001 /*
002 * Copyright 2011 The Kuali Foundation.
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.kfs.sys.document.workflow;
017
018 import java.util.Arrays;
019 import java.util.List;
020
021 import org.kuali.kfs.sys.context.SpringContext;
022 import org.kuali.kfs.sys.document.datadictionary.FinancialSystemTransactionalDocumentEntry;
023 import org.kuali.rice.kew.doctype.SecurityAttribute;
024 import org.kuali.rice.kew.exception.WorkflowException;
025 import org.kuali.rice.kew.service.WorkflowUtility;
026 import org.kuali.rice.kim.bo.Person;
027 import org.kuali.rice.kns.datadictionary.DocumentEntry;
028 import org.kuali.rice.kns.document.Document;
029 import org.kuali.rice.kns.document.authorization.DocumentAuthorizer;
030 import org.kuali.rice.kns.service.DataDictionaryService;
031 import org.kuali.rice.kns.service.DocumentHelperService;
032 import org.kuali.rice.kns.service.DocumentService;
033
034 /**
035 * This class...
036 */
037 public class SensitiveDataSecurityAttribute implements SecurityAttribute {
038
039 private WorkflowUtility workflowUtils = SpringContext.getBean(WorkflowUtility.class);
040 private DocumentHelperService docHelperService = SpringContext.getBean(DocumentHelperService.class);
041 private DocumentService docService = SpringContext.getBean(DocumentService.class);
042
043 /**
044 * @see org.kuali.rice.kew.doctype.SecurityAttribute#docSearchAuthorized(org.kuali.rice.kew.doctype.DocumentTypeSecurity, org.kuali.rice.kim.bo.Person, java.util.List, java.lang.String, java.lang.Long, java.lang.String, org.kuali.rice.kew.doctype.SecuritySession)
045 */
046 public Boolean docSearchAuthorized(Person currentUser, String docTypeName, Long documentId, String initiatorPrincipalId) {
047
048 return isVisable(currentUser, docTypeName, documentId);
049
050 }
051
052 /**
053 * @see org.kuali.rice.kew.doctype.SecurityAttribute#routeLogAuthorized(org.kuali.rice.kew.doctype.DocumentTypeSecurity, org.kuali.rice.kim.bo.Person, java.util.List, java.lang.String, java.lang.Long, java.lang.String, org.kuali.rice.kew.doctype.SecuritySession)
054 */
055 public Boolean routeLogAuthorized(Person currentUser, String docTypeName, Long documentId, String initiatorPrincipalId) {
056
057 return isVisable(currentUser, docTypeName, documentId);
058 }
059
060 private final Boolean isVisable(Person currentUser, String docTypeName, Long documentId) {
061
062 final DocumentEntry docEntry = SpringContext.getBean(DataDictionaryService.class).getDataDictionary().getDocumentEntry(docTypeName);
063 if (docEntry instanceof FinancialSystemTransactionalDocumentEntry) {
064 if (((FinancialSystemTransactionalDocumentEntry)docEntry).isPotentiallySensitive()) {
065 String[] sensitiveDataCodeArray = workflowUtils.getSearchableAttributeStringValuesByKey(documentId, "sensitive");
066 if (sensitiveDataCodeArray != null && sensitiveDataCodeArray.length > 0) {
067 List<String> sensitiveDataCode = Arrays.asList(sensitiveDataCodeArray);
068 if ( sensitiveDataCode != null && sensitiveDataCode.contains("Y")) {
069
070 DocumentAuthorizer docAuthorizer = docHelperService.getDocumentAuthorizer(docTypeName);
071 Document doc = null;
072 try {
073 doc = docService.getByDocumentHeaderIdSessionless(documentId.toString());
074 } catch(WorkflowException we) {
075 throw new RuntimeException(we);
076 }
077 return docAuthorizer.canOpen(doc, currentUser);
078 }
079 }
080 }
081 }
082 return true;
083
084 }
085
086 }