View Javadoc

1   /**
2    * Copyright 2004-2012 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.hr.time.permissions;
17  
18  import java.math.BigDecimal;
19  import java.sql.Date;
20  import java.util.List;
21  
22  import org.apache.commons.lang.StringUtils;
23  import org.apache.log4j.Logger;
24  import org.kuali.hr.earncodesec.EarnCodeSecurity;
25  import org.kuali.hr.job.Job;
26  import org.kuali.hr.time.assignment.Assignment;
27  import org.kuali.hr.time.assignment.AssignmentDescriptionKey;
28  import org.kuali.hr.time.authorization.DepartmentalRule;
29  import org.kuali.hr.time.authorization.DepartmentalRuleAuthorizer;
30  import org.kuali.hr.time.collection.rule.TimeCollectionRule;
31  import org.kuali.hr.time.paytype.PayType;
32  import org.kuali.hr.time.principal.PrincipalHRAttributes;
33  import org.kuali.hr.time.roles.TkUserRoles;
34  import org.kuali.hr.time.roles.UserRoles;
35  import org.kuali.hr.time.service.base.TkServiceLocator;
36  import org.kuali.hr.time.timeblock.TimeBlock;
37  import org.kuali.hr.time.timesheet.TimesheetDocument;
38  import org.kuali.hr.time.util.TKContext;
39  import org.kuali.hr.time.util.TKUser;
40  import org.kuali.hr.time.util.TKUtils;
41  import org.kuali.hr.time.util.TkConstants;
42  import org.kuali.hr.time.workarea.WorkArea;
43  import org.kuali.hr.time.workflow.TimesheetDocumentHeader;
44  import org.kuali.rice.kew.api.KewApiConstants;
45  import org.kuali.rice.kew.doctype.SecuritySession;
46  import org.kuali.rice.kew.routeheader.DocumentRouteHeaderValue;
47  import org.kuali.rice.kew.service.KEWServiceLocator;
48  import org.kuali.rice.krad.util.GlobalVariables;
49  
50  public class TkPermissionsServiceImpl implements TkPermissionsService {
51      private static final Logger LOG = Logger
52              .getLogger(DepartmentalRuleAuthorizer.class);
53  
54      @Override
55      public boolean canAddTimeBlock() {
56          boolean addTimeBlock = false;
57  
58          if (TKContext.getUser().isSystemAdmin()) {
59              addTimeBlock = true;
60          } else {
61              boolean docFinal = TKContext.getCurrentTimesheetDocument()
62                      .getDocumentHeader().getDocumentStatus()
63                      .equals(TkConstants.ROUTE_STATUS.FINAL);
64              if (!docFinal) {
65                  if (StringUtils
66                          .equals(TKContext.getCurrentTimesheetDocument().getPrincipalId(),
67                                  GlobalVariables.getUserSession().getPrincipalId())
68                          || TkUserRoles.getUserRoles(GlobalVariables.getUserSession().getPrincipalId()).isSystemAdmin()
69                          || TKContext.getUser().isLocationAdmin()
70  //                        || TKContext.getUser().isDepartmentAdmin()
71                          || TKContext.getUser().isReviewer()
72                          || TKContext.getUser().isApprover()) {
73                      addTimeBlock = true;
74                  }
75              }
76          }
77          return addTimeBlock;
78      }
79  
80      @Override
81      public boolean canEditTimeBlockAllFields(TimeBlock tb) {
82          String userId = GlobalVariables.getUserSession().getPrincipalId();
83  
84          if (userId != null) {
85  
86              if (TKContext.getUser().isSystemAdmin()) {
87                  return true;
88              }
89  
90              Job job = TkServiceLocator.getJobService().getJob(
91                      TKContext.getTargetPrincipalId(), tb.getJobNumber(),
92                      tb.getEndDate());
93              PayType payType = TkServiceLocator.getPayTypeService().getPayType(
94                      job.getHrPayType(), tb.getEndDate());
95  
96              if (TKContext.getUser().isTimesheetApprover()
97                      && TKContext.getUser().getApproverWorkAreas().contains(tb.getWorkArea())
98                      || TKContext.getUser().isTimesheetReviewer()
99                      && TKContext.getUser().getReviewerWorkAreas().contains(tb.getWorkArea())) {
100 
101                 if (StringUtils.equals(payType.getRegEarnCode(),
102                         tb.getEarnCode())) {
103                     return true;
104                 }
105 
106                 List<EarnCodeSecurity> deptEarnCodes = TkServiceLocator
