View Javadoc
1   /**
2    * Copyright 2005-2014 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kim.service.impl;
17  
18  import java.sql.Timestamp;
19  import java.util.ArrayList;
20  import java.util.Collection;
21  import java.util.Collections;
22  import java.util.Comparator;
23  import java.util.HashMap;
24  import java.util.HashSet;
25  import java.util.Iterator;
26  import java.util.List;
27  import java.util.Map;
28  import java.util.Set;
29  
30  import javax.xml.namespace.QName;
31  
32  import org.apache.commons.collections.CollectionUtils;
33  import org.apache.commons.lang.StringUtils;
34  import org.apache.log4j.Logger;
35  import org.joda.time.DateTime;
36  import org.kuali.rice.core.api.CoreApiServiceLocator;
37  import org.kuali.rice.core.api.config.property.ConfigContext;
38  import org.kuali.rice.core.api.criteria.Predicate;
39  import org.kuali.rice.core.api.criteria.PredicateFactory;
40  import org.kuali.rice.core.api.criteria.PredicateUtils;
41  import org.kuali.rice.core.api.criteria.QueryByCriteria;
42  import org.kuali.rice.core.api.datetime.DateTimeService;
43  import org.kuali.rice.core.api.membership.MemberType;
44  import org.kuali.rice.core.api.resourceloader.GlobalResourceLoader;
45  import org.kuali.rice.core.api.uif.RemotableCheckbox;
46  import org.kuali.rice.core.api.uif.RemotableCheckboxGroup;
47  import org.kuali.rice.coreservice.api.parameter.Parameter;
48  import org.kuali.rice.coreservice.framework.CoreFrameworkServiceLocator;
49  import org.kuali.rice.coreservice.framework.parameter.ParameterService;
50  import org.kuali.rice.kim.api.KimConstants;
51  import org.kuali.rice.kim.api.KimConstants.KimGroupMemberTypes;
52  import org.kuali.rice.kim.api.group.Group;
53  import org.kuali.rice.kim.api.group.GroupContract;
54  import org.kuali.rice.kim.api.group.GroupMember;
55  import org.kuali.rice.kim.api.group.GroupService;
56  import org.kuali.rice.kim.api.identity.IdentityService;
57  import org.kuali.rice.kim.api.identity.address.EntityAddress;
58  import org.kuali.rice.kim.api.identity.address.EntityAddressContract;
59  import org.kuali.rice.kim.api.identity.affiliation.EntityAffiliation;
60  import org.kuali.rice.kim.api.identity.email.EntityEmail;
61  import org.kuali.rice.kim.api.identity.email.EntityEmailContract;
62  import org.kuali.rice.kim.api.identity.employment.EntityEmployment;
63  import org.kuali.rice.kim.api.identity.entity.Entity;
64  import org.kuali.rice.kim.api.identity.entity.EntityDefault;
65  import org.kuali.rice.kim.api.identity.name.EntityName;
66  import org.kuali.rice.kim.api.identity.phone.EntityPhone;
67  import org.kuali.rice.kim.api.identity.phone.EntityPhoneContract;
68  import org.kuali.rice.kim.api.identity.principal.Principal;
69  import org.kuali.rice.kim.api.identity.principal.PrincipalContract;
70  import org.kuali.rice.kim.api.identity.privacy.EntityPrivacyPreferences;
71  import org.kuali.rice.kim.api.identity.type.EntityTypeContactInfo;
72  import org.kuali.rice.kim.api.permission.PermissionService;
73  import org.kuali.rice.kim.api.responsibility.ResponsibilityService;
74  import org.kuali.rice.kim.api.role.Role;
75  import org.kuali.rice.kim.api.role.RoleContract;
76  import org.kuali.rice.kim.api.role.RoleMember;
77  import org.kuali.rice.kim.api.role.RoleService;
78  import org.kuali.rice.kim.api.services.KimApiServiceLocator;
79  import org.kuali.rice.kim.api.type.KimAttributeField;
80  import org.kuali.rice.kim.api.type.KimType;
81  import org.kuali.rice.kim.api.type.KimTypeAttribute;
82  import org.kuali.rice.kim.api.type.KimTypeInfoService;
83  import org.kuali.rice.kim.bo.ui.GroupDocumentMember;
84  import org.kuali.rice.kim.bo.ui.GroupDocumentQualifier;
85  import org.kuali.rice.kim.bo.ui.KimDocumentRoleMember;
86  import org.kuali.rice.kim.bo.ui.KimDocumentRolePermission;
87  import org.kuali.rice.kim.bo.ui.KimDocumentRoleQualifier;
88  import org.kuali.rice.kim.bo.ui.KimDocumentRoleResponsibility;
89  import org.kuali.rice.kim.bo.ui.KimDocumentRoleResponsibilityAction;
90  import org.kuali.rice.kim.bo.ui.PersonDocumentAddress;
91  import org.kuali.rice.kim.bo.ui.PersonDocumentAffiliation;
92  import org.kuali.rice.kim.bo.ui.PersonDocumentEmail;
93  import org.kuali.rice.kim.bo.ui.PersonDocumentEmploymentInfo;
94  import org.kuali.rice.kim.bo.ui.PersonDocumentGroup;
95  import org.kuali.rice.kim.bo.ui.PersonDocumentName;
96  import org.kuali.rice.kim.bo.ui.PersonDocumentPhone;
97  import org.kuali.rice.kim.bo.ui.PersonDocumentPrivacy;
98  import org.kuali.rice.kim.bo.ui.PersonDocumentRole;
99  import org.kuali.rice.kim.bo.ui.RoleDocumentDelegation;
100 import org.kuali.rice.kim.bo.ui.RoleDocumentDelegationMember;
101 import org.kuali.rice.kim.bo.ui.RoleDocumentDelegationMemberQualifier;
102 import org.kuali.rice.kim.document.IdentityManagementGroupDocument;
103 import org.kuali.rice.kim.document.IdentityManagementPersonDocument;
104 import org.kuali.rice.kim.document.IdentityManagementRoleDocument;
105 import org.kuali.rice.kim.framework.services.KimFrameworkServiceLocator;
106 import org.kuali.rice.kim.framework.type.KimTypeService;
107 import org.kuali.rice.kim.impl.KIMPropertyConstants;
