Skip to end of metadata
Go to start of metadata

Purpose

Allow applications to customize default KIM-based document routing authorization checks.

Detailed Description

Application roles may depend on qualifiers which are not derived by the default DocumentTypePermissionServiceImpl. There needs to be a way to allow applications to dynamically derive custom role qualifiers to be applied to configured KIM role/permission checks.

Usage Scenarios

Some Rice services do not work with KC's role qualifiers. Specifically in DocumentTypePermissionServiceImpl, which is called when trying to record any action taken, buildDocumentIdRoleDocumentTypeDocumentStatusQualifiers provides role qualifiers that will never match KC's necessary role qualifiers.

Most of KC's roles required the unit number or the primary key of the BO(proposal number, protocol id, etc). DocumentTypePermissionsSerivceImpl primarily provides document number for this type of role qualification which KC does not use. This is a problem with the recall action as there is no way to work around the permission check as with other actions(canSave, canRoute, etc).

Mocks and Diagrams

Gliffy Zoom Zoom DocumentTypeAuthorizer

Performance

For each authorization check, a level of indirection is introduced. Overall performance will be dictated by performance of the application-provided subclass and the types of checks which are overridden. Overhead is anticipated to be either a GlobalResourceLoader service lookup, or a new class instantiation via reflection.

References

Requirements Listing

a way to inject application specific role qualifiers into this service so permissions checks can work as designed

Primary:
  1. a way to inject application specific role qualifiers into this service so permissions checks can work as designed
Secondary:
  1. as little performance impact as possible for existing/default codepath

Dependencies

none

Issues

none

QA or Regression Testing Plan

  1. existing routing integration tests succeed, and new integration case exercising this behavior works as expected

Checkoff

Functional Analysis Complete? No (completed by SME)

Needs Review by KAI?No(completed by SME)

Technical Analysis Complete?No(completed by DM)

Needs Review by KTI?No(completed by DM)

Estimate: 40 hours(completed by DM)

Technical Design: KULRICE-8610 Technical Design (completed by DM)

Jira: https://jira.kuali.org/browse/KULRICE-8610 (completed by SME)

Final Documentation:Link Here(completed by DM)

Added to QA: No (completed by SME)

  • No labels