001    /**
002     * Copyright 2004-2013 The Kuali Foundation
003     *
004     * Licensed under the Educational Community License, Version 2.0 (the "License");
005     * you may not use this file except in compliance with the License.
006     * You may obtain a copy of the License at
007     *
008     * http://www.opensource.org/licenses/ecl2.php
009     *
010     * Unless required by applicable law or agreed to in writing, software
011     * distributed under the License is distributed on an "AS IS" BASIS,
012     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013     * See the License for the specific language governing permissions and
014     * limitations under the License.
015     */
016    package org.kuali.hr.time.roles;
017    
018    import java.util.HashMap;
019    import java.util.HashSet;
020    import java.util.List;
021    import java.util.Map;
022    import java.util.Set;
023    
024    import org.apache.commons.collections.CollectionUtils;
025    import org.apache.commons.collections.MapUtils;
026    import org.apache.commons.lang.StringUtils;
027    import org.kuali.hr.core.document.calendar.CalendarDocumentContract;
028    import org.kuali.hr.job.Job;
029    import org.kuali.hr.time.assignment.Assignment;
030    import org.kuali.hr.time.department.Department;
031    import org.kuali.hr.time.service.base.TkServiceLocator;
032    import org.kuali.hr.time.timesheet.TimesheetDocument;
033    import org.kuali.hr.time.util.TKContext;
034    import org.kuali.hr.time.util.TKUtils;
035    import org.kuali.hr.time.util.TkConstants;
036    import org.kuali.rice.krad.util.GlobalVariables;
037    
038    /**
039     * TkUserRoles encapsulates the concept of roles for a single user and provides
040     * lookup methods for quick Role checking. This object will be stored in TkUser.
041     */
042    public class TkUserRoles implements UserRoles {
043        private boolean synchronousAssignments = false;
044        private TkRole globalViewOnly;
045        private TkRole systemAdmin;
046        private String principalId;
047    
048        private Map<String, TkRole> orgAdminRolesDept = new HashMap<String, TkRole>();
049        private Map<String, TkRole> orgAdminRolesChart = new HashMap<String, TkRole>();
050        private Map<Long, TkRole> approverRoles = new HashMap<Long, TkRole>();
051        private Map<Long, TkRole> approverDelegateRoles = new HashMap<Long, TkRole>();
052        private Map<Long, TkRole> reviewerRoles = new HashMap<Long, TkRole>();
053    
054        private Map<String, TkRole> deptViewOnlyRoles = new HashMap<String, TkRole>();
055        private Set<String> activeAssignmentIds = new HashSet<String>();
056        
057        public static TkUserRoles getUserRoles(String principalId) {
058            List<TkRole> roles = TkServiceLocator.getTkRoleService().getRoles(principalId, TKUtils.getCurrentDate());
059                    List<Assignment> assignments = TkServiceLocator.getAssignmentService().getAssignments(principalId, TKUtils.getCurrentDate());
060                    
061                    return new TkUserRoles(principalId, roles, assignments);
062        }
063    
064        /**
065         * Does not keep reference to the assignment objects.  We just need the IDs,
066         * so in future refactoring, if we have a lighter weight call to obtain
067         * assignments, we could use that and modify this code.
068         *
069         * @param roles
070         * @param assignments
071         */
072        private TkUserRoles(String principalId, List<TkRole> roles, List<Assignment> assignments) {
073            this.principalId = principalId;
074            setRoles(roles);
075            setAssignments(assignments);
076        }
077    
078        @Override
079        public boolean isLocationAdmin() {
080            return CollectionUtils.isNotEmpty(getOrgAdminCharts());
081        }
082    
083        @Override
084        public boolean isDepartmentAdmin() {
085            return CollectionUtils.isNotEmpty(getOrgAdminDepartments());
086        }
087    
088        public String getPrincipalId() {
089            return principalId;
090        }
091    
092        public void setPrincipalId(String principalId) {
093            this.principalId = principalId;
094        }
095    
096        @Override
097        public Set<Long> getApproverWorkAreas() {
098            Set<Long> workAreas = new HashSet<Long>();
099            workAreas.addAll(approverRoles.keySet());
100            workAreas.addAll(approverDelegateRoles.keySet());
101            return workAreas;
102        }
103    
104        @Override
105        public Set<Long> getReviewerWorkAreas() {
106            return reviewerRoles.keySet();
107        }
108    
109        @Override
110        public Set<String> getOrgAdminDepartments() {
111            return orgAdminRolesDept.keySet();
112        }
113    
114        @Override
115        public Set<String> getOrgAdminCharts() {
116            return orgAdminRolesChart.keySet();
117        }
118    
119        @Override
120        public Set<String> getDepartmentViewOnlyDepartments() {
121            return deptViewOnlyRoles.keySet();
122        }
123    
124        /**
125         * Accessor method to obtain the Set of active Assignment ids for the
126         * current employee.