107                         .getEarnCodeSecurityService().getEarnCodeSecurities(
108                                 job.getDept(), job.getHrSalGroup(),
109                                 job.getLocation(), tb.getEndDate());
110                 for (EarnCodeSecurity dec : deptEarnCodes) {
111                     if (dec.isApprover()
112                             && StringUtils.equals(dec.getEarnCode(),
113                             tb.getEarnCode())) {
114                         return true;
115                     }
116                 }
117             }
118 
119             if (userId.equals(TKContext.getTargetPrincipalId())
120                     && !tb.getClockLogCreated()) {
121                 if (StringUtils.equals(payType.getRegEarnCode(),
122                         tb.getEarnCode())) {
123                     return true;
124                 }
125 
126                 List<EarnCodeSecurity> deptEarnCodes = TkServiceLocator
127                         .getEarnCodeSecurityService().getEarnCodeSecurities(
128                                 job.getDept(), job.getHrSalGroup(),
129                                 job.getLocation(), tb.getEndDate());
130                 for (EarnCodeSecurity dec : deptEarnCodes) {
131                     if (dec.isEmployee()
132                             && StringUtils.equals(dec.getEarnCode(),
133                             tb.getEarnCode())) {
134                         return true;
135                     }
136                 }
137             }
138 
139         }
140 
141         return false;
142     }
143 
144     @Override
145     public boolean canEditTimeBlock(TimeBlock tb) {
146         String userId = GlobalVariables.getUserSession().getPrincipalId();
147 
148         if (userId != null) {
149 
150             if (TKContext.getUser().isSystemAdmin()) {
151                 return true;
152             }
153 
154             Job job = TkServiceLocator.getJobService().getJob(
155                     TKContext.getTargetPrincipalId(), tb.getJobNumber(),
156                     tb.getEndDate());
157             PayType payType = TkServiceLocator.getPayTypeService().getPayType(
158                     job.getHrPayType(), tb.getEndDate());
159 
160             if (TKContext.getUser().isTimesheetApprover()
161                     && TKContext.getUser().getApproverWorkAreas().contains(tb.getWorkArea())
162                     || TKContext.getUser().isTimesheetReviewer()
163                     && TKContext.getUser().getReviewerWorkAreas().contains(tb.getWorkArea())) {
164 
165                 if (StringUtils.equals(payType.getRegEarnCode(),
166                         tb.getEarnCode())) {
167                     return true;
168                 }
169 
170                 List<EarnCodeSecurity> deptEarnCodes = TkServiceLocator
171                         .getEarnCodeSecurityService().getEarnCodeSecurities(
172                                 job.getDept(), job.getHrSalGroup(),
173                                 job.getLocation(), tb.getEndDate());
174                 for (EarnCodeSecurity dec : deptEarnCodes) {
175                     if (dec.isApprover()
176                             && StringUtils.equals(dec.getEarnCode(),
177                             tb.getEarnCode())) {
178                         return true;
179                     }
180                 }
181             }
182 
183             if (userId.equals(TKContext.getTargetPrincipalId())) {
184 
185                 if (StringUtils.equals(payType.getRegEarnCode(),
186                         tb.getEarnCode())) {
187                     TimeCollectionRule tcr = TkServiceLocator.getTimeCollectionRuleService().getTimeCollectionRule(job.getDept(),tb.getWorkArea(),job.getHrPayType(),tb.getBeginDate());
188 
189                     //If you are a clock user and you have only one assignment you should not be allowed to change the assignment
190                     //TODO eventually move this logic to one concise place for editable portions of the timeblock
191                     List<Assignment> assignments = TkServiceLocator.getAssignmentService().getAssignments(TKContext.getPrincipalId(),tb.getBeginDate());
192                     if(assignments.size() == 1){
193                         if(!tcr.isClockUserFl() ){