108 import org.kuali.rice.kim.impl.common.attribute.KimAttributeDataBo;
109 import org.kuali.rice.kim.impl.common.delegate.DelegateMemberAttributeDataBo;
110 import org.kuali.rice.kim.impl.common.delegate.DelegateMemberBo;
111 import org.kuali.rice.kim.impl.common.delegate.DelegateTypeBo;
112 import org.kuali.rice.kim.impl.group.GroupAttributeBo;
113 import org.kuali.rice.kim.impl.group.GroupBo;
114 import org.kuali.rice.kim.impl.group.GroupMemberBo;
115 import org.kuali.rice.kim.impl.identity.IdentityArchiveService;
116 import org.kuali.rice.kim.impl.identity.address.EntityAddressBo;
117 import org.kuali.rice.kim.impl.identity.address.EntityAddressTypeBo;
118 import org.kuali.rice.kim.impl.identity.affiliation.EntityAffiliationBo;
119 import org.kuali.rice.kim.impl.identity.affiliation.EntityAffiliationTypeBo;
120 import org.kuali.rice.kim.impl.identity.email.EntityEmailBo;
121 import org.kuali.rice.kim.impl.identity.email.EntityEmailTypeBo;
122 import org.kuali.rice.kim.impl.identity.employment.EntityEmploymentBo;
123 import org.kuali.rice.kim.impl.identity.employment.EntityEmploymentStatusBo;
124 import org.kuali.rice.kim.impl.identity.employment.EntityEmploymentTypeBo;
125 import org.kuali.rice.kim.impl.identity.entity.EntityBo;
126 import org.kuali.rice.kim.impl.identity.name.EntityNameBo;
127 import org.kuali.rice.kim.impl.identity.name.EntityNameTypeBo;
128 import org.kuali.rice.kim.impl.identity.phone.EntityPhoneBo;
129 import org.kuali.rice.kim.impl.identity.phone.EntityPhoneTypeBo;
130 import org.kuali.rice.kim.impl.identity.principal.PrincipalBo;
131 import org.kuali.rice.kim.impl.identity.privacy.EntityPrivacyPreferencesBo;
132 import org.kuali.rice.kim.impl.identity.type.EntityTypeContactInfoBo;
133 import org.kuali.rice.kim.impl.permission.PermissionBo;
134 import org.kuali.rice.kim.impl.responsibility.ResponsibilityInternalService;
135 import org.kuali.rice.kim.impl.role.RoleBo;
136 import org.kuali.rice.kim.impl.role.RoleBoLite;
137 import org.kuali.rice.kim.impl.role.RoleMemberAttributeDataBo;
138 import org.kuali.rice.kim.impl.role.RoleMemberBo;
139 import org.kuali.rice.kim.impl.role.RolePermissionBo;
140 import org.kuali.rice.kim.impl.role.RoleResponsibilityActionBo;
141 import org.kuali.rice.kim.impl.role.RoleResponsibilityBo;
142 import org.kuali.rice.kim.impl.services.KimImplServiceLocator;
143 import org.kuali.rice.kim.impl.type.KimTypeBo;
144 import org.kuali.rice.kim.service.UiDocumentService;
145 import org.kuali.rice.kim.util.KimCommonUtilsInternal;
146 import org.kuali.rice.kns.datadictionary.exporter.AttributesMapBuilder;
147 import org.kuali.rice.kns.kim.type.DataDictionaryTypeServiceHelper;
148 import org.kuali.rice.kns.service.DocumentHelperService;
149 import org.kuali.rice.kns.service.KNSServiceLocator;
150 import org.kuali.rice.krad.data.DataObjectService;
151 import org.kuali.rice.krad.data.KradDataServiceLocator;
152 import org.kuali.rice.krad.datadictionary.AttributeDefinition;
153 import org.kuali.rice.krad.datadictionary.exporter.ExportMap;
154 import org.kuali.rice.krad.document.Document;
155 import org.kuali.rice.krad.util.KRADConstants;
156 import org.kuali.rice.krad.util.KRADPropertyConstants;
157 import org.kuali.rice.krad.util.KRADUtils;
158 import org.kuali.rice.krad.util.ObjectUtils;
159 
160 /**
161  * This is a description of what this class does - shyu don't forget to fill this in.
162  *
163  * @author Kuali Rice Team (rice.collab@kuali.org)
164  *
165  */
166 @SuppressWarnings("deprecation")
167 public class UiDocumentServiceImpl implements UiDocumentService {
168 	private static final Logger LOG = Logger.getLogger(UiDocumentServiceImpl.class);
169 	private static final String SHOW_BLANK_QUALIFIERS = "kim.show.blank.qualifiers";
170     private static final String KIM_IDENTITY_ARCHIVE_SERVICE = "kimIdentityArchiveService";
171 
172     private RoleService roleService;
173 	private DataObjectService dataObjectService;
174 	private IdentityService identityService;
175     private PermissionService permissionService;
176 	private GroupService groupService;
177 	private ResponsibilityService responsibilityService;
178     private ResponsibilityInternalService responsibilityInternalService;
179 	private KimTypeInfoService kimTypeInfoService;
180     private DocumentHelperService documentHelperService;
181     private ParameterService parameterService;
182     private DateTimeService dateTimeService;
183 
184     /**
185 	 * @see org.kuali.rice.kim.service.UiDocumentService#saveEntityPerson(IdentityManagementPersonDocument)
186 	 */
187 	@Override
188     public void saveEntityPerson(
189 	    IdentityManagementPersonDocument identityManagementPersonDocument) {
190 		EntityBo kimEntity = new EntityBo();
191 		EntityBo origEntity = getEntityBo(identityManagementPersonDocument.getEntityId());
192 		boolean creatingNew = true;
193 		if (origEntity == null) {
194 			origEntity = new EntityBo();
195 			kimEntity.setActive(true);
196 		} else {
197 			// TODO : in order to resolve optimistic locking issue. has to get identity and set the version number if identity records matched
198 			// Need to look into this.