127         *
128         * @return a Set of active assignment IDs
129         */
130        @Override
131        public Set<String> getActiveAssignmentIds() {
132            return activeAssignmentIds;
133        }
134    
135        @Override
136        public boolean isSystemAdmin() {
137            return systemAdmin != null;
138        }
139    
140        @Override
141        public boolean isGlobalViewOnly() {
142            return globalViewOnly != null;
143        }
144    
145        public boolean isDeptViewOnly() {
146            return MapUtils.isNotEmpty(deptViewOnlyRoles);
147        }
148    
149        @Override
150        public boolean isSynchronous() {
151            return synchronousAssignments;
152        }
153        
154            public boolean isReviewer() {
155                    return CollectionUtils.isNotEmpty(TkUserRoles.getUserRoles(GlobalVariables.getUserSession().getPrincipalId()).getReviewerWorkAreas());
156            }
157    
158            public boolean isApprover() {
159                    return CollectionUtils.isNotEmpty(TkUserRoles.getUserRoles(GlobalVariables.getUserSession().getPrincipalId()).getApproverWorkAreas());
160            }
161    
162        /**
163         * Place the TkRole objects in the provided List into their appropriate
164         * buckets for fast lookup.
165         *
166         * @param roles A List of TkRole objects for the current user.
167         */
168        public void setRoles(List<TkRole> roles) {
169            for (TkRole role : roles) {
170                if (role.getRoleName().equals(TkConstants.ROLE_TK_APPROVER)) {
171                    approverRoles.put(role.getWorkArea(), role);
172                } else if (role.getRoleName().equals(TkConstants.ROLE_TK_APPROVER_DELEGATE)) {
173                    approverDelegateRoles.put(role.getWorkArea(), role);
174                } else if (role.getRoleName().equals(TkConstants.ROLE_TK_LOCATION_ADMIN) ||
175                                    role.getRoleName().equals(TkConstants.ROLE_LV_DEPT_ADMIN)) {
176                    if (!StringUtils.isEmpty(role.getChart())) {
177                        orgAdminRolesChart.put(role.getChart(), role);
178                        List<Department> ds = TkServiceLocator.getDepartmentService().getDepartments(role.getChart(), TKUtils.getCurrentDate());
179                        for (Department d : ds) {
180                            orgAdminRolesDept.put(d.getDept(), role);
181                        }
182                    }
183                } else if (StringUtils.equals(role.getRoleName(), TkConstants.ROLE_TK_LOCATION_VO)) {
184                    if (!StringUtils.isEmpty(role.getChart())) {
185                        List<Department> ds = TkServiceLocator.getDepartmentService().getDepartments(role.getChart(), TKUtils.getCurrentDate());
186                        for (Department dept : ds) {
187                            deptViewOnlyRoles.put(dept.getDept(), role);
188                        }
189    
190                    }
191                } else if (role.getRoleName().equals(TkConstants.ROLE_TK_SYS_ADMIN)) {
192                    systemAdmin = role;
193                } else if (role.getRoleName().equals(TkConstants.ROLE_TK_DEPT_VO)) {
194                    deptViewOnlyRoles.put(role.getDepartment(), role);
195                } else if (role.getRoleName().equals(TkConstants.ROLE_TK_DEPT_ADMIN)) {
196                    orgAdminRolesDept.put(role.getDepartment(), role);
197                } else if (role.getRoleName().equals(TkConstants.ROLE_TK_GLOBAL_VO)) {
198                    globalViewOnly = role;
199                } else if (role.getRoleName().equals(TkConstants.ROLE_TK_REVIEWER)) {
200                    reviewerRoles.put(role.getWorkArea(), role);
201                }
202            }
203        }
204    
205        public void setAssignments(List<Assignment> assignments) {
206            for (Assignment a : assignments) {
207                activeAssignmentIds.add(a.getTkAssignmentId());
208                if (a.isSynchronous())
209                    synchronousAssignments = true;
210            }
211        }
212    
213        @Override
214        public boolean isActiveEmployee() {
215            return CollectionUtils.isNotEmpty(this.activeAssignmentIds);
216        }
217    
