001: /*
002: * Copyright 2007 The Kuali Foundation.
003: *
004: * Licensed under the Educational Community License, Version 1.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.opensource.org/licenses/ecl1.php
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016: package org.kuali.module.purap.document.authorization;
017:
018: import org.kuali.core.bo.user.UniversalUser;
019: import org.kuali.core.util.GlobalVariables;
020: import org.kuali.kfs.context.SpringContext;
021: import org.kuali.kfs.service.ParameterService;
022: import org.kuali.kfs.service.impl.ParameterConstants;
023: import org.kuali.module.purap.PurapParameterConstants;
024: import org.kuali.module.purap.PurapConstants.PaymentRequestStatuses;
025: import org.kuali.module.purap.document.PaymentRequestDocument;
026: import org.kuali.module.purap.service.PaymentRequestService;
027: import org.kuali.module.purap.service.PurapService;
028:
029: /**
030: * This class determines permissions for a user of the Payment Request document
031: */
032: public class PaymentRequestDocumentActionAuthorizer {
033:
034: private String docStatus;
035: private boolean requestCancelIndicator;
036: private boolean holdIndicator;
037: private boolean extracted;
038: private boolean canRemoveHold;
039: private boolean canRemoveRequestCancel;
040: private boolean canHold;
041: private boolean canRequestCancel;
042: private boolean fullEntryCompleted;
043:
044: private boolean apUser;
045: private boolean apSupervisor;
046: private boolean fiscalOfficerDelegateUser;
047: private boolean approver;
048:
049: /**
050: * Constructs a PaymentRequestDocumentActionAuthorizer.
051: *
052: * @param preq A PaymentRequestDocument
053: */
054: public PaymentRequestDocumentActionAuthorizer(
055: PaymentRequestDocument preq) {
056:
057: UniversalUser user = GlobalVariables.getUserSession()
058: .getUniversalUser();
059:
060: // doc indicators
061: this .docStatus = preq.getStatusCode();
062: this .requestCancelIndicator = preq
063: .getPaymentRequestedCancelIndicator();
064: this .holdIndicator = preq.isHoldIndicator();
065: this .extracted = (preq.getExtractedDate() == null ? false
066: : true);
067: this .fullEntryCompleted = SpringContext.getBean(
068: PurapService.class).isFullDocumentEntryCompleted(preq);
069:
070: // special indicators
071: if (SpringContext.getBean(PaymentRequestService.class)
072: .canHoldPaymentRequest(preq, user)) {
073: canHold = true;
074: }
075:
076: if (SpringContext.getBean(PaymentRequestService.class)
077: .canUserRequestCancelOnPaymentRequest(preq, user)) {
078: canRequestCancel = true;
079: }
080:
081: if (SpringContext.getBean(PaymentRequestService.class)
082: .canRemoveHoldPaymentRequest(preq, user)) {
083: canRemoveHold = true;
084: }
085:
086: if (SpringContext.getBean(PaymentRequestService.class)
087: .canUserRemoveRequestCancelOnPaymentRequest(preq, user)) {
088: canRemoveRequestCancel = true;
089: }
090:
091: // user indicators
092: this .approver = preq.getDocumentHeader().getWorkflowDocument()
093: .isApprovalRequested();
094:
095: String apGroup = SpringContext
096: .getBean(ParameterService.class)
097: .getParameterValue(
098: ParameterConstants.PURCHASING_DOCUMENT.class,
099: PurapParameterConstants.Workgroups.WORKGROUP_ACCOUNTS_PAYABLE);
100: if (user.isMember(apGroup)) {
101: this .apUser = true;
102: }
103:
104: String apSupGroup = SpringContext
105: .getBean(ParameterService.class)
106: .getParameterValue(
107: ParameterConstants.PURCHASING_DOCUMENT.class,