199 			//kimEntity = origEntity;
200 			kimEntity.setActive(origEntity.isActive());
201 			kimEntity.setVersionNumber(origEntity.getVersionNumber());
202 			creatingNew = false;
203 		}
204 
205 		kimEntity.setId(identityManagementPersonDocument.getEntityId());
206 		String initiatorPrincipalId = getInitiatorPrincipalId(identityManagementPersonDocument);
207 		boolean inactivatingPrincipal = false;
208 		if(canModifyEntity(initiatorPrincipalId, identityManagementPersonDocument.getPrincipalId())){
209 			inactivatingPrincipal = setupPrincipal(identityManagementPersonDocument, kimEntity, origEntity.getPrincipals());
210 			setupAffiliation(identityManagementPersonDocument, kimEntity, origEntity.getAffiliations(), origEntity.getEmploymentInformation());
211 			setupName(identityManagementPersonDocument, kimEntity, origEntity.getNames());
212 		// entitytype
213 			List<EntityTypeContactInfoBo> entityTypes = new ArrayList<EntityTypeContactInfoBo>();
214 			EntityTypeContactInfoBo entityType = new EntityTypeContactInfoBo();
215 			entityType.setEntityId(identityManagementPersonDocument.getEntityId());
216 			entityType.setEntityTypeCode(KimConstants.EntityTypes.PERSON);
217 			entityType.setActive(true);
218 			entityTypes.add(entityType);
219 			EntityTypeContactInfoBo origEntityType = new EntityTypeContactInfoBo();
220 			for (EntityTypeContactInfoBo type : origEntity.getEntityTypeContactInfos()) {
221 				// should check identity.entitytypeid, but it's not persist in persondoc yet
222 				if (type.getEntityTypeCode()!=null && StringUtils.equals(type.getEntityTypeCode(), entityType.getEntityTypeCode())) {
223 					origEntityType = type;
224 					entityType.setVersionNumber(type.getVersionNumber());
225 					entityType.setActive(type.isActive());
226 				}
227 			}
228 			setupPhone(identityManagementPersonDocument, entityType, origEntityType.getPhoneNumbers());
229 			setupEmail(identityManagementPersonDocument, entityType, origEntityType.getEmailAddresses());
230 			setupAddress(identityManagementPersonDocument, entityType, origEntityType.getAddresses());
231             kimEntity.setEntityTypeContactInfos(entityTypes);
232 		} else{
233             if(ObjectUtils.isNotNull(origEntity.getPrincipals())) {
234                 kimEntity.setPrincipals(origEntity.getPrincipals());
235             }
236             if(ObjectUtils.isNotNull(origEntity.getExternalIdentifiers())) {
237                 kimEntity.setExternalIdentifiers(origEntity.getExternalIdentifiers());
238             }
239 			if(ObjectUtils.isNotNull(origEntity.getEmploymentInformation())) {
240                 kimEntity.setEmploymentInformation(origEntity.getEmploymentInformation());
241             }
242 			if(ObjectUtils.isNotNull(origEntity.getAffiliations())) {
243                 kimEntity.setAffiliations(origEntity.getAffiliations());
244             }
245 			if(ObjectUtils.isNotNull(origEntity.getNames())) {
246                 kimEntity.setNames(origEntity.getNames());
247             }
248 			if(ObjectUtils.isNotNull(origEntity.getEntityTypeContactInfos())) {
249                 kimEntity.setEntityTypeContactInfos(origEntity.getEntityTypeContactInfos());
250             }
251 		}
252 		if(creatingNew || canOverrideEntityPrivacyPreferences(getInitiatorPrincipalId(identityManagementPersonDocument), identityManagementPersonDocument.getPrincipalId())) {
253 			setupPrivacy(identityManagementPersonDocument, kimEntity, origEntity.getPrivacyPreferences());
254 		} else {
255 			if(ObjectUtils.isNotNull(origEntity.getPrivacyPreferences())) {
256 				kimEntity.setPrivacyPreferences(origEntity.getPrivacyPreferences());
257 			}
258 		}
259 		// Save the kim entity changes here.
260         kimEntity = getDataObjectService().save(kimEntity);
261 
262 		// If person is being inactivated, do not bother populating roles, groups etc for this member since
263 		// none of this is reinstated on activation.
264 	    if ( !inactivatingPrincipal ) {
265 	        List <GroupMemberBo>  groupPrincipals = populateGroupMembers(identityManagementPersonDocument);
266 	        List <RoleMemberBo>  rolePrincipals = populateRoleMembers(identityManagementPersonDocument);
267 	        List <DelegateTypeBo> personDelegations = populateDelegations(identityManagementPersonDocument);
268 	        List <RoleResponsibilityActionBo> roleRspActions = populateRoleRspActions(identityManagementPersonDocument);
269 	        List <Object> bos = new ArrayList<Object>();
270 	        //if(ObjectUtils.isNotNull(kimEntity.getPrivacyPreferences()))
271 	        //	bos.add(kimEntity.getPrivacyPreferences());
272 	        bos.addAll(groupPrincipals);
273 	        bos.addAll(rolePrincipals);
274 	        bos.addAll(roleRspActions);
275 	        bos.addAll(personDelegations);
276 	        for ( Object bo : bos ) {
277 	            getDataObjectService().save(bo);
278 	        }
279 	        List <RoleMemberAttributeDataBo> blankRoleMemberAttrs = getBlankRoleMemberAttrs(rolePrincipals);
280 	        if (!blankRoleMemberAttrs.isEmpty()) {
281 	            for ( RoleMemberAttributeDataBo blankRoleMemberAttr : blankRoleMemberAttrs ) {
282 	                getDataObjectService().delete(blankRoleMemberAttr);
283 	            }
284 	        }
285 	    } else {
286 	        //when a person is inactivated, inactivate their group, role, and delegation memberships
287 	        KimImplServiceLocator.getRoleInternalService().principalInactivated(
288                     identityManagementPersonDocument.getPrincipalId());
289 	    }
290 	}
291 
292 	private String getInitiatorPrincipalId(Document document){
293 		try{
294 			return document.getDocumentHeader().getWorkflowDocument().getInitiatorPrincipalId();
295 		} catch(Exception ex){
296 			return null;
297 		}
298 	}
299 
300 	@Override
301     public Map<String,Object> getAttributeEntries( List<KimAttributeField> definitions ) {
302 		final Map<String,Object> attributeEntries = new HashMap<String,Object>();
303 		if (definitions != null) {
304 	        for (AttributeDefinition definition : DataDictionaryTypeServiceHelper.toKimAttributeDefinitions(definitions)) {
305 				final AttributesMapBuilder builder = new AttributesMapBuilder();
306                 final ExportMap map = builder.buildAttributeMap(definition, "");
307                 attributeEntries.put(definition.getName(),map.getExportData());
308 			}
309 		}
310         return attributeEntries;
311 	}
312 
313 
314 	/**
315 	 *
316 	 * @see org.kuali.rice.kim.service.UiDocumentService#loadEntityToPersonDoc(IdentityManagementPersonDocument, String)
317 	 */
318 	@Override
319     public void loadEntityToPersonDoc(IdentityManagementPersonDocument identityManagementPersonDocument, String principalId) {
