001 /*
002 * Copyright 2011 The Kuali Foundation.
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.kfs.coa.document.authorization;
017
018 import java.util.Map;
019 import java.util.Set;
020
021 import org.apache.commons.lang.StringUtils;
022 import org.kuali.kfs.coa.businessobject.Organization;
023 import org.kuali.kfs.sys.KFSConstants;
024 import org.kuali.kfs.sys.KFSPropertyConstants;
025 import org.kuali.kfs.sys.context.SpringContext;
026 import org.kuali.kfs.sys.document.authorization.FinancialSystemMaintenanceDocumentAuthorizerBase;
027 import org.kuali.kfs.sys.identity.KfsKimAttributes;
028 import org.kuali.rice.kim.bo.Person;
029 import org.kuali.rice.kim.bo.types.dto.AttributeSet;
030 import org.kuali.rice.kim.service.IdentityManagementService;
031 import org.kuali.rice.kim.util.KimConstants;
032 import org.kuali.rice.kns.bo.BusinessObject;
033 import org.kuali.rice.kns.document.Document;
034 import org.kuali.rice.kns.document.MaintenanceDocument;
035 import org.kuali.rice.kns.util.GlobalVariables;
036 import org.kuali.rice.kns.util.KNSConstants;
037
038 /**
039 * Document Authorizer for the Organization document.
040 */
041 public class OrganizationDocumentAuthorizer extends FinancialSystemMaintenanceDocumentAuthorizerBase {
042 protected static org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(OrganizationDocumentAuthorizer.class);
043
044 @Override
045 public Set<String> getDocumentActions(Document document, Person user, Set<String> documentActions) {
046 Set<String> myDocumentActions = super.getDocumentActions(document, user, documentActions);
047
048 if (checkPlantAttributes(document)) {
049 myDocumentActions.remove(KNSConstants.KUALI_ACTION_CAN_BLANKET_APPROVE);
050 }
051
052 return myDocumentActions;
053 }
054
055 /**
056 * This checks to see if a user is authorized for plant fields modification. If not then it returns true (without activating
057 * fields). If the org does not have to report to itself then it checks to see if the plant fields have been filled out
058 * correctly and fails if they haven't
059 *
060 * @return false if user can edit plant fields but they have not been filled out correctly
061 */
062 protected boolean checkPlantAttributes(Document document) {
063 // get user
064 Person user = GlobalVariables.getUserSession().getPerson();
065
066 // if not authorized to edit plant fields, exit with true
067 if (isPlantAuthorized(user, document) == false) {
068 return true;
069 }
070
071 return false;
072 }
073
074 /**
075 * This method tests whether the specified user is part of the group that grants authorization to the Plant fields.
076 *
077 * @param user - the user to test, document to get plant fund account
078 * @return true if user is part of the group, false otherwise
079 */
080 protected boolean isPlantAuthorized(Person user, Document document) {
081 String principalId = user.getPrincipalId();
082 String namespaceCode = KFSConstants.ParameterNamespaces.KNS;
083 String permissionTemplateName = KimConstants.PermissionTemplateNames.MODIFY_FIELD;
084
085 AttributeSet roleQualifiers = new AttributeSet();
086
087 AttributeSet permissionDetails = new AttributeSet();
088 permissionDetails.put(KfsKimAttributes.COMPONENT_NAME, Organization.class.getSimpleName());
089 permissionDetails.put(KfsKimAttributes.PROPERTY_NAME, KFSPropertyConstants.ORGANIZATION_PLANT_ACCOUNT_NUMBER);
090
091 IdentityManagementService identityManagementService = SpringContext.getBean(IdentityManagementService.class);
092 Boolean isAuthorized = identityManagementService.isAuthorizedByTemplateName(principalId, namespaceCode, permissionTemplateName, permissionDetails, roleQualifiers);
093 if (!isAuthorized) {
094 LOG.debug("User '" + user.getPrincipalName() + "' has no access to the Plant Chart.");
095 }
096 else {
097 LOG.debug("User '" + user.getPrincipalName() + "' has access to the Plant fields.");
098 }
099
100 return isAuthorized;
101 }
102
103 @SuppressWarnings("unchecked")
104 @Override
105 protected void addRoleQualification(BusinessObject businessObject, Map<String, String> attributes) {
106 super.addRoleQualification(businessObject, attributes);
107
108 if (businessObject instanceof MaintenanceDocument) {
109 MaintenanceDocument maintDoc = (MaintenanceDocument)businessObject;
110 if ( maintDoc.getNewMaintainableObject() != null ) {
111 Organization newOrg = (Organization) maintDoc.getNewMaintainableObject().getBusinessObject();
112 if (!StringUtils.isBlank(newOrg.getChartOfAccountsCode())) {
113 attributes.put(KfsKimAttributes.CHART_OF_ACCOUNTS_CODE, newOrg.getChartOfAccountsCode());
114 }
115 }
116 }
117 else if (businessObject instanceof Organization) {
118 Organization newOrg = (Organization) businessObject;
119 if (!StringUtils.isBlank(newOrg.getChartOfAccountsCode())) {
120 attributes.put(KfsKimAttributes.CHART_OF_ACCOUNTS_CODE, newOrg.getChartOfAccountsCode());
121 }
122 }
123 }
124 }