108: PurapParameterConstants.Workgroups.WORKGROUP_ACCOUNTS_PAYABLE_SUPERVISOR);
109: if (user.isMember(apSupGroup)) {
110: this .apSupervisor = true;
111: }
112:
113: if (PaymentRequestStatuses.AWAITING_FISCAL_REVIEW
114: .equals(getDocStatus())
115: && isApprover()) {
116: this .fiscalOfficerDelegateUser = true;
117: }
118: }
119:
120: private String getDocStatus() {
121: return docStatus;
122: }
123:
124: private boolean isRequestCancelIndicator() {
125: return requestCancelIndicator;
126: }
127:
128: private boolean isHoldIndicator() {
129: return holdIndicator;
130: }
131:
132: private boolean isExtracted() {
133: return extracted;
134: }
135:
136: public boolean isCanRemoveHold() {
137: return canRemoveHold;
138: }
139:
140: public boolean isCanRemoveRequestCancel() {
141: return canRemoveRequestCancel;
142: }
143:
144: public boolean isCanHold() {
145: return canHold;
146: }
147:
148: public boolean isCanRequestCancel() {
149: return canRequestCancel;
150: }
151:
152: private boolean isApUser() {
153: return apUser;
154: }
155:
156: public boolean isApSupervisor() {
157: return apSupervisor;
158: }
159:
160: public void setApSupervisor(boolean apSupervisor) {
161: this .apSupervisor = apSupervisor;
162: }
163:
164: private boolean isFiscalOfficerDelegateUser() {
165: return fiscalOfficerDelegateUser;
166: }
167:
168: private boolean isApprover() {
169: return approver;
170: }
171:
172: public boolean isFullEntryCompleted() {
173: return fullEntryCompleted;
174: }
175:
176: public void setFullEntryCompleted(boolean fullEntryCompleted) {
177: this .fullEntryCompleted = fullEntryCompleted;
178: }
179:
180: /**
181: * Predicate to determine whether the current user can calculate the PREQ.
182: *
183: * @return True if the current user can calculate
184: */
185: public boolean canCalculate() {
186: boolean hasPermission = false;
187:
188: // Phase 2B Rule: (PaymentRequestStatuses.AWAITING_TAX_REVIEW.equals( getDocStatus() ) && isApprover()) ||
189:
190: if (isFullEntryCompleted() == false && isApUser()) {
191: hasPermission = true;
192: }
193:
194: return hasPermission;
195: }
196:
197: /**
198: * Predicate to determine whether the current user can approve the PREQ.
199: *
200: * @return True if the current user can approve.
201: */
202: public boolean canApprove() {
203: boolean hasPermission = false;
204:
205: if ((PaymentRequestStatuses.AWAITING_ACCOUNTS_PAYABLE_REVIEW
206: .equals(getDocStatus())
207: || PaymentRequestStatuses.AWAITING_FISCAL_REVIEW
208: .equals(getDocStatus())
209: || PaymentRequestStatuses.AWAITING_SUB_ACCT_MGR_REVIEW
210: .equals(getDocStatus())
211: || PaymentRequestStatuses.AWAITING_ORG_REVIEW
212: .equals(getDocStatus()) || PaymentRequestStatuses.AWAITING_TAX_REVIEW
213: .equals(getDocStatus()))
214: && (isApprover() && isRequestCancelIndicator() == false && isHoldIndicator() == false)) {
215: hasPermission = true;
216: }
217:
218: return hasPermission;
219: }
220:
221: /**
222: * Predicate to determine whether the current user can save the PREQ.
223: *
224: * @return True if the current user can save.
225: */
226: public boolean canSave() {
227: boolean hasPermission = false;
228:
229: if (isApUser() && isExtracted() == false) {
230: hasPermission = true;
231: }
232:
233: return hasPermission;
234: }
235:
236: /**
237: * Predicate to determine whether the current user can place the PREQ on hold.
238: *
239: * @return True if the current user can place the PREQ on hold.
