From d2c666358e3f9cf6074050683f98c584b8c79a3a Mon Sep 17 00:00:00 2001
From: Victor Woeltjen <victor.woeltjen@nasa.gov>
Date: Tue, 7 Apr 2015 20:51:01 -0700
Subject: [PATCH] [Containment] Restrict the compose action

Restrict the compose action by policy, to avoid drag-drop of
inappropriate domain object types. WTD-962.
---
 platform/containment/bundle.json              |  6 ++
 .../containment/src/ComposeActionPolicy.js    | 57 +++++++++++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 platform/containment/src/ComposeActionPolicy.js

diff --git a/platform/containment/bundle.json b/platform/containment/bundle.json
index 43823ea351..c5e99c837f 100644
--- a/platform/containment/bundle.json
+++ b/platform/containment/bundle.json
@@ -6,6 +6,12 @@
                 "implementation": "CompositionPolicy.js",
                 "depends": [ "typeService", "capabilityService" ],
                 "message": "Objects of this type cannot contain objects of that type."
+            },
+            {
+                "category": "action",
+                "implementation": "ComposeActionPolicy.js",
+                "depends": [ "$injector" ],
+                "message": "Objects of this type cannot contain objects of that type."
             }
         ]
     }
diff --git a/platform/containment/src/ComposeActionPolicy.js b/platform/containment/src/ComposeActionPolicy.js
new file mode 100644
index 0000000000..4317c4c7be
--- /dev/null
+++ b/platform/containment/src/ComposeActionPolicy.js
@@ -0,0 +1,57 @@
+/*global define*/
+
+define(
+    [],
+    function () {
+        "use strict";
+
+        /**
+         * Restrict `compose` actions to cases where composition
+         * is explicitly allowed.
+         *
+         * Note that this is a policy that needs the `policyService`,
+         * since it's delegated to a different policy category.
+         * To avoid a circular dependency, the service is obtained via
+         * Angular's `$injector`.
+         */
+        function ComposeActionPolicy($injector) {
+            var policyService;
+
+            function allowComposition(containerObject, selectedObject) {
+                // Get the object types involved in the compose action
+                var containerType = containerObject &&
+                        containerObject.getCapability('type'),
+                    selectedType = selectedObject &&
+                        selectedObject.getCapability('type');
+
+                // Get a reference to the policy service if needed...
+                policyService = policyService || $injector.get('policyService');
+
+                // ...and delegate to the composition policy
+                return policyService.allow(
+                    'composition',
+                    containerType,
+                    selectedType
+                );
+            }
+
+            return {
+                /**
+                 * Check whether or not a compose action should be allowed
+                 * in this context.
+                 * @returns {boolean} true if it may be allowed
+                 */
+                allow: function (candidate, context) {
+                    if (candidate.getMetadata().key === 'compose') {
+                        return allowComposition(
+                            (context || {}).domainObject,
+                            (context || {}).selectedObject
+                        );
+                    }
+                    return true;
+                }
+            };
+        }
+
+    }
+);
\ No newline at end of file