218        @Override
219        public boolean isTimesheetApprover() {
220            return MapUtils.isNotEmpty(this.approverRoles) || MapUtils.isNotEmpty(this.approverDelegateRoles);
221        }
222    
223        public boolean isTimesheetReviewer() {
224            return CollectionUtils.isNotEmpty(this.getReviewerWorkAreas());
225        }
226    
227        @Override
228        public boolean isAnyApproverActive() {
229            return MapUtils.isNotEmpty(this.approverRoles) || MapUtils.isNotEmpty(this.approverDelegateRoles);
230        }
231    
232        //Todo: rename method.  this is also used for leave calendar
233        @Override
234        public boolean isApproverForTimesheet(CalendarDocumentContract doc) {
235            boolean approver = false;
236    
237            if (this.isSystemAdmin()) {
238                return true;
239            }
240    
241            List<Assignment> assignments = doc.getAssignments();
242            for (Assignment assignment : assignments) {
243                if (this.approverRoles.containsKey(assignment.getWorkArea()) || this.approverDelegateRoles.containsKey(assignment.getWorkArea())) {
244                    return true;
245                }
246            }
247    
248            return approver;
249        }
250    
251        //Todo: rename method.  this is also used for leave calendar
252        @Override
253        public boolean isApproverForTimesheet(String docId) {
254            boolean approver = false;
255    
256            TimesheetDocument doc = TkServiceLocator.getTimesheetService().getTimesheetDocument(docId);
257            if (doc != null)
258                approver = isApproverForTimesheet(doc);
259    
260            return approver;
261        }
262    
263        @Override
264        public boolean isDocumentWritable(CalendarDocumentContract document) {
265            boolean writable = false;
266    
267            // Quick escape.
268            if (document == null)
269                return writable;
270    
271            // Sysadmin
272            writable = this.isSystemAdmin();
273            // Owner (and not enroute/final)
274            writable |= (StringUtils.equals(this.principalId, document.getDocumentHeader().getPrincipalId())
275                    && (StringUtils.equals(TkConstants.ROUTE_STATUS.INITIATED, document.getDocumentHeader().getDocumentStatus()) ||
276                    StringUtils.equals(TkConstants.ROUTE_STATUS.SAVED, document.getDocumentHeader().getDocumentStatus()) ||
277                    (StringUtils.equals(TkConstants.ROUTE_STATUS.ENROUTE, document.getDocumentHeader().getDocumentStatus()))));
278    
279    
280            if (!writable) {
281                // Departmental View Only? || Reviewer || Org Admin || Approver
282                // (document object iteration)
283                List<Assignment> assignments = document.getAssignments();
284                for (Assignment assignment : assignments) {
285                    String dept = assignment.getDept();
286                    Long wa = assignment.getWorkArea();
287                    // Dept admins should not have write access
288                    //writable |= this.orgAdminRolesDept.containsKey(dept);
289                    writable |= this.approverRoles.containsKey(wa);
290                    writable |= this.approverDelegateRoles.containsKey(wa);
291                    writable |= this.reviewerRoles.containsKey(wa);
292                }
293            }
294    
295            return writable;
296        }
297    
298        @Override
299        public boolean isDocumentWritable(String documentId) {
300            return isDocumentWritable(TkServiceLocator.getTimesheetService().getTimesheetDocument(documentId));
301        }
302    
303        @Override
304        public boolean isDocumentReadable(String documentId) {
305            boolean readable = false;
306    
307            if (documentId != null) {
308                return isDocumentReadable(TkServiceLocator.getTimesheetService().getTimesheetDocument(documentId));
309            }
310    
311            return readable;
312        }
313    
314        @Override
315        public boolean isDocumentReadable(CalendarDocumentContract document) {
316            boolean readable = false;
317    
318            // Quick escape.
