[Containment] Restrict the compose action

Restrict the compose action by policy, to avoid drag-drop of inappropriate domain object types. WTD-962.
2025-06-01 15:10:50 +00:00 · 2015-04-07 20:51:01 -07:00 · 2015-04-07 20:51:01 -07:00 · d2c666358e
commit d2c666358e
parent 8f7dcd2018
2 changed files with 63 additions and 0 deletions
--- a/platform/containment/bundle.json
+++ b/platform/containment/bundle.json
@ -6,6 +6,12 @@
                "implementation": "CompositionPolicy.js",
                "depends": [ "typeService", "capabilityService" ],
                "message": "Objects of this type cannot contain objects of that type."
+            },
+            {
+                "category": "action",
+                "implementation": "ComposeActionPolicy.js",
+                "depends": [ "$injector" ],
+                "message": "Objects of this type cannot contain objects of that type."
            }
        ]
    }
--- a/platform/containment/src/ComposeActionPolicy.js
+++ b/platform/containment/src/ComposeActionPolicy.js
@ -0,0 +1,57 @@
+/*global define*/
+
+define(
+    [],
+    function () {
+        "use strict";
+
+        /**
+         * Restrict `compose` actions to cases where composition
+         * is explicitly allowed.
+         *
+         * Note that this is a policy that needs the `policyService`,
+         * since it's delegated to a different policy category.
+         * To avoid a circular dependency, the service is obtained via
+         * Angular's `$injector`.
+         */
+        function ComposeActionPolicy($injector) {
+            var policyService;
+
+            function allowComposition(containerObject, selectedObject) {
+                // Get the object types involved in the compose action
+                var containerType = containerObject &&
+                        containerObject.getCapability('type'),
+                    selectedType = selectedObject &&
+                        selectedObject.getCapability('type');
+
+                // Get a reference to the policy service if needed...
+                policyService = policyService || $injector.get('policyService');
+
+                // ...and delegate to the composition policy
+                return policyService.allow(
+                    'composition',
+                    containerType,
+                    selectedType
+                );
+            }
+
+            return {
+                /**
+                 * Check whether or not a compose action should be allowed
+                 * in this context.
+                 * @returns {boolean} true if it may be allowed
+                 */
+                allow: function (candidate, context) {
+                    if (candidate.getMetadata().key === 'compose') {
+                        return allowComposition(
+                            (context || {}).domainObject,
+                            (context || {}).selectedObject
+                        );
+                    }
+                    return true;
+                }
+            };
+        }
+
+    }
+);