001: /*
002: * Copyright 2007 The Kuali Foundation.
003: *
004: * Licensed under the Educational Community License, Version 1.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.opensource.org/licenses/ecl1.php
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016: package org.kuali.module.kra.document;
017:
018: import java.util.HashMap;
019: import java.util.List;
020: import java.util.Map;
021:
022: import org.apache.commons.logging.Log;
023: import org.apache.commons.logging.LogFactory;
024: import org.kuali.core.authorization.AuthorizationConstants;
025: import org.kuali.core.bo.user.KualiGroup;
026: import org.kuali.core.bo.user.UniversalUser;
027: import org.kuali.core.document.authorization.DocumentAuthorizerBase;
028: import org.kuali.core.service.AuthorizationService;
029: import org.kuali.core.service.KualiConfigurationService;
030: import org.kuali.core.service.UniversalUserService;
031: import org.kuali.core.util.ObjectUtils;
032: import org.kuali.core.workflow.service.KualiWorkflowDocument;
033: import org.kuali.core.workflow.service.WorkflowGroupService;
034: import org.kuali.kfs.KFSConstants;
035: import org.kuali.kfs.context.SpringContext;
036: import org.kuali.module.kra.KraConstants;
037: import org.kuali.module.kra.bo.AdhocPerson;
038: import org.kuali.module.kra.bo.AdhocWorkgroup;
039: import org.kuali.module.kra.service.ResearchDocumentPermissionsService;
040: import org.kuali.workflow.KualiWorkflowUtils;
041:
042: import edu.iu.uis.eden.clientapp.WorkflowInfo;
043: import edu.iu.uis.eden.clientapp.vo.ActionRequestVO;
044: import edu.iu.uis.eden.clientapp.vo.ReportCriteriaVO;
045: import edu.iu.uis.eden.clientapp.vo.WorkgroupVO;
046: import edu.iu.uis.eden.exception.WorkflowException;
047:
048: public class ResearchDocumentAuthorizer extends DocumentAuthorizerBase {
049: private static Log LOG = LogFactory
050: .getLog(ResearchDocumentAuthorizer.class);
051:
052: /**
053: * @see org.kuali.core.authorization.DocumentAuthorizer#getEditMode(org.kuali.core.document.Document,
054: * org.kuali.core.bo.user.KualiUser)
055: */
056: protected String getAdHocEditMode(
057: ResearchDocument researchDocument, UniversalUser u) {
058:
059: KualiConfigurationService kualiConfigurationService = SpringContext
060: .getBean(KualiConfigurationService.class);
061: ResearchDocumentPermissionsService permissionsService = SpringContext
062: .getBean(ResearchDocumentPermissionsService.class);
063: String permissionCode = AuthorizationConstants.EditMode.UNVIEWABLE;
064: KualiWorkflowDocument workflowDocument = researchDocument
065: .getDocumentHeader().getWorkflowDocument();
066:
067: // Check ad-hoc user permissions
068: AdhocPerson budgetAdHocPermission = permissionsService
069: .getAdHocPerson(researchDocument.getDocumentNumber(), u
070: .getPersonUniversalIdentifier());
071: if (budgetAdHocPermission != null) {
072: if (KraConstants.PERMISSION_MOD_CODE
073: .equals(budgetAdHocPermission.getPermissionCode())) {
074: permissionCode = getPermissionCodeByPrecedence(
075: permissionCode,
076: AuthorizationConstants.EditMode.FULL_ENTRY);
077: } else {
078: permissionCode = getPermissionCodeByPrecedence(
079: permissionCode,
080: AuthorizationConstants.EditMode.VIEW_ONLY);
081: }
082: }
083:
084: // check ad-hoc workgroup permissions
085: List<AdhocWorkgroup> adhocWorkgroups = permissionsService
086: .getAllAdHocWorkgroups(researchDocument
087: .getDocumentNumber());
088: WorkflowInfo info2 = new WorkflowInfo();
089: List<KualiGroup> personGroups = SpringContext.getBean(
090: UniversalUserService.class).getUsersGroups(u);
091:
092: for (AdhocWorkgroup adhocWorkgroup : adhocWorkgroups) {
093: WorkgroupVO workgroup;
094: try {
095: workgroup = SpringContext.getBean(
096: WorkflowGroupService.class)
097: .getWorkgroupByGroupName(
098: adhocWorkgroup.getWorkgroupName());
099: } catch (WorkflowException ex) {
100: throw new RuntimeException(
101: "Caught workflow exception: " + ex);
102: }
103:
104: if (!ObjectUtils.isNull(workgroup)) {
105: if (kualiGroupsContainWorkgroup(workgroup
106: .getWorkgroupName(), personGroups)) {
107: if (adhocWorkgroup.getPermissionCode().equals(
108: KraConstants.PERMISSION_MOD_CODE)) {
109: permissionCode = getPermissionCodeByPrecedence(
110: permissionCode,
111: AuthorizationConstants.EditMode.FULL_ENTRY);
112: break;
113: } else {
114: permissionCode = getPermissionCodeByPrecedence(
115: permissionCode,
116: AuthorizationConstants.EditMode.VIEW_ONLY);
117: }
118: }
119: }
120: }
121:
122: // now check ad-hoc workgroups in route log
123: ReportCriteriaVO criteria = new ReportCriteriaVO();
124: try {
125: criteria.setRouteHeaderId(workflowDocument
126: .getRouteHeaderId());
127: WorkflowInfo info = new WorkflowInfo();
128: ActionRequestVO[] requests = info
129: .getActionRequests(workflowDocument
130: .getRouteHeaderId());
131: for (int i = 0; i < requests.length; i++) {