319            if (document == null)
320                return readable;
321    
322            // Sysadmin
323            readable = this.isSystemAdmin();
324            // Owner
325            readable |= StringUtils.equals(this.principalId, document.getDocumentHeader().getPrincipalId());
326            // Global VO
327            readable |= this.isGlobalViewOnly();
328    
329            if (!readable) {
330                // Departmental View Only? || Reviewer || Org Admin || Approver
331                // (document object iteration)
332                List<Assignment> assignments = document.getAssignments();
333                for (Assignment assignment : assignments) {
334                    String dept = assignment.getDept();
335                    Long wa = assignment.getWorkArea();
336    
337                    readable |= this.orgAdminRolesDept.containsKey(dept);
338                    readable |= this.approverRoles.containsKey(wa);
339                    readable |= this.approverDelegateRoles.containsKey(wa);
340                    readable |= this.reviewerRoles.containsKey(wa);
341                    readable |= this.deptViewOnlyRoles.containsKey(dept);
342                    readable |= this.reviewerRoles.containsKey(wa);
343                }
344            }
345    
346            return readable;
347        }
348    
349        private boolean isLocationAdmin(CalendarDocumentContract doc) {
350            for (Assignment assign : doc.getAssignments()) {
351                String location = assign.getJob().getLocation();
352                return this.orgAdminRolesChart.containsKey(location);
353            }
354            return false;
355        }
356    
357        private boolean isDepartmentAdmin(CalendarDocumentContract doc) {
358            for (Assignment assign : doc.getAssignments()) {
359                String dept = assign.getDept();
360                return this.orgAdminRolesDept.containsKey(dept);
361            }
362            return false;
363        }
364    
365        @Override
366        public boolean canSubmitTimesheet(CalendarDocumentContract doc) {
367            if (StringUtils.equals(TKContext.getPrincipalId(), doc.getDocumentHeader().getPrincipalId())) {
368                return true;
369            }
370    
371            if (this.isApproverForTimesheet(doc)) {
372                return true;
373            }
374    
375            //System admins can route the document as well as the employee
376            if (this.isSystemAdmin()) {
377                return true;
378            }
379            return false;
380        }
381    
382        @Override
383        public boolean canSubmitTimesheet(String docId) {
384            TimesheetDocument doc = TkServiceLocator.getTimesheetService().getTimesheetDocument(docId);
385            return canSubmitTimesheet(doc);
386        }
387    
388        @Override
389        public boolean isApproverForPerson(String principalId) {
390            List<Assignment> lstAssignment = TkServiceLocator.getAssignmentService().getAssignments(principalId, TKUtils.getCurrentDate());
391    
392            Set<Long> workAreas = getUserRoles(GlobalVariables.getUserSession().getPrincipalId()).getApproverWorkAreas();
393            for (Assignment assignment : lstAssignment) {
394                if (workAreas.contains(assignment.getWorkArea())) {
395                    return true;
396                }
397            }
398    
399            return false;
400    
401        }
402    
403        @Override
404        public boolean isDepartmentAdminForPerson(String principalId) {
405            UserRoles userRoles = getUserRoles(GlobalVariables.getUserSession().getPrincipalId());
406    
407            // Department admin
408            // Department view only
409            if (userRoles.isDepartmentAdmin() || userRoles.isDeptViewOnly()) {
410                    List<Job> jobs = TkServiceLocator.getJobService().getJobs(principalId,TKUtils.getCurrentDate());
411                for (Job job : jobs) {
412                    if (getOrgAdminDepartments().contains(job.getDept())) {
413                        return true;
414                    }
415                }
416            }
417    
418            return false;
419        }
420    
421        @Override
422        public boolean isDeptViewOnlyForPerson(String principalId) {
423            return isDepartmentAdminForPerson(principalId);
424        }
425    
426        @Override
427        public boolean isLocationAdminForPerson(String principalId) {
428            List<TkRole> roles = TkServiceLocator.getTkRoleService().getRoles(principalId, TKUtils.getCurrentDate());
429    
430            if (CollectionUtils.isNotEmpty(roles)) {
431                for (TkRole role : roles) {
432                    if (this.getOrgAdminCharts().contains(role.getChart())) {
433                        return true;
434                    }
435                }
436            }
437    
438            return false;
439        }
440    
441        @Override
442        public boolean isTimesheetReviewerForPerson(String principalId) {
443            List<Assignment> lstAssignment = TkServiceLocator.getAssignmentService().getAssignments(principalId, TKUtils.getCurrentDate());
444    
445            for (Assignment assignment : lstAssignment) {
446                if (getReviewerWorkAreas().contains(assignment.getWorkArea())) {
447                    return true;
448                }
449            }
450            return false;
451        }
452    }