001 /** 002 * Copyright 2004-2013 The Kuali Foundation 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 package org.kuali.hr.time.web; 017 018 import javax.servlet.http.HttpServletRequest; 019 import javax.servlet.http.HttpServletResponse; 020 021 import org.apache.commons.lang.StringUtils; 022 import org.apache.log4j.Logger; 023 import org.apache.struts.action.ActionForm; 024 import org.apache.struts.action.ActionForward; 025 import org.apache.struts.action.ActionMapping; 026 import org.apache.struts.action.ActionRedirect; 027 import org.kuali.hr.time.base.web.TkAction; 028 import org.kuali.hr.time.base.web.TkForm; 029 import org.kuali.hr.time.roles.TkUserRoles; 030 import org.kuali.hr.time.util.TKContext; 031 import org.kuali.hr.time.util.TKUser; 032 import org.kuali.rice.krad.exception.AuthorizationException; 033 import org.kuali.rice.krad.util.GlobalVariables; 034 035 public class TimeAction extends TkAction { 036 037 private static final Logger LOG = Logger.getLogger(TimeAction.class); 038 039 @Override 040 protected void checkTKAuthorization(ActionForm form, String methodToCall) throws AuthorizationException { 041 TkForm tkForm = (TkForm) form; 042 043 if (StringUtils.equals(methodToCall, "targetEmployee") || StringUtils.equals(methodToCall, "changeEmployee") || StringUtils.equals(methodToCall, "clearBackdoor") || StringUtils.equals(methodToCall, "clearChangeUser")) { 044 // Handle security validation in targetEmployee action, we may need 045 // to check the document for validity, since the user may not 046 // necessarily be a system administrator. 047 } else { 048 if (!TKContext.getUser().isSystemAdmin() 049 && !TKContext.getUser().isLocationAdmin() 050 && !TKContext.getUser().isDepartmentAdmin() 051 && !TKContext.getUser().isGlobalViewOnly() 052 && !TKContext.getUser().isDeptViewOnly() 053 && (tkForm.getDocumentId() != null && !TKContext.getUser().isApproverForTimesheet(tkForm.getDocumentId())) 054 && (tkForm.getDocumentId() != null && !TKContext.getUser().isDocumentReadable(tkForm.getDocumentId()))) { 055 throw new AuthorizationException("", "TimeAction", ""); 056 } 057 } 058 } 059 060 061 @Override 062 public ActionForward execute(ActionMapping mapping, ActionForm form, 063 HttpServletRequest request, HttpServletResponse response) 064 throws Exception { 065 TKUser user = TKContext.getUser(); 066 if (user != null) { 067 if (TKContext.getUser().isSystemAdmin()) { 068 return new ActionRedirect("/portal.do"); 069 } else if (TKContext.getUser().isDepartmentAdmin() 070 && !user.isSynchronous()) { 071 return new ActionRedirect("/portal.do"); 072 } else if (TKContext.getUser().isApprover() 073 && !user.isSynchronous()) { 074 return new ActionRedirect("/TimeApproval.do"); 075 } else if (TKContext.getUser().isReviewer() 076 && !user.isSynchronous()) { 077 return new ActionRedirect("/TimeApproval.do"); 078 } else if (user.isActiveEmployee() 079 && !user.isSynchronous()) { 080 return new ActionRedirect("/TimeDetail.do"); 081 } else if (user.isSynchronous()) { 082 return new ActionRedirect("/Clock.do"); 083 } else { 084 return new ActionRedirect("/PersonInfo.do"); 085 } 086 } 087 return super.execute(mapping, form, request, response); 088 } 089 090 }