320 		Principal principal = this.getIdentityService().getPrincipal(principalId);
321         Entity kimEntity = null;
322 
323         if(ObjectUtils.isNotNull(principal)) {
324             // If the principal is not null it was found in the identity management service
325             kimEntity = this.getIdentityService().getEntity(principal.getEntityId());
326         }
327 
328         if(ObjectUtils.isNull(principal) || ObjectUtils.isNull(kimEntity)) {
329             // If the principal or entity is null look up the entity in the
330             // archive service, and then get the principal from it
331             IdentityArchiveService identityArchive = getIdentityArchiveService();
332             EntityDefault entityInfo = identityArchive.getEntityDefaultFromArchiveByPrincipalId(principalId);
333             principal = entityInfo.getPrincipals().get(0);
334             Entity.Builder eb  = Entity.Builder.create();
335             eb.setId(entityInfo.getEntityId());
336             kimEntity = eb.build();
337 
338         }
339         if(kimEntity == null) {
340             throw new RuntimeException("Entity does not exist for principal id: " + principalId);
341         }
342         if(principal==null) {
343         	throw new RuntimeException("Principal does not exist for principal id:"+principalId);
344         }
345 
346         identityManagementPersonDocument.setPrincipalId(principal.getPrincipalId());
347         identityManagementPersonDocument.setPrincipalName(principal.getPrincipalName());
348         //identityManagementPersonDocument.setPassword(principal.getPassword());
349         identityManagementPersonDocument.setActive(principal.isActive());
350 		identityManagementPersonDocument.setEntityId(kimEntity.getId());
351 		if ( ObjectUtils.isNotNull( kimEntity.getPrivacyPreferences() ) ) {
352 			identityManagementPersonDocument.setPrivacy(loadPrivacyReferences(kimEntity.getPrivacyPreferences()));
353 		}
354 		//identityManagementPersonDocument.setActive(kimEntity.isActive());
355 		identityManagementPersonDocument.setAffiliations(loadAffiliations(kimEntity.getAffiliations(),kimEntity.getEmploymentInformation()));
356 		identityManagementPersonDocument.setNames(loadNames( identityManagementPersonDocument, principalId, kimEntity.getNames(), identityManagementPersonDocument.getPrivacy().isSuppressName() ));
357 		EntityTypeContactInfo entityType = null;
358 		for (EntityTypeContactInfo type : kimEntity.getEntityTypeContactInfos()) {
359 			if (KimConstants.EntityTypes.PERSON.equals(type.getEntityTypeCode())) {
360 				entityType = EntityTypeContactInfo.Builder.create(type).build();
361 			}
362 		}
363 
364 		if(entityType!=null){
365 			identityManagementPersonDocument.setEmails(loadEmails(identityManagementPersonDocument, principalId, entityType.getEmailAddresses(), identityManagementPersonDocument.getPrivacy().isSuppressEmail()));
366 			identityManagementPersonDocument.setPhones(loadPhones(identityManagementPersonDocument, principalId, entityType.getPhoneNumbers(), identityManagementPersonDocument.getPrivacy().isSuppressPhone()));
367 			identityManagementPersonDocument.setAddrs(loadAddresses(identityManagementPersonDocument, principalId, entityType.getAddresses(), identityManagementPersonDocument.getPrivacy().isSuppressAddress()));
368 		}
369 
370 		List<Group> groups = getGroupService().getGroups(getGroupService().getDirectGroupIdsByPrincipalId(
371                 identityManagementPersonDocument.getPrincipalId()));
372 		loadGroupToPersonDoc(identityManagementPersonDocument, groups);
373 		loadRoleToPersonDoc(identityManagementPersonDocument);
374 		loadDelegationsToPersonDoc(identityManagementPersonDocument);
375 	}
376 
377     public List<DelegateTypeBo> getPersonDelegations(String principalId){
378 		if(principalId==null) {
379 			return new ArrayList<DelegateTypeBo>();
380         }
381 		List<DelegateMemberBo> delegationMembers =
382         		getDataObjectService().findMatching(DelegateMemberBo.class, QueryByCriteria.Builder.fromPredicates(
383         		        PredicateFactory.equal(KimConstants.PrimaryKeyConstants.MEMBER_ID, principalId),
384         		        PredicateFactory.equal(KIMPropertyConstants.DelegationMember.MEMBER_TYPE_CODE, MemberType.PRINCIPAL.getCode()))).getResults();
385 		List<DelegateTypeBo> delegations = new ArrayList<DelegateTypeBo>();
386 		List<String> delegationIds = new ArrayList<String>();
387 		if(ObjectUtils.isNotNull(delegationMembers)){
388 			for(DelegateMemberBo delegationMember: delegationMembers){
389 				if( delegationMember.getDelegationId() != null && !delegationIds.contains(delegationMember.getDelegationId())){
390 					delegationIds.add(delegationMember.getDelegationId());
391 					delegations.add(getDataObjectService().find(DelegateTypeBo.class, delegationMember.getDelegationId()));
392 				}
393 			}
394 		}
395 		return delegations;
396 	}
397 
398 
399     protected void loadDelegationsToPersonDoc(IdentityManagementPersonDocument identityManagementPersonDocument){
400 		List<RoleDocumentDelegation> delList = new ArrayList<RoleDocumentDelegation>();
401 		RoleDocumentDelegation documentDelegation;
402 		List<DelegateTypeBo> origDelegations = getPersonDelegations(identityManagementPersonDocument.getPrincipalId());
403 		if(ObjectUtils.isNotNull(origDelegations)){
404 			for(DelegateTypeBo del: origDelegations){
405 				if(del.isActive()){
406 					documentDelegation = new RoleDocumentDelegation();
407 					documentDelegation.setActive(del.isActive());
408 					documentDelegation.setDelegationId(del.getDelegationId());
409 					documentDelegation.setDelegationTypeCode(del.getDelegationTypeCode());
410 					documentDelegation.setKimTypeId(del.getKimTypeId());
411 					documentDelegation.setMembers(
412 							loadDelegationMembers(identityManagementPersonDocument,
413 									del.getMembers(), (Role)getMember(MemberType.ROLE, del.getRoleId())));
414 					documentDelegation.setRoleId(del.getRoleId());
415 					documentDelegation.setEdit(true);
416 					delList.add(documentDelegation);
417 				}
418 			}
419 		}
420 		identityManagementPersonDocument.setDelegations(delList);
421 		setDelegationMembersInDocument(identityManagementPersonDocument);
422 	}
423 
424 	public void setDelegationMembersInDocument(IdentityManagementPersonDocument identityManagementPersonDocument){
425 		if(CollectionUtils.isNotEmpty(identityManagementPersonDocument.getDelegations())){
426 			for(RoleDocumentDelegation delegation: identityManagementPersonDocument.getDelegations()){
427 				if(CollectionUtils.isNotEmpty(delegation.getMembers())){
428 					for(RoleDocumentDelegationMember member: delegation.getMembers()){