132: ActionRequestVO request = (ActionRequestVO) requests[i];
133: if (request.isWorkgroupRequest()) {
134: WorkgroupVO workgroup = request.getWorkgroupVO();
135: if (kualiGroupsContainWorkgroup(workgroup
136: .getWorkgroupName(), personGroups)) {
137: permissionCode = getPermissionCodeByPrecedence(
138: permissionCode,
139: AuthorizationConstants.EditMode.VIEW_ONLY);
140: break;
141: }
142: }
143: }
144: } catch (WorkflowException ex) {
145: throw new RuntimeException("Caught workflow exception: "
146: + ex);
147: }
148:
149: // Check ad-hoc org permissions (mod first, then read)
150: if (permissionsService.isUserInOrgHierarchy(researchDocument
151: .buildAdhocOrgReportXml(
152: KraConstants.PERMISSION_MOD_CODE, true),
153: KualiWorkflowUtils.KRA_ROUTING_FORM_DOC_TYPE, u
154: .getPersonUniversalIdentifier())) {
155: permissionCode = getPermissionCodeByPrecedence(
156: permissionCode,
157: AuthorizationConstants.EditMode.FULL_ENTRY);
158: }
159:
160: if (permissionsService.isUserInOrgHierarchy(researchDocument
161: .buildAdhocOrgReportXml(
162: KraConstants.PERMISSION_READ_CODE, true),
163: KualiWorkflowUtils.KRA_ROUTING_FORM_DOC_TYPE, u
164: .getPersonUniversalIdentifier())) {
165: permissionCode = getPermissionCodeByPrecedence(
166: permissionCode,
167: AuthorizationConstants.EditMode.VIEW_ONLY);
168: }
169:
170: // Check global document type permissions
171: if (canModify(workflowDocument.getDocumentType(), u)) {
172: permissionCode = getPermissionCodeByPrecedence(
173: permissionCode,
174: AuthorizationConstants.EditMode.FULL_ENTRY);
175: }
176:
177: if (canView(workflowDocument.getDocumentType(), u)) {
178: permissionCode = getPermissionCodeByPrecedence(
179: permissionCode,
180: AuthorizationConstants.EditMode.VIEW_ONLY);
181: }
182:
183: return permissionCode;
184: }
185:
186: /**
187: * Set the permission code to the "higher-precedent" value, based on the 2 values passed in
188: *
189: * @param String orgXml
190: * @param String uuid
191: * @return boolean
192: */
193: protected String getPermissionCodeByPrecedence(String currentCode,
194: String candidateCode) {
195: if (currentCode
196: .equals(AuthorizationConstants.EditMode.FULL_ENTRY)
197: || candidateCode
198: .equals(AuthorizationConstants.EditMode.FULL_ENTRY)) {
199: return AuthorizationConstants.EditMode.FULL_ENTRY;
200: }
201: if (currentCode
202: .equals(AuthorizationConstants.EditMode.VIEW_ONLY)
203: || candidateCode
204: .equals(AuthorizationConstants.EditMode.VIEW_ONLY)) {
205: return AuthorizationConstants.EditMode.VIEW_ONLY;
206: }
207: return AuthorizationConstants.EditMode.UNVIEWABLE;
208: }
209:
210: /**
211: * Finalize the permission code & the map and return
212: *
213: * @param ResearchDocument researchDocument
214: * @param String permissionCode
215: * @return Map
216: */
217: protected Map finalizeEditMode(ResearchDocument researchDocument,
218: String permissionCode) {
219: // If doc is approved, full entry should become view only
220: if (permissionCode
221: .equals(AuthorizationConstants.EditMode.FULL_ENTRY)
222: && (researchDocument
223: .getDocumentHeader()
224: .getFinancialDocumentStatusCode()
225: .equals(
226: KFSConstants.DocumentStatusCodes.APPROVED)
227: || researchDocument
228: .getDocumentHeader()
229: .getFinancialDocumentStatusCode()
230: .equals(
231: KFSConstants.DocumentStatusCodes.DISAPPROVED) || researchDocument
232: .getDocumentHeader()
233: .getFinancialDocumentStatusCode()
234: .equals(
235: KFSConstants.DocumentStatusCodes.CANCELLED))) {
236: permissionCode = AuthorizationConstants.EditMode.VIEW_ONLY;
237: }
238:
239: Map editModeMap = new HashMap();
240: editModeMap.put(permissionCode, "TRUE");
241: return editModeMap;
242: }
243:
244: private boolean kualiGroupsContainWorkgroup(String workgroupId,
245: List<KualiGroup> groups) {
246: for (KualiGroup group : groups) {
247: if (group.getGroupName().equals(workgroupId)) {
248: return true;
249: }
250: }
251: return false;
252: }
253:
254: /**
255: * Check whether user is a global modifier
256: *
257: * @param documentTypeName
258: * @param user
259: * @return true if the given user is allowed to modify documents of the given document type
260: */
261: public boolean canModify(String documentTypeName, UniversalUser user) {
262: return SpringContext.getBean(AuthorizationService.class)
263: .isAuthorized(user, KFSConstants.PERMISSION_MODIFY,
264: documentTypeName);
265: }
266:
267: /**
268: * Check whether user is a global viewer
269: *
270: * @param documentTypeName
271: * @param user
272: * @return true if the given user is allowed to view documents of the given document type
273: */
274: public boolean canView(String documentTypeName, UniversalUser user) {
275: return SpringContext.getBean(AuthorizationService.class)
276: .isAuthorized(user, KFSConstants.PERMISSION_VIEW,
277: documentTypeName);
278: }
279: }
|