001 /**
002 * Copyright 2004-2013 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.hr.time.web;
017
018 import javax.servlet.http.HttpServletRequest;
019 import javax.servlet.http.HttpServletResponse;
020
021 import org.apache.commons.lang.StringUtils;
022 import org.apache.log4j.Logger;
023 import org.apache.struts.action.ActionForm;
024 import org.apache.struts.action.ActionForward;
025 import org.apache.struts.action.ActionMapping;
026 import org.apache.struts.action.ActionRedirect;
027 import org.kuali.hr.time.base.web.TkAction;
028 import org.kuali.hr.time.base.web.TkForm;
029 import org.kuali.hr.time.roles.TkUserRoles;
030 import org.kuali.hr.time.util.TKContext;
031 import org.kuali.hr.time.util.TKUser;
032 import org.kuali.rice.krad.exception.AuthorizationException;
033 import org.kuali.rice.krad.util.GlobalVariables;
034
035 public class TimeAction extends TkAction {
036
037 private static final Logger LOG = Logger.getLogger(TimeAction.class);
038
039 @Override
040 protected void checkTKAuthorization(ActionForm form, String methodToCall) throws AuthorizationException {
041 TkForm tkForm = (TkForm) form;
042
043 if (StringUtils.equals(methodToCall, "targetEmployee") || StringUtils.equals(methodToCall, "changeEmployee") || StringUtils.equals(methodToCall, "clearBackdoor") || StringUtils.equals(methodToCall, "clearChangeUser")) {
044 // Handle security validation in targetEmployee action, we may need
045 // to check the document for validity, since the user may not
046 // necessarily be a system administrator.
047 } else {
048 if (!TKContext.getUser().isSystemAdmin()
049 && !TKContext.getUser().isLocationAdmin()
050 && !TKContext.getUser().isDepartmentAdmin()
051 && !TKContext.getUser().isGlobalViewOnly()
052 && !TKContext.getUser().isDeptViewOnly()
053 && (tkForm.getDocumentId() != null && !TKContext.getUser().isApproverForTimesheet(tkForm.getDocumentId()))
054 && (tkForm.getDocumentId() != null && !TKContext.getUser().isDocumentReadable(tkForm.getDocumentId()))) {
055 throw new AuthorizationException("", "TimeAction", "");
056 }
057 }
058 }
059
060
061 @Override
062 public ActionForward execute(ActionMapping mapping, ActionForm form,
063 HttpServletRequest request, HttpServletResponse response)
064 throws Exception {
065 TKUser user = TKContext.getUser();
066 if (user != null) {
067 if (TKContext.getUser().isSystemAdmin()) {
068 return new ActionRedirect("/portal.do");
069 } else if (TKContext.getUser().isDepartmentAdmin()
070 && !user.isSynchronous()) {
071 return new ActionRedirect("/portal.do");
072 } else if (TKContext.getUser().isApprover()
073 && !user.isSynchronous()) {
074 return new ActionRedirect("/TimeApproval.do");
075 } else if (TKContext.getUser().isReviewer()
076 && !user.isSynchronous()) {
077 return new ActionRedirect("/TimeApproval.do");
078 } else if (user.isActiveEmployee()
079 && !user.isSynchronous()) {
080 return new ActionRedirect("/TimeDetail.do");
081 } else if (user.isSynchronous()) {
082 return new ActionRedirect("/Clock.do");
083 } else {
084 return new ActionRedirect("/PersonInfo.do");
085 }
086 }
087 return super.execute(mapping, form, request, response);
088 }
089
090 }