240: */
241: public boolean canHold() {
242: boolean hasPermission = false;
243:
244: if (isCanHold()
245: || (((PaymentRequestStatuses.DEPARTMENT_APPROVED
246: .equals(getDocStatus()) || PaymentRequestStatuses.AUTO_APPROVED
247: .equals(getDocStatus())) && (isApUser()
248: && isHoldIndicator() == false
249: && isHoldIndicator() == false && isExtracted() == false)))) {
250:
251: hasPermission = true;
252: }
253:
254: return hasPermission;
255: }
256:
257: /**
258: * Predicate to determine whether the current user can remove the PREQ from being on hold.
259: *
260: * @return True if the current user can remove the PREQ from hold.
261: */
262: public boolean canRemoveHold() {
263: boolean hasPermission = false;
264:
265: if (isCanRemoveHold()
266: || (
267:
268: ((PaymentRequestStatuses.DEPARTMENT_APPROVED
269: .equals(getDocStatus()) || PaymentRequestStatuses.AUTO_APPROVED
270: .equals(getDocStatus())) && (isApSupervisor()
271: && isHoldIndicator() == true && isExtracted() == false)))) {
272:
273: hasPermission = true;
274: }
275:
276: return hasPermission;
277: }
278:
279: /**
280: * Predicate to determine whether the current user can cancel the PREQ.
281: *
282: * @return True if the current user can cancel.
283: */
284: public boolean canCancel() {
285: boolean hasPermission = false;
286:
287: if (((PaymentRequestStatuses.AWAITING_SUB_ACCT_MGR_REVIEW
288: .equals(getDocStatus())
289: || PaymentRequestStatuses.AWAITING_FISCAL_REVIEW
290: .equals(getDocStatus())
291: || PaymentRequestStatuses.AWAITING_ORG_REVIEW
292: .equals(getDocStatus()) || PaymentRequestStatuses.AWAITING_TAX_REVIEW
293: .equals(getDocStatus())) && ((isApUser() && isRequestCancelIndicator()) || isApSupervisor()))
294: ||
295:
296: ((PaymentRequestStatuses.IN_PROCESS
297: .equals(getDocStatus()) || PaymentRequestStatuses.AWAITING_ACCOUNTS_PAYABLE_REVIEW
298: .equals(getDocStatus())) && (isApUser() || isApSupervisor()))
299: ||
300:
301: ((PaymentRequestStatuses.DEPARTMENT_APPROVED
302: .equals(getDocStatus()) || PaymentRequestStatuses.AUTO_APPROVED
303: .equals(getDocStatus())) && ((isApUser() || isApSupervisor())
304: && isRequestCancelIndicator() == false
305: && isHoldIndicator() == false && isExtracted() == false))) {
306:
307: hasPermission = true;
308: }
309:
310: return hasPermission;
311: }
312:
313: /**
314: * Predicate to determine whether the current user can request that the PREQ be canceled.
315: *
316: * @return True if the current user can request that the PREQ be canceled
317: */
318: public boolean canRequestCancel() {
319: boolean hasPermission = false;
320:
321: if (isCanRequestCancel()) {
322: hasPermission = true;
323: }
324:
325: return hasPermission;
326: }
327:
328: /**
329: * Predicate to determine whether the current user can remove a request that the PREQ be canceled.
330: *
331: * @return True if the current user can remove a request that the PREQ be canceled.
332: */
333: public boolean canRemoveRequestCancel() {
334: boolean hasPermission = false;
335:
336: if (isCanRemoveRequestCancel()) {
337: hasPermission = true;
338: }
339:
340: return hasPermission;
341: }
342:
343: /**
344: * Predicate to determine whether the current user can edit the pre-extract fields.
345: *
346: * @return True if the current user can edit the fields
347: */
348: public boolean canEditPreExtractFields() {
349: return !this .isExtracted() && this .apUser;
350: }
351:
352: /**
353: * Predicate to determine whether the current user can exit.
354: *
355: * @return True if the current user can exit.
356: */
357: public boolean canExit() {
358: boolean hasPermission = true;
359: return hasPermission;
360: }
361: }
|