194                             return true;
195                         }  else{
196                             return false;
197                         }
198                     }   else {
199                         return true;
200                     }
201 
202 
203 
204                 }
205 
206                 List<EarnCodeSecurity> deptEarnCodes = TkServiceLocator
207                         .getEarnCodeSecurityService().getEarnCodeSecurities(
208                                 job.getDept(), job.getHrSalGroup(),
209                                 job.getLocation(), tb.getEndDate());
210                 for (EarnCodeSecurity dec : deptEarnCodes) {
211                     if (dec.isEmployee()
212                             && StringUtils.equals(dec.getEarnCode(),
213                             tb.getEarnCode())) {
214                         return true;
215                     }
216                 }
217             }
218 
219         }
220 
221         return false;
222     }
223 
224     @Override
225     public boolean canDeleteTimeBlock(TimeBlock tb) {
226         String userId = GlobalVariables.getUserSession().getPrincipalId();
227 
228         if (userId != null) {
229 
230             if (TKContext.getUser().isSystemAdmin()) {
231                 return true;
232             }
233 
234             Job job = TkServiceLocator.getJobService().getJob(
235                     TKContext.getTargetPrincipalId(), tb.getJobNumber(),
236                     tb.getEndDate());
237             PayType payType = TkServiceLocator.getPayTypeService().getPayType(
238                     job.getHrPayType(), tb.getEndDate());
239 
240             TimeCollectionRule tcr = TkServiceLocator.getTimeCollectionRuleService().getTimeCollectionRule(job.getDept(),tb.getWorkArea(),payType.getPayType(),tb.getEndDate());
241 
242             if (TKContext.getUser().isTimesheetApprover()
243                     && TKContext.getUser().getApproverWorkAreas().contains(tb.getWorkArea())
244                     || TKContext.getUser().isTimesheetReviewer()
245                     && TKContext.getUser().getReviewerWorkAreas().contains(tb.getWorkArea())) {
246 
247                 if (StringUtils.equals(payType.getRegEarnCode(),
248                         tb.getEarnCode())) {
249                     return true;
250                 }
251 
252                 List<EarnCodeSecurity> deptEarnCodes = TkServiceLocator
253                         .getEarnCodeSecurityService().getEarnCodeSecurities(
254                                 job.getDept(), job.getHrSalGroup(),
255                                 job.getLocation(), tb.getEndDate());
256                 for (EarnCodeSecurity dec : deptEarnCodes) {
257                     if (dec.isApprover()
258                             && StringUtils.equals(dec.getEarnCode(),
259                             tb.getEarnCode())) {
260                         return true;
261                     }
262                 }
263             }
264 
265 //            // If the timeblock was created by the employee himeself and is a sync timeblock,
266 //            // the user can't delete the timeblock
267 //            if (userId.equals(TKContext.getTargetPrincipalId())
268 //                    && tb.getClockLogCreated()) {
269 //                return false;
270 //            // But if the timeblock was created by the employee himeself and is an async timeblock,
271 //            // the user should be able to delete that timeblock
272 //            } else if (userId.equals(TKContext.getTargetPrincipalId()) && !tb.getClockLogCreated() ) {
273 //                return true;
274 //            } else {
275 
276                 //if on a regular earncode
277                 if (StringUtils.equals(payType.getRegEarnCode(),
278                         tb.getEarnCode())) {
279                     //and the user is a clock user and this is the users timesheet do not allow to be deleted
280                     if(tcr.isClockUserFl() && StringUtils.equals(userId,TKContext.getTargetPrincipalId())) {
281                         return false;
282                     }  else {
283                         return true;
284                     }
285 
286                 }
287 