429 						if (StringUtils.equals(member.getMemberId(), identityManagementPersonDocument.getPrincipalId()))
430 						{
431 						    member.setDelegationTypeCode(delegation.getDelegationTypeCode());
432 						    identityManagementPersonDocument.getDelegationMembers().add(member);
433 						}
434 					}
435 				}
436 			}
437 		}
438 	}
439 
440     protected List<RoleDocumentDelegationMember> loadDelegationMembers(
441     		IdentityManagementPersonDocument identityManagementPersonDocument, List<DelegateMemberBo> members, Role roleImpl){
442 		List<RoleDocumentDelegationMember> pndMembers = new ArrayList<RoleDocumentDelegationMember>();
443 		RoleDocumentDelegationMember pndMember;
444 		RoleMemberBo roleMember;
445 		if(ObjectUtils.isNotNull(members)){
446 			for(DelegateMemberBo member: members){
447 				pndMember = new RoleDocumentDelegationMember();
448 				pndMember.setActiveFromDate(member.getActiveFromDateValue());
449 				pndMember.setActiveToDate(member.getActiveToDateValue());
450 				pndMember.setActive(member.isActive( getDateTimeService().getCurrentTimestamp() ));
451 				pndMember.setRoleBo( RoleBo.from(roleImpl) );
452 				if(pndMember.isActive()){
453                     pndMember.setMemberId(member.getMemberId());
454                     pndMember.setDelegationMemberId(member.getDelegationMemberId());
455                     pndMember.setMemberTypeCode(member.getType().getCode());
456                     pndMember.setDelegationId(member.getDelegationId());
457                     pndMember.setVersionNumber(member.getVersionNumber());
458                     pndMember.setObjectId(member.getObjectId());
459 
460 					pndMember.setRoleMemberId(member.getRoleMemberId());
461 					roleMember = getRoleMemberForRoleMemberId(member.getRoleMemberId());
462 					if(roleMember!=null){
463 						pndMember.setRoleMemberName(getMemberName(roleMember.getType(), roleMember.getMemberId()));
464 						pndMember.setRoleMemberNamespaceCode(getMemberNamespaceCode(roleMember.getType(), roleMember.getMemberId()));
465 					}
466 					pndMember.setMemberNamespaceCode(getMemberNamespaceCode(member.getType(), member.getMemberId()));
467 					pndMember.setMemberName(getMemberName(member.getType(), member.getMemberId()));
468 					pndMember.setEdit(true);
469 					pndMember.setQualifiers(loadDelegationMemberQualifiers(identityManagementPersonDocument, pndMember.getAttributesHelper().getDefinitions(), member.getAttributeDetails()));
470 					pndMembers.add(pndMember);
471 				}
472 			}
473 		}
474 		return pndMembers;
475 	}
476 
477     protected List<RoleDocumentDelegationMemberQualifier> loadDelegationMemberQualifiers(IdentityManagementPersonDocument identityManagementPersonDocument,
478     		List<KimAttributeField> origAttributeDefinitions, List<DelegateMemberAttributeDataBo> attributeDataList){
479 		List<RoleDocumentDelegationMemberQualifier> pndMemberRoleQualifiers = new ArrayList<RoleDocumentDelegationMemberQualifier>();
480 		RoleDocumentDelegationMemberQualifier pndMemberRoleQualifier;
481 		boolean attributePresent = false;
482 		String origAttributeId;
483 		if(origAttributeDefinitions!=null){
484 			for(KimAttributeField key: origAttributeDefinitions) {
485 				origAttributeId = identityManagementPersonDocument.getKimAttributeDefnId(key);
486 				if(ObjectUtils.isNotNull(attributeDataList)){
487 					for(DelegateMemberAttributeDataBo memberRoleQualifier: attributeDataList){
488 						if(StringUtils.equals(origAttributeId, memberRoleQualifier.getKimAttribute().getId())){
489 							pndMemberRoleQualifier = new RoleDocumentDelegationMemberQualifier();
490 							pndMemberRoleQualifier.setAttrDataId(memberRoleQualifier.getId());
491 							pndMemberRoleQualifier.setAttrVal(memberRoleQualifier.getAttributeValue());
492 							pndMemberRoleQualifier.setDelegationMemberId(memberRoleQualifier.getAssignedToId());
493 							pndMemberRoleQualifier.setKimTypId(memberRoleQualifier.getKimTypeId());
494 							pndMemberRoleQualifier.setKimAttrDefnId(memberRoleQualifier.getKimAttributeId());
495 							pndMemberRoleQualifier.setKimAttribute(memberRoleQualifier.getKimAttribute());
496 							pndMemberRoleQualifiers.add(pndMemberRoleQualifier);
497 							attributePresent = true;
498 						}
499 					}
500 				}
501 				if(!attributePresent){
502 					pndMemberRoleQualifier = new RoleDocumentDelegationMemberQualifier();
503 					pndMemberRoleQualifier.setKimAttrDefnId(origAttributeId);
504 					pndMemberRoleQualifiers.add(pndMemberRoleQualifier);
505 				}
506 				attributePresent = false;
507 			}
508 		}
509 		return pndMemberRoleQualifiers;
510 	}
511 
512 	/**
513 	 *
514      * This method loads related group data to pending person document when user initiates the 'edit' or 'inquiry'.
515      *
516 	 * @param identityManagementPersonDocument
517 	 * @param groups
518 	 */
519     protected void loadGroupToPersonDoc(IdentityManagementPersonDocument identityManagementPersonDocument, List<? extends Group> groups) {
520         List <PersonDocumentGroup> docGroups = new ArrayList <PersonDocumentGroup>();
521         if(ObjectUtils.isNotNull(groups)){
522             for (Group group: groups) {
523                 if (getGroupService().isDirectMemberOfGroup(identityManagementPersonDocument.getPrincipalId(), group.getId())) {
524                     PersonDocumentGroup docGroup = new PersonDocumentGroup();
525                     docGroup.setGroupId(group.getId());
526                     docGroup.setGroupName(group.getName());
527                     docGroup.setNamespaceCode(group.getNamespaceCode());
528                     docGroup.setPrincipalId(identityManagementPersonDocument.getPrincipalId());
529                     Collection<GroupMember> groupMemberships = null;
530                     groupMemberships = getGroupService().getMembersOfGroup(group.getId());
531 
532                     if(ObjectUtils.isNotNull(groupMemberships)){
533                         for (GroupMember groupMember: groupMemberships) {
534                             if (StringUtils.equals(groupMember.getMemberId(), identityManagementPersonDocument.getPrincipalId()) &&
535                                     KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE.equals(groupMember.getType())) {
536                                 docGroup.setGroupMemberId(groupMember.getId());
537                                 if (groupMember.getActiveFromDate() != null) {
538                                     docGroup.setActiveFromDate(groupMember.getActiveFromDate() == null ? null : new Timestamp(groupMember.getActiveFromDate().getMillis()));
539                                 }
540                                 if (groupMember.getActiveToDate() != null) {
