View Javadoc
1   /*
2    * Copyright 2010 The Kuali Foundation.
3    * 
4    * Licensed under the Educational Community License, Version 1.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    * http://www.opensource.org/licenses/ecl1.php
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.kuali.ole.coa.document.authorization;
18  
19  import java.util.HashMap;
20  import java.util.Map;
21  import java.util.Set;
22  
23  import org.kuali.ole.coa.businessobject.Organization;
24  import org.kuali.ole.sys.OLEConstants;
25  import org.kuali.ole.sys.OLEPropertyConstants;
26  import org.kuali.ole.sys.context.SpringContext;
27  import org.kuali.ole.sys.document.authorization.FinancialSystemMaintenanceDocumentPresentationControllerBase;
28  import org.kuali.ole.sys.identity.OleKimAttributes;
29  import org.kuali.rice.kim.api.KimConstants;
30  import org.kuali.rice.kim.api.identity.Person;
31  import org.kuali.rice.kim.api.services.IdentityManagementService;
32  import org.kuali.rice.kns.document.MaintenanceDocument;
33  import org.kuali.rice.krad.datadictionary.AttributeSecurity;
34  import org.kuali.rice.krad.service.DataDictionaryService;
35  import org.kuali.rice.krad.util.GlobalVariables;
36  
37  /**
38   * This class can be shared by all account-involved maintenance documents which have special nested reference accounts.
39   */
40  public class OrganizationtMaintenanceDocumentPresentationController extends FinancialSystemMaintenanceDocumentPresentationControllerBase {
41      /**
42       * @see org.kuali.rice.krad.document.authorization.MaintenanceDocumentPresentationControllerBase#getConditionallyReadOnlyPropertyNames(org.kuali.rice.kns.document.MaintenanceDocument)
43       * 
44       * This methods adds the extra COA code fields that are PKs of nested reference accounts but don't exist in the BO as FKs
45       * to the readOnlyPropertyNames set when accounts can't cross charts. 
46       * Since these fields aren't included in AccountPersistenceStructureService.listChartOfAccountsCodeNames as 
47       * in super.getConditionallyReadOnlyPropertyNames, they need to be added individually for such special cases.
48       */
49      @Override
50      public Set<String> getConditionallyReadOnlyPropertyNames(MaintenanceDocument document) {
51          Set<String> readOnlyPropertyNames = super.getConditionallyReadOnlyPropertyNames(document);
52  
53          DataDictionaryService dataDictionaryService = SpringContext.getBean(DataDictionaryService.class);
54          
55          AttributeSecurity chartReadOnlyAttributeSecurity = dataDictionaryService.getAttributeSecurity(Organization.class.getName(), OLEPropertyConstants.CAMPUS_PLANT_CHART_CODE);
56          chartReadOnlyAttributeSecurity.setReadOnly(true);
57  
58          AttributeSecurity plantAccountReadOnlyAttributeSecurity = dataDictionaryService.getAttributeSecurity(Organization.class.getName(), OLEPropertyConstants.CAMPUS_PLANT_ACCOUNT_NUMBER);
59          plantAccountReadOnlyAttributeSecurity.setReadOnly(true);
60          
61          AttributeSecurity OrgChartReadOnlyAttributeSecurity = dataDictionaryService.getAttributeSecurity(Organization.class.getName(), OLEPropertyConstants.ORGANIZATION_PLANT_CHART_CODE);
62          OrgChartReadOnlyAttributeSecurity.setReadOnly(true);
63  
64          AttributeSecurity orgPlantAccountReadOnlyAttributeSecurity = dataDictionaryService.getAttributeSecurity(Organization.class.getName(), OLEPropertyConstants.ORGANIZATION_PLANT_ACCOUNT_NUMBER);
65          orgPlantAccountReadOnlyAttributeSecurity.setReadOnly(true);
66          
67          Organization organization = (Organization) document.getNewMaintainableObject().getDataObject(); 
68  
69          // get user
70          Person user = GlobalVariables.getUserSession().getPerson();
71          Map<String,String> roleQualifiers = new HashMap<String,String>();
72          
73          if (isCampuChartManagerAuthorized(user, OLEPropertyConstants.CAMPUS_PLANT_CHART_CODE, roleQualifiers)) {
74              chartReadOnlyAttributeSecurity.setReadOnly(false);
75          }
76          if (isCampuChartManagerAuthorized(user, OLEPropertyConstants.CAMPUS_PLANT_ACCOUNT_NUMBER, roleQualifiers)) {
77              plantAccountReadOnlyAttributeSecurity.setReadOnly(false);
78          }
79  
80          if (isCampuChartManagerAuthorized(user, OLEPropertyConstants.ORGANIZATION_PLANT_CHART_CODE, roleQualifiers)) {
81              OrgChartReadOnlyAttributeSecurity.setReadOnly(false);
82          }
83          
84          if (isCampuChartManagerAuthorized(user, OLEPropertyConstants.ORGANIZATION_PLANT_ACCOUNT_NUMBER, roleQualifiers)) {
85              orgPlantAccountReadOnlyAttributeSecurity.setReadOnly(false);
86          }
87  
88          return readOnlyPropertyNames;                
89      }
90      
91      /**
92       * This method checks whether the specified user is part of the group who can approve 
93       * at the campus chart level when the plant fund attributes are null.
94       * 
95       * @param user
96       * @parm propertyName
97       * @param roleQualifiers
98       * @return true if belongs to campus chart group else return false.
99       */
100     protected boolean isCampuChartManagerAuthorized(Person user, String propertyName, Map<String,String> roleQualifiers) {
101         String principalId = user.getPrincipalId();
102         String namespaceCode = OLEConstants.ParameterNamespaces.KNS;
103         String permissionTemplateName = KimConstants.PermissionTemplateNames.MODIFY_FIELD;
104 
105         Map<String,String> permissionDetails = new HashMap<String,String>();
106         permissionDetails.put(KimConstants.AttributeConstants.COMPONENT_NAME, Organization.class.getSimpleName());
107         permissionDetails.put(KimConstants.AttributeConstants.PROPERTY_NAME, propertyName);
108 
109         IdentityManagementService identityManagementService = SpringContext.getBean(IdentityManagementService.class);
110         Boolean isAuthorized = identityManagementService.isAuthorizedByTemplateName(principalId, namespaceCode, permissionTemplateName, permissionDetails, roleQualifiers);
111         if (!isAuthorized) {
112             return false;
113         }
114         
115         return true;
116     }
117     
118 }