288                 List<EarnCodeSecurity> deptEarnCodes = TkServiceLocator
289                         .getEarnCodeSecurityService().getEarnCodeSecurities(
290                                 job.getDept(), job.getHrSalGroup(),
291                                 job.getLocation(), tb.getEndDate());
292                 for (EarnCodeSecurity dec : deptEarnCodes) {
293                     if (dec.isEmployee()
294                             && StringUtils.equals(dec.getEarnCode(),
295                             tb.getEarnCode())) {
296                         return true;
297                     }
298                 }
299 
300         }
301 
302         return false;
303     }
304 
305 
306 
307     @Override
308     public boolean canViewAdminTab() {
309         UserRoles ur = TKContext.getUser().getCurrentTargetRoles();
310 
311         boolean viewAdminTab = ur.isSystemAdmin() || ur.isLocationAdmin()
312                 || ur.isDepartmentAdmin() || ur.isGlobalViewOnly();
313 
314         return viewAdminTab;
315     }
316 
317     @Override
318     public boolean canViewApproverTab() {
319         UserRoles ur = TKContext.getUser().getCurrentTargetRoles();
320 
321         boolean viewApproverTab = ur.isSystemAdmin()
322                 || ur.isTimesheetApprover() || ur.isTimesheetReviewer();
323 
324         return viewApproverTab;
325     }
326 
327     @Override
328     public boolean canViewClockTab() {
329         UserRoles ur = TKContext.getUser().getCurrentTargetRoles();
330 
331         return ur.isActiveEmployee() && ur.isSynchronous();
332     }
333 
334     @Override
335     public boolean canViewBatchJobsTab() {
336         UserRoles ur = TKContext.getUser().getCurrentTargetRoles();
337 
338         return ur.isSystemAdmin();
339     }
340 
341     @Override
342     public boolean canViewPersonInfoTab() {
343         return true;
344     }
345 
346     @Override
347     public boolean canViewTimeDetailTab() {
348         UserRoles ur = TKContext.getUser().getCurrentTargetRoles();
349 
350         return ur.isActiveEmployee();
351     }
352 
353     @Override
354     public boolean canViewLeaveAccrualTab() {
355         UserRoles ur = TKContext.getUser().getCurrentTargetRoles();
356 
357         return ur.isActiveEmployee();
358     }
359 
360     @Override
361     public boolean canViewTimesheet(String documentId) {
362         boolean viewTimeSheet = false;
363 
364         if (documentId != null) {
365             return canViewTimesheet(TkServiceLocator.getTimesheetService()
366                     .getTimesheetDocument(documentId));
367         }
368 
369         return viewTimeSheet;
370     }
371 
372     @Override
373     public boolean canViewTimesheet(TimesheetDocument document) {
374         boolean viewTimeSheet = false;
375         UserRoles ur = TKContext.getUser().getCurrentTargetRoles();
376 
377         if (document == null)
378             return viewTimeSheet;
379 
380         // Sysadmin
381         viewTimeSheet = ur.isSystemAdmin();
382         // Owner
383         viewTimeSheet |= StringUtils.equals(ur.getPrincipalId(),
384                 document.getPrincipalId());
385         // Global VO
386         viewTimeSheet |= ur.isGlobalViewOnly();
387 
388         if (!viewTimeSheet) {
389             // Departmental View Only? || Reviewer || Org Admin || Approver
390             // (document object iteration)
391             List<Assignment> assignments = document.getAssignments();
392             for (Assignment assignment : assignments) {
393                 String dept = assignment.getDept();
394                 Long wa = assignment.getWorkArea();
395 
396                 viewTimeSheet |= ur.getOrgAdminDepartments().contains(dept);
397                 viewTimeSheet |= ur.getApproverWorkAreas().contains(wa);
398                 viewTimeSheet |= ur.getReviewerWorkAreas().contains(wa);
399                 viewTimeSheet |= ur.getDepartmentViewOnlyDepartments()
400                         .contains(dept);
401             }
402         }
403 
404         return viewTimeSheet;
405     }
406 
407     @Override
408     public boolean canEditTimesheet(TimesheetDocument document) {
409         boolean editTimeSheet = false;
410         UserRoles ur = TKContext.getUser().getCurrentTargetRoles();
411 
412         // Quick escape.
