Examples with PermissionService - org.kuali.kfs.kim.api.permission.PermissionService

Example 1 with PermissionService

use of org.kuali.kfs.kim.api.permission.PermissionService in project cu-kfs by CU-CommunityApps.

the class PurApRelatedViews method maskPONumberIfUnapproved.

/**
 * Masks the po number if the po is unappoved yet.  If the document status is not FINAL then check for permission
 * for purapDocumentIdentifier field.  If NOT permitted to view the value then mask the value with * and setting
 * this value in poNumberMasked property.
 *
 * @param view
 */
protected void maskPONumberIfUnapproved(AbstractRelatedView view) {
    String poIDstr = "";
    if (ObjectUtils.isNotNull(view.getPurapDocumentIdentifier())) {
        poIDstr = view.getPurapDocumentIdentifier().toString();
    }
    if (PurapConstants.PurapDocTypeCodes.PO_DOCUMENT.equals(view.getDocumentTypeName())) {
        DocumentStatus documentStatus = KewApiServiceLocator.getWorkflowDocumentService().getDocumentStatus(view.getDocumentNumber());
        if (!(StringUtils.equals(documentStatus.getCode(), DocumentStatus.FINAL.getCode()))) {
            String principalId = GlobalVariables.getUserSession().getPrincipalId();
            String namespaceCode = KFSConstants.CoreModuleNamespaces.KFS;
            String permissionTemplateName = KimConstants.PermissionTemplateNames.FULL_UNMASK_FIELD;
            Map<String, String> roleQualifiers = new HashMap<>();
            Map<String, String> permissionDetails = new HashMap<>();
            permissionDetails.put(KimConstants.AttributeConstants.COMPONENT_NAME, PurchaseOrderDocument.class.getSimpleName());
            permissionDetails.put(KimConstants.AttributeConstants.PROPERTY_NAME, PurapPropertyConstants.PURAP_DOC_ID);
            PermissionService permissionService = SpringContext.getBean(PermissionService.class);
            boolean isAuthorized = permissionService.isAuthorizedByTemplate(principalId, namespaceCode, permissionTemplateName, permissionDetails, roleQualifiers);
            if (!isAuthorized) {
                // not authorized to see... so mask the po number string
                poIDstr = "";
                int strLength = SpringContext.getBean(DataDictionaryService.class).getAttributeMaxLength(PurApGenericAttributes.class.getName(), PurapPropertyConstants.PURAP_DOC_ID);
                for (int i = 0; i < strLength; i++) {
                    poIDstr = poIDstr.concat("*");
                }
            }
        }
    }
    view.setPoNumberMasked(poIDstr);
}

Also used : DocumentStatus(org.kuali.kfs.kew.api.document.DocumentStatus) PermissionService(org.kuali.kfs.kim.api.permission.PermissionService) PurApGenericAttributes(org.kuali.kfs.module.purap.businessobject.PurApGenericAttributes) HashMap(java.util.HashMap) PurchaseOrderDocument(org.kuali.kfs.module.purap.document.PurchaseOrderDocument) DataDictionaryService(org.kuali.kfs.datadictionary.legacy.DataDictionaryService)

Aggregations

HashMap (java.util.HashMap)1 DataDictionaryService (org.kuali.kfs.datadictionary.legacy.DataDictionaryService)1 DocumentStatus (org.kuali.kfs.kew.api.document.DocumentStatus)1 PermissionService (org.kuali.kfs.kim.api.permission.PermissionService)1 PurApGenericAttributes (org.kuali.kfs.module.purap.businessobject.PurApGenericAttributes)1 PurchaseOrderDocument (org.kuali.kfs.module.purap.document.PurchaseOrderDocument)1