     * See the License for the specific language governing permissions and
014     * limitations under the License.
015     */
016    package org.kuali.kfs.sys.document.workflow;
017    
018    import java.util.Arrays;
019    import java.util.List;
020    
021    import org.kuali.kfs.sys.context.SpringContext;
022    import org.kuali.kfs.sys.document.datadictionary.FinancialSystemTransactionalDocumentEntry;
023    import org.kuali.rice.kew.doctype.SecurityAttribute;
024    import org.kuali.rice.kew.exception.WorkflowException;
025    import org.kuali.rice.kew.service.WorkflowUtility;
026    import org.kuali.rice.kim.bo.Person;
027    import org.kuali.rice.kns.datadictionary.DocumentEntry;
028    import org.kuali.rice.kns.document.Document;
029    import org.kuali.rice.kns.document.authorization.DocumentAuthorizer;
030    import org.kuali.rice.kns.service.DataDictionaryService;
031    import org.kuali.rice.kns.service.DocumentHelperService;
032    import org.kuali.rice.kns.service.DocumentService;
033    
034    /**
035     * This class...
036     */
037    public class SensitiveDataSecurityAttribute implements SecurityAttribute {
038    
039        private WorkflowUtility workflowUtils = SpringContext.getBean(WorkflowUtility.class);
040        private DocumentHelperService docHelperService = SpringContext.getBean(DocumentHelperService.class);
041        private DocumentService docService = SpringContext.getBean(DocumentService.class);
042    
043        /**
044         * @see org.kuali.rice.kew.doctype.SecurityAttribute#docSearchAuthorized(org.kuali.rice.kew.doctype.DocumentTypeSecurity, org.kuali.rice.kim.bo.Person, java.util.List, java.lang.String, java.lang.Long, java.lang.String, org.kuali.rice.kew.doctype.SecuritySession)
045         */
046        public Boolean docSearchAuthorized(Person currentUser, String docTypeName, Long documentId, String initiatorPrincipalId) {
047    
048            return isVisable(currentUser, docTypeName, documentId);
049            
050        }
051    
052        /**
053         * @see org.kuali.rice.kew.doctype.SecurityAttribute#routeLogAuthorized(org.kuali.rice.kew.doctype.DocumentTypeSecurity, org.kuali.rice.kim.bo.Person, java.util.List, java.lang.String, java.lang.Long, java.lang.String, org.kuali.rice.kew.doctype.SecuritySession)
054         */
055        public Boolean routeLogAuthorized(Person currentUser, String docTypeName, Long documentId, String initiatorPrincipalId) {
056    
057            return isVisable(currentUser, docTypeName, documentId);
058        }
059        
060        private final Boolean isVisable(Person currentUser, String docTypeName, Long documentId) {
061            
062            final DocumentEntry docEntry = SpringContext.getBean(DataDictionaryService.class).getDataDictionary().getDocumentEntry(docTypeName);
063            if (docEntry instanceof FinancialSystemTransactionalDocumentEntry) {
064                if (((FinancialSystemTransactionalDocumentEntry)docEntry).isPotentiallySensitive()) {
065                    String[] sensitiveDataCodeArray = workflowUtils.getSearchableAttributeStringValuesByKey(documentId, "sensitive");
066                    if (sensitiveDataCodeArray != null && sensitiveDataCodeArray.length > 0) {
067                        List<String> sensitiveDataCode = Arrays.asList(sensitiveDataCodeArray);
068                        if ( sensitiveDataCode != null && sensitiveDataCode.contains("Y")) {
069        
070                            DocumentAuthorizer docAuthorizer = docHelperService.getDocumentAuthorizer(docTypeName);
071                            Document doc = null;
072                            try {
073                                doc = docService.getByDocumentHeaderIdSessionless(documentId.toString());
074                            } catch(WorkflowException we) {
075                                throw new RuntimeException(we);
076                            }
077                            return docAuthorizer.canOpen(doc, currentUser);
078                        }
079                    }
080                }
081            }
082            return true;
083            
084        }
085    
086    }