413         if (document == null)
414             return editTimeSheet;
415 
416         // Sysadmin
417         editTimeSheet = ur.isSystemAdmin();
418         // Owner (and not enroute/final)
419         editTimeSheet |= (StringUtils.equals(ur.getPrincipalId(),
420                 document.getPrincipalId()) && (StringUtils.equals(
421                 TkConstants.ROUTE_STATUS.INITIATED, document
422                 .getDocumentHeader().getDocumentStatus())
423                 || StringUtils.equals(TkConstants.ROUTE_STATUS.SAVED, document
424                 .getDocumentHeader().getDocumentStatus()) || (StringUtils
425                 .equals(TkConstants.ROUTE_STATUS.ENROUTE, document
426                         .getDocumentHeader().getDocumentStatus()))));
427 
428         if (!editTimeSheet) {
429             // Departmental View Only? || Reviewer || Org Admin || Approver
430             // (document object iteration)
431             List<Assignment> assignments = document.getAssignments();
432             for (Assignment assignment : assignments) {
433                 String dept = assignment.getDept();
434                 Long wa = assignment.getWorkArea();
435 
436                 editTimeSheet |= ur.getOrgAdminDepartments().contains(dept);
437                 editTimeSheet |= ur.getApproverWorkAreas().contains(wa);
438                 editTimeSheet |= ur.getReviewerWorkAreas().contains(wa);
439             }
440         }
441 
442         return editTimeSheet;
443     }
444 
445     @Override
446     public boolean canEditTimesheet(String documentId) {
447         return canEditTimesheet(TkServiceLocator.getTimesheetService()
448                 .getTimesheetDocument(documentId));
449     }
450 
451     @Override
452     public boolean canApproveTimesheet(TimesheetDocument doc) {
453 
454         TimesheetDocumentHeader docHeader = TkServiceLocator
455                 .getTimesheetDocumentHeaderService().getDocumentHeader(
456                         doc.getDocumentId());
457         boolean isEnroute = StringUtils.equals(docHeader.getDocumentStatus(),
458                 "ENROUTE");
459 
460         if (isEnroute) {
461             DocumentRouteHeaderValue routeHeader = KEWServiceLocator
462                     .getRouteHeaderService().getRouteHeader(doc.getDocumentId());
463             boolean authorized = KEWServiceLocator.getDocumentSecurityService()
464                     .routeLogAuthorized(TKContext.getPrincipalId(),
465                             routeHeader,
466                             new SecuritySession(TKContext.getPrincipalId()));
467             if (authorized) {
468                 List<String> principalsToApprove = KEWServiceLocator
469                         .getActionRequestService()
470                         .getPrincipalIdsWithPendingActionRequestByActionRequestedAndDocId(
471                                 KewApiConstants.ACTION_REQUEST_APPROVE_REQ,
472                                 routeHeader.getDocumentId());
473                 if (!principalsToApprove.isEmpty()
474                         && principalsToApprove.contains(TKContext
475                         .getPrincipalId())) {
476                     return true;
477                 }
478             }
479         }
480         return false;
481     }
482 
483     @Override
484     public boolean canSubmitTimesheet(TimesheetDocument doc) {
485         UserRoles ur = TKContext.getUser().getCurrentTargetRoles();
486 
487         if (StringUtils
488                 .equals(TKContext.getPrincipalId(), doc.getPrincipalId())) {
489             return true;
490         }
491 
492         if (ur.isApproverForTimesheet(doc)) {
493             return true;
494         }
495 
496         // System admins can route the document as well as the employee
497         if (ur.isSystemAdmin()) {
498             return true;
499         }
500         return false;
501     }
502 
503     @Override
504     public boolean canSubmitTimesheet(String docId) {
505         TimesheetDocument doc = TkServiceLocator.getTimesheetService()
506                 .getTimesheetDocument(docId);
507         return canSubmitTimesheet(doc);
508     }
509 
510     @Override
511     public boolean canViewLinkOnMaintPages() {
512         return TKContext.getUser().isSystemAdmin()
513                 || TKContext.getUser().isGlobalViewOnly();
514     }
515 
516     @Override
517     public boolean canViewDeptMaintPages() {
518         UserRoles ur = TKContext.getUser().getCurrentTargetRoles();
519 
520         return ur.isSystemAdmin() || ur.isGlobalViewOnly()
521                 || ur.getOrgAdminCharts().size() > 0
522                 || ur.getOrgAdminDepartments().size() > 0
523                 || ur.getDepartmentViewOnlyDepartments().size() > 0
524                 || ur.isAnyApproverActive();
525     }
526 
527     @Override
528     public boolean canViewDeptMaintPages(DepartmentalRule dr) {
529         boolean ret = false;
530         if (TKContext.getUser().isSystemAdmin() || TKContext.getUser().isGlobalViewOnly())
531             return true;
532 
533         if (dr != null) {
534             // dept | workArea | meaning
535             // ---------|------------|
536             // 1: % , -1 , any dept/work area valid roles
537             // *2: % , <defined> , must have work area <-- *
538             // 3: <defined>, -1 , must have dept, any work area
539             // 4: <defined>, <defined> , must have work area or department
540             // defined
541             //
542             // * Not permitted.
543 
544             if (StringUtils
545                     .equals(dr.getDept(), TkConstants.WILDCARD_CHARACTER)
546                     && dr.getWorkArea().equals(TkConstants.WILDCARD_LONG)) {
547                 // case 1
548                 ret = TKContext.getUser().isApprover()
549                         || TKContext.getUser().getLocationAdminAreas().size() > 0
550                         || TKContext.getUser().getDepartmentAdminAreas().size() > 0;
551             } else if (StringUtils.equals(dr.getDept(),
552                     TkConstants.WILDCARD_CHARACTER)) {
553                 // case 2 *
554                 // Should not encounter this case.