541                                     docGroup.setActiveToDate(groupMember.getActiveToDate() == null ? null : new Timestamp(groupMember.getActiveToDate().getMillis()));
542                                 }
543                                 continue;
544                             }
545                         }
546                     }
547                     docGroup.setKimTypeId(group.getKimTypeId());
548                     docGroup.setEdit(true);
549                     docGroups.add(docGroup);
550                 }
551             }
552         }
553         Collections.sort(docGroups, new Comparator<PersonDocumentGroup>() {
554             @Override
555             public int compare(PersonDocumentGroup o1, PersonDocumentGroup o2) {
556                 return o1.getGroupId().compareTo(o2.getGroupId());
557             }
558         });
559         identityManagementPersonDocument.setGroups(docGroups);
560     }
561 
562 	/**
563 	 * Used to populate the {@link PersonDocumentRole} objects for a {@link IdentityManagementPersonDocument}
564 	 *
565 	 * @param identityManagementPersonDocument {@link IdentityManagementPersonDocument}
566 	 */
567     protected void loadRoleToPersonDoc(IdentityManagementPersonDocument identityManagementPersonDocument) {
568         List <PersonDocumentRole> docRoles = new ArrayList <PersonDocumentRole>();
569         // a list for Id's of the roles added to docRoles
570         List<String> roleIds = new ArrayList<String>();
571 
572         // get the membership objects for the PrincipalId
573         List<RoleMemberBo> roleMembers = getRoleMembersForPrincipal(identityManagementPersonDocument.getPrincipalId());
574 
575         // if the PrincipalId is a member of any roles, add those roles to docRoles
576         if(ObjectUtils.isNotNull(roleMembers)){
577             // for each membership get the role and add it, if not already added
578             for (RoleMemberBo member : roleMembers) {
579 				if(member.isActive() && !roleIds.contains(member.getRoleId())) {
580 					loadDocRoles(docRoles, roleIds, member, roleMembers);
581 				}
582             }
583         }
584 
585         // complete the attributes for each role being being returned
586         for (PersonDocumentRole role : docRoles) {
587             role.setDefinitions(getAttributeDefinitionsForRole(role));
588 
589             KimDocumentRoleMember newRolePrncpl = new KimDocumentRoleMember();
590             newRolePrncpl.setMemberTypeCode(MemberType.PRINCIPAL.getCode());
591             newRolePrncpl.setMemberId(identityManagementPersonDocument.getPrincipalId());
592             role.setNewRolePrncpl(newRolePrncpl);
593 
594             if(role.getDefinitions()!=null){
595                 for (KimAttributeField key : role.getDefinitions()) {
596                     KimDocumentRoleQualifier qualifier = new KimDocumentRoleQualifier();
597                     setAttrDefnIdForQualifier(qualifier,key);
598                     role.getNewRolePrncpl().getQualifiers().add(qualifier);
599                 }
600             }
601 
602             // load the role's ResponsibilityActions
603             loadRoleRstAction(role);
604 
605             role.setAttributeEntry( getAttributeEntries( role.getDefinitions() ) );
606         }
607 
608         // add the PersonDocumentRoles to the IdentityManagementPersonDocument
609         identityManagementPersonDocument.setRoles(docRoles);
610     }
611 
612     /**
613      * Selects a {@link RoleBoLite} for passed {@link RoleMemberBo} and adds to List of {@link PersonDocumentRole} objects
614      *
615      * @param docRoles a list of {@link PersonDocumentRole} roles
616      * @param roleIds a list of the Ids of the Roles already added
617      * @param member a {@link RoleMemberBo} of a {@link RoleBoLite}
618 	 * @param roleMembers a list of {@link RoleMemberBo} membership objects for the PrincipalId
619      */
620     private void loadDocRoles(List <PersonDocumentRole> docRoles, List<String> roleIds,  RoleMemberBo member, List<RoleMemberBo> roleMembers) {
621 
622         // get the RoleBoLite object by it's Id from a role membership object
623         RoleBoLite role =  getDataObjectService().find(RoleBoLite.class, member.getRoleId());
624 
625 		// create list of RoleMemberBo's for the same role
626 		List<RoleMemberBo> matchingMembers = new ArrayList<RoleMemberBo>();
627 		for (RoleMemberBo tempMember : roleMembers) {
628 			if (tempMember.getRoleId().equals(member.getRoleId())){
629 				matchingMembers.add(tempMember);
630 			}
631 		}
632 
633         // if not already found add role to docRoles
634         if (ObjectUtils.isNotNull(role) && !roleIds.contains(role.getId())) {
635             PersonDocumentRole docRole = new PersonDocumentRole();
636             docRole.setKimTypeId(role.getKimTypeId());
637             docRole.setActive(role.isActive());
638             docRole.setNamespaceCode(role.getNamespaceCode());
639             docRole.setEdit(true);
640             docRole.setRoleId(role.getId());
641             docRole.setRoleName(role.getName());
642 			docRole.setRolePrncpls(populateDocRolePrncpl(role.getNamespaceCode(), matchingMembers, member.getMemberId(), getAttributeDefinitionsForRole(docRole)));
643             docRoles.add(docRole);
644             roleIds.add(role.getId());
645         }
646     }
647 
648 	protected List<KimAttributeField> getAttributeDefinitionsForRole(PersonDocumentRole role) {
649     	KimTypeService kimTypeService = KimFrameworkServiceLocator.getKimTypeService(KimTypeBo.to(
650                 role.getKimRoleType()));
651     	//it is possible that the the kimTypeService is coming from a remote application
652         // and therefore it can't be guarenteed that it is up and working, so using a try/catch to catch this possibility.
653         try {
654         	if ( kimTypeService != null ) {
655         		return kimTypeService.getAttributeDefinitions(role.getKimTypeId());
656         	}
657         } catch (Exception ex) {
658             LOG.warn("Not able to retrieve KimTypeService from remote system for KIM Role Type: " + role.getKimRoleType(), ex);
659         }
660     	return Collections.emptyList();
661 	}
662 
663 	protected void loadRoleRstAction(PersonDocumentRole role) {
664 		if(role!=null && CollectionUtils.isNotEmpty(role.getRolePrncpls())){
665 			for (KimDocumentRoleMember roleMbr : role.getRolePrncpls()) {
666 				List<RoleResponsibilityActionBo> actions = getRoleRspActions( roleMbr.getRoleMemberId());
667 				if(ObjectUtils.isNotNull(actions)){
668 					for (RoleResponsibilityActionBo entRoleRspAction :actions) {