555                 LOG.error("Invalid case encountered while scanning business objects: Wildcard Department & Defined workArea.");
556             } else if (dr.getWorkArea().equals(TkConstants.WILDCARD_LONG)) {
557                 // case 3
558                 ret = TKContext.getUser().getDepartmentAdminAreas().contains(dr.getDept());
559             } else {
560                 ret = TKContext.getUser().getApproverWorkAreas().contains(dr.getWorkArea())
561                         || TKContext.getUser().getDepartmentAdminAreas().contains(dr.getDept());
562             }
563         }
564 
565         return ret;
566     }
567 
568     @Override
569     public boolean canEditDeptMaintPages() {
570         UserRoles ur = TKContext.getUser().getCurrentTargetRoles();
571         return ur.isSystemAdmin() || ur.getOrgAdminCharts().size() > 0
572                 || ur.getOrgAdminDepartments().size() > 0;
573     }
574 
575     @Override
576     public boolean canEditDeptMaintPages(DepartmentalRule dr) {
577         boolean ret = false;
578         if (TKContext.getUser().isSystemAdmin())
579             return true;
580 
581         if (dr != null && TKContext.getUser().getDepartmentAdminAreas().size() > 0) {
582             String dept = dr.getDept();
583             if (StringUtils.equals(dept, TkConstants.WILDCARD_CHARACTER)) {
584                 // Must be system administrator
585                 ret = false;
586             } else {
587                 // Must have parent Department
588                 ret = TKContext.getUser().getDepartmentAdminAreas().contains(dr.getDept());
589             }
590         }
591 
592         return ret;
593     }
594 
595     @Override
596     public boolean canWildcardWorkAreaInDeptRule(DepartmentalRule dr) {
597         // Sysadmins and (Departmental OrgAdmins for their Department)
598         if (TKContext.getUser().isSystemAdmin())
599             return true;
600 
601         String dept = dr.getDept();
602         if (StringUtils.equals(dept, TkConstants.WILDCARD_CHARACTER)) {
603             // Only system administrators can wildcard the work area if the
604             // department also has a wildcard.
605             return TKContext.getUser().isSystemAdmin();
606         } else {
607             return TKContext.getUser().getDepartmentAdminAreas().contains(dept);
608         }
609     }
610 
611     @Override
612     public boolean canWildcardDeptInDeptRule(DepartmentalRule dr) {
613         return TKContext.getUser().isSystemAdmin();
614     }
615 
616     @Override
617     public boolean canEditOvertimeEarnCode(TimeBlock tb) {
618         WorkArea workArea = TkServiceLocator.getWorkAreaService().getWorkArea(tb.getWorkArea(), new java.sql.Date(tb.getEndTimestamp().getTime()));
619         if (StringUtils.equals(workArea.getOvertimeEditRole(), TkConstants.ROLE_TK_EMPLOYEE)) {
620             return true;
621         } else if (StringUtils.equals(workArea.getOvertimeEditRole(), TkConstants.ROLE_TK_APPROVER) ||
622                 StringUtils.equals(workArea.getOvertimeEditRole(), TkConstants.ROLE_TK_APPROVER_DELEGATE)) {
623             return TKContext.getUser().getApproverWorkAreas().contains(workArea.getWorkArea());
624         } else {
625             return TKContext.getUser().getDepartmentAdminAreas().contains(workArea.getDepartment());
626         }
627     }
628     
629     /*
630      * @see org.kuali.hr.time.permissions.TkPermissionsService#canEditRegEarnCode(org.kuali.hr.time.timeblock.TimeBlock)
631      * this method is used in calendar.tag
632      * it's only used when a user is working on its own timesheet, regular earn code cannot be editable on clock entered time block
633      */
634     @Override
635     public boolean canEditRegEarnCode(TimeBlock tb) {
636     	AssignmentDescriptionKey adk = new AssignmentDescriptionKey(tb.getJobNumber().toString(), tb.getWorkArea().toString(), tb.getTask().toString());
637         Assignment anAssignment = TkServiceLocator.getAssignmentService().getAssignment(adk, tb.getBeginDate());
638         if(anAssignment != null) {