669 						KimDocumentRoleResponsibilityAction roleRspAction = new KimDocumentRoleResponsibilityAction();
670 						roleRspAction.setRoleResponsibilityActionId(entRoleRspAction.getId());
671                         roleRspAction.setRoleResponsibilityId(entRoleRspAction.getRoleResponsibilityId());
672 						roleRspAction.setActionTypeCode(entRoleRspAction.getActionTypeCode());
673 						roleRspAction.setActionPolicyCode(entRoleRspAction.getActionPolicyCode());
674 						roleRspAction.setPriorityNumber(entRoleRspAction.getPriorityNumber());
675 						roleRspAction.setRoleResponsibilityActionId(entRoleRspAction.getId());
676 						KradDataServiceLocator.getDataObjectService().wrap(roleRspAction).fetchRelationship("roleResponsibility");
677 						roleMbr.getRoleRspActions().add(roleRspAction);
678 					}
679 				}
680 			}
681 		}
682 	}
683 
684 	protected void setAttrDefnIdForQualifier(KimDocumentRoleQualifier qualifier, KimAttributeField definition) {
685     	qualifier.setKimAttrDefnId(getAttributeDefnId(definition));
686     	KradDataServiceLocator.getDataObjectService().wrap(qualifier).fetchRelationship("kimAttribute");
687     }
688 
689 	protected String getAttributeDefnId(KimAttributeField definition) {
690     	return definition.getId();
691     }
692 
693 	@Override
694     public List<EntityEmployment> getEntityEmploymentInformationInfo(String entityId) {
695         EntityBo entityImpl = getEntityBo(entityId);
696         List<EntityEmployment> empInfos = new ArrayList<EntityEmployment>();
697         if(entityImpl != null && CollectionUtils.isNotEmpty(entityImpl.getEmploymentInformation())){
698         	for(EntityEmploymentBo empImpl: entityImpl.getEmploymentInformation()){
699             	empInfos.add(EntityEmploymentBo.to(empImpl));
700         	}
701         }
702         return empInfos;
703 	}
704 
705 	private EntityBo getEntityBo(String entityId) {
706 		return getDataObjectService().find(EntityBo.class, entityId);
707 	}
708 
709     protected List<RoleBo> getRolesForPrincipal(String principalId) {
710 		if ( principalId == null ) {
711 			return new ArrayList<RoleBo>();
712 		}
713         return getDataObjectService().findMatching(RoleBo.class, QueryByCriteria.Builder.fromPredicates(
714                 PredicateFactory.equal("members." + KimConstants.PrimaryKeyConstants.MEMBER_ID, principalId),
715                 PredicateFactory.equal("members." + KIMPropertyConstants.DelegationMember.MEMBER_TYPE_CODE, MemberType.PRINCIPAL.getCode()))).getResults();
716 	}
717 
718 	protected List<RoleMemberBo> getRoleMembersForPrincipal(String principalId) {
719 		if ( principalId == null ) {
720 			return new ArrayList<RoleMemberBo>();
721 		}
722         return getDataObjectService().findMatching(RoleMemberBo.class, QueryByCriteria.Builder.fromPredicates(
723                 PredicateFactory.equal(KimConstants.PrimaryKeyConstants.MEMBER_ID, principalId),
724                 PredicateFactory.equal(KIMPropertyConstants.DelegationMember.MEMBER_TYPE_CODE, MemberType.PRINCIPAL.getCode()))).getResults();
725 	}
726 
727 	@Override
728     public RoleMemberBo getRoleMember(String id) {
729 		if ( id == null ) {
730 			return null;
731 		}
732 		return getDataObjectService().find(RoleMemberBo.class, id);
733 	}
734 
735     protected List<RoleResponsibilityActionBo> getRoleRspActions(String roleMemberId) {
736 		return getDataObjectService().findMatching(RoleResponsibilityActionBo.class,
737 		        QueryByCriteria.Builder.forAttribute(KIMPropertyConstants.RoleMember.ROLE_MEMBER_ID, roleMemberId).build()).getResults();
738 	}
739 
740     protected List<KimDocumentRoleMember> populateDocRolePrncpl(String namespaceCode, List <RoleMemberBo> roleMembers, String principalId, List<KimAttributeField> definitions) {
741 		List <KimDocumentRoleMember> docRoleMembers = new ArrayList <KimDocumentRoleMember>();
742 		if(ObjectUtils.isNotNull(roleMembers)){
743 	    	for (RoleMemberBo rolePrincipal : roleMembers) {
744 	    		if (rolePrincipal.isActive(getDateTimeService().getCurrentTimestamp()) && MemberType.PRINCIPAL.equals(
745                         rolePrincipal.getType()) &&
746 	    				StringUtils.equals(rolePrincipal.getMemberId(), principalId)) {
747 	        		KimDocumentRoleMember docRolePrncpl = new KimDocumentRoleMember();
748 	        		docRolePrncpl.setMemberId(rolePrincipal.getMemberId());
749 	        		docRolePrncpl.setRoleMemberId(rolePrincipal.getId());
750 	        		docRolePrncpl.setActive(rolePrincipal.isActive(getDateTimeService().getCurrentTimestamp()));
751 	        		docRolePrncpl.setRoleId(rolePrincipal.getRoleId());
752 	        		docRolePrncpl.setActiveFromDate(rolePrincipal.getActiveFromDateValue());
753 	        		docRolePrncpl.setActiveToDate(rolePrincipal.getActiveToDateValue());
754 	         		docRolePrncpl.setQualifiers(populateDocRoleQualifier(namespaceCode, rolePrincipal.getAttributeDetails(), definitions));
755 	         		docRolePrncpl.setEdit(true);
756 	        		docRoleMembers.add(docRolePrncpl);
757 	    		 }
758 	    	}
759 		}
760     	return docRoleMembers;
761     }
762 
763     // UI layout for rolequalifier is a little different from kimroleattribute set up.
764     // each principal may have member with same role multiple times with different qualifier, but the role
765     // only displayed once, and the qualifier displayed multiple times.
766     protected List<KimDocumentRoleQualifier> populateDocRoleQualifier(String namespaceCode, List <RoleMemberAttributeDataBo> qualifiers, List<KimAttributeField> definitions) {
767 
768 		List <KimDocumentRoleQualifier> docRoleQualifiers = new ArrayList <KimDocumentRoleQualifier>();
769 		if(definitions!=null){
770 			for (KimAttributeField definition : definitions) {
771 				String attrDefId=definition.getId();
772 				boolean qualifierFound = false;
773 				if(ObjectUtils.isNotNull(qualifiers)){
774 					for (RoleMemberAttributeDataBo qualifier : qualifiers) {
775 						if (attrDefId!=null && StringUtils.equals(attrDefId, qualifier.getKimAttributeId())) {
776 				    		KimDocumentRoleQualifier docRoleQualifier = new KimDocumentRoleQualifier();
777 				    		docRoleQualifier.setAttrDataId(qualifier.getId());
778 				    		docRoleQualifier.setAttrVal(qualifier.getAttributeValue());
779 				    		docRoleQualifier.setKimAttrDefnId(qualifier.getKimAttributeId());
780 				    		docRoleQualifier.setKimAttribute(qualifier.getKimAttribute());
781 				    		docRoleQualifier.setKimTypId(qualifier.getKimTypeId());
782 				    		docRoleQualifier.setRoleMemberId(qualifier.getAssignedToId());
783 				    		docRoleQualifier.setEdit(true);
784 				    		formatAttrValIfNecessary(docRoleQualifier);
785 				    		docRoleQualifiers.add(docRoleQualifier);