639         	// use timesheet's end date to get Time Collection Rule
640         	TimesheetDocumentHeader tdh = TkServiceLocator.getTimesheetDocumentHeaderService().getDocumentHeader(tb.getDocumentId());
641         	Date aDate =  tb.getBeginDate();
642         	if(tdh != null && tdh.getPayEndDate() != null) {
643         		aDate = new java.sql.Date(tdh.getPayEndDate().getTime());
644         	}
645         	TimeCollectionRule tcr = TkServiceLocator.getTimeCollectionRuleService()
646         								.getTimeCollectionRule(anAssignment.getDept(), anAssignment.getWorkArea()
647         										, anAssignment.getJob().getHrPayType(), aDate);
648         	if(tcr != null && tcr.isClockUserFl()) {
649         		// use assignment to get the payType object, then check if the regEarnCode of the paytyep matches the earn code of the timeblock
650         		// if they do match, then return false
651         		PayType pt = TkServiceLocator.getPayTypeService().getPayType(anAssignment.getJob().getHrPayType(), anAssignment.getJob().getEffectiveDate());
652         		if(pt != null && pt.getRegEarnCode().equals(tb.getEarnCode())) {
653         			return false;
654         		}
655         	}
656         }
657     	return true;
658     }
659 
660     @Override
661     public boolean canDeleteDeptLunchDeduction() {
662         return TKContext.getUser().isAnyApproverActive();
663     }
664 
665     @Override
666     public boolean canAddSystemLevelRole() {
667         // TODO Auto-generated method stub
668         return false;
669     }
670 
671     @Override
672     public boolean canAddLocationLevelRoles() {
673         // TODO Auto-generated method stub
674         return false;
675     }
676 
677     @Override
678     public boolean canAddDepartmentLevelRoles() {
679         // TODO Auto-generated method stub
680         return false;
681     }
682 
683     @Override
684     public boolean canAddWorkareaLevelRoles() {
685         // TODO Auto-generated method stub
686         return false;
687     }
688 
689     public boolean hasManagerialRolesOnWorkArea(TimeBlock tb) {
690         return TKContext.getUser().getApproverWorkAreas().contains(tb.getWorkArea())
691                || TKContext.getUser().getReviewerWorkAreas().contains(tb.getWorkArea());
692     }
693     
694     @Override
695     public boolean canViewTimeTabs() {
696     	boolean canViewTimeTabs = false;
697     	Date asOfDate = TKUtils.getTimelessDate(null);
698     	String flsaStatus = TkConstants.FLSA_STATUS_NON_EXEMPT;
699     	// find active assignments as of currentDate
700     	String principalId = TKUser.getCurrentTargetPerson().getPrincipalId();
701     	if(isActiveAssignmentFoundOnJobFlsaStatus(principalId, flsaStatus)) {
702     		//find timecalendar defined
703     		canViewTimeTabs = isCalendarDefined(principalId, asOfDate);
704     	}
705     	return canViewTimeTabs;
706     }
707     
708     private boolean isActiveAssignmentFoundOnJobFlsaStatus(String principalId, String flsaStatus) {
709     	boolean isActiveAssFound = false;
710     	Date asOfDate = TKUtils.getTimelessDate(null);
711      	List<Assignment> activeAssignments = TkServiceLocator.getAssignmentService().getAssignments(principalId, asOfDate);
712      	if(activeAssignments != null && !activeAssignments.isEmpty()) {
713      		for(Assignment assignment : activeAssignments) {
714      			if(assignment != null && assignment.getJob() != null && assignment.getJob().getFlsaStatus() != null && assignment.getJob().getFlsaStatus().equalsIgnoreCase(flsaStatus)) {
715      				isActiveAssFound = true;
716      				break;
717      			}  
718      		}
719      	}
720     	return isActiveAssFound;
721     }
722     
723     private boolean isCalendarDefined(String principalId, Date asOfDate){
724     	boolean calDefined = false;
725     	PrincipalHRAttributes principalHRAttributes = TkServiceLocator.getPrincipalHRAttributeService().getPrincipalCalendar(principalId, asOfDate);
726     	if(principalHRAttributes != null) {
727     		calDefined = principalHRAttributes.getPayCalendar() != null ? true : false;
728     	}
729     	return calDefined;
730     }
731 
732 }