786 				    		qualifierFound = true;
787 				    		break;
788 						}
789 					}
790 				}
791 				if (!qualifierFound) {
792 		    		KimDocumentRoleQualifier docRoleQualifier = new KimDocumentRoleQualifier();
793 		    		docRoleQualifier.setAttrVal("");
794 		    		docRoleQualifier.setKimAttrDefnId(attrDefId);
795 		    		KradDataServiceLocator.getDataObjectService().wrap(docRoleQualifier).fetchRelationship("kimAttribute");
796 		    		docRoleQualifiers.add(docRoleQualifier);
797 				}
798 			}
799 			// If all of the qualifiers are empty, return an empty list
800 			// This is to prevent dynamic qualifiers from appearing in the
801 			// person maintenance roles tab.  see KULRICE-3989 for more detail
802 			// and KULRICE-5071 for detail on switching from config value to
803 			// application-scoped parameter
804 			if (!isBlankRoleQualifierVisible(namespaceCode)) {
805 				int qualCount = 0;
806 				for (KimDocumentRoleQualifier qual : docRoleQualifiers){
807 					if (StringUtils.isEmpty(qual.getAttrVal())){
808 						qualCount++;
809 					}
810 				}
811 				if (qualCount == docRoleQualifiers.size()){
812 					return new ArrayList <KimDocumentRoleQualifier>();
813 				}
814 			}
815 		}
816     	return docRoleQualifiers;
817     }
818 
819     protected List<PersonDocumentName> loadNames( IdentityManagementPersonDocument personDoc, String principalId, List <EntityName> names, boolean suppressDisplay ) {
820 		List<PersonDocumentName> docNames = new ArrayList<PersonDocumentName>();
821 		if(ObjectUtils.isNotNull(names)){
822 			for (EntityName name: names) {
823 				if(name.isActive()){
824 					PersonDocumentName docName = new PersonDocumentName();
825                     if (name.getNameType() != null) {
826 					    docName.setNameCode(name.getNameType().getCode());
827                     }
828 
829 					//We do not need to check the privacy setting here - The UI should care of it
830 					docName.setFirstName(name.getFirstNameUnmasked());
831 					docName.setLastName(name.getLastNameUnmasked());
832 					docName.setMiddleName(name.getMiddleNameUnmasked());
833 					docName.setNamePrefix(name.getNamePrefixUnmasked());
834 					docName.setNameSuffix(name.getNameSuffixUnmasked());
835 
836 					docName.setActive(name.isActive());
837 					docName.setDflt(name.isDefaultValue());
838 					docName.setEdit(true);
839 					docName.setEntityNameId(name.getId());
840 					docNames.add(docName);
841 				}
842 			}
843 		}
844 		return docNames;
845 	}
846 
847 	@Override
848     public boolean canModifyEntity( String currentUserPrincipalId, String toModifyPrincipalId ){
849 		return (StringUtils.isNotBlank(currentUserPrincipalId) && StringUtils.isNotBlank(toModifyPrincipalId) &&
850 				currentUserPrincipalId.equals(toModifyPrincipalId)) ||
851 				getPermissionService().isAuthorized(
852 						currentUserPrincipalId,
853 						KimConstants.NAMESPACE_CODE,
854 						KimConstants.PermissionNames.MODIFY_ENTITY,
855 						Collections.singletonMap(KimConstants.AttributeConstants.PRINCIPAL_ID, currentUserPrincipalId));
856 	}
857 
858 	@Override
859     public boolean canOverrideEntityPrivacyPreferences( String currentUserPrincipalId, String toModifyPrincipalId ){
860 		return (StringUtils.isNotBlank(currentUserPrincipalId) && StringUtils.isNotBlank(toModifyPrincipalId) &&
861 				currentUserPrincipalId.equals(toModifyPrincipalId)) ||
862 				getPermissionService().isAuthorized(
863 						currentUserPrincipalId,
864 						KimConstants.NAMESPACE_CODE,
865 						KimConstants.PermissionNames.OVERRIDE_ENTITY_PRIVACY_PREFERENCES,
866 						Collections.singletonMap(KimConstants.AttributeConstants.PRINCIPAL_ID, currentUserPrincipalId) );
867 	}
868 
869 	protected boolean canAssignToRole(IdentityManagementRoleDocument document, String initiatorPrincipalId){
870         boolean rulePassed = true;
871         Map<String,String> additionalPermissionDetails = new HashMap<String,String>();
872         additionalPermissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, document.getRoleNamespace());
873         additionalPermissionDetails.put(KimConstants.AttributeConstants.ROLE_NAME, document.getRoleName());
874 		if(!getDocumentHelperService().getDocumentAuthorizer(document).isAuthorizedByTemplate(
875 				document, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.ASSIGN_ROLE,
876 				initiatorPrincipalId, additionalPermissionDetails, null)){
877             rulePassed = false;
878 		}
879 		return rulePassed;
880 	}
881 
882 	protected List<PersonDocumentAffiliation> loadAffiliations(List <EntityAffiliation> affiliations, List<EntityEmployment> empInfos) {
883 		List<PersonDocumentAffiliation> docAffiliations = new ArrayList<PersonDocumentAffiliation>();
884 		if(ObjectUtils.isNotNull(affiliations)){
885 			for (EntityAffiliation affiliation: affiliations) {
886 				if(affiliation.isActive()){
887 					PersonDocumentAffiliation docAffiliation = new PersonDocumentAffiliation();
888 					docAffiliation.setAffiliationTypeCode(affiliation.getAffiliationType().getCode());
889 					docAffiliation.setCampusCode(affiliation.getCampusCode());
890 					docAffiliation.setActive(affiliation.isActive());
891 					docAffiliation.setDflt(affiliation.isDefaultValue());
892 					docAffiliation.setEntityAffiliationId(affiliation.getId());
893 					KradDataServiceLocator.getDataObjectService().wrap(docAffiliation).fetchRelationship("affiliationType");
894 					// EntityAffiliationImpl does not define empinfos as collection
895 					docAffiliations.add(docAffiliation);
896 					docAffiliation.setEdit(true);
897 					// employment informations
898 					List<PersonDocumentEmploymentInfo> docEmploymentInformations = new ArrayList<PersonDocumentEmploymentInfo>();
899 					if(ObjectUtils.isNotNull(empInfos)){
900 						for (EntityEmployment empInfo: empInfos) {
901 							if (empInfo.isActive()
902                                     && StringUtils.equals(docAffiliation.getEntityAffiliationId(),
903                                                           (empInfo.getEntityAffiliation() != null ? empInfo.getEntityAffiliation().getId() : null))) {
904 								PersonDocumentEmploymentInfo docEmpInfo = new PersonDocumentEmploymentInfo();
905 								docEmpInfo.setEntityEmploymentId(empInfo.getId());
906 								docEmpInfo.setEmployeeId(empInfo.getEmployeeId());
907 								docEmpInfo.setEmploymentRecordId(empInfo.getEmploymentRecordId());
908 								docEmpInfo.setBaseSalaryAmount(empInfo.getBaseSalaryAmount());
909 								docEmpInfo.setPrimaryDepartmentCode(empInfo.getPrimaryDepartmentCode());
910 								docEmpInfo.setEmploymentStatusCode(empInfo.getEmployeeStatus() != null ? empInfo.getEmployeeStatus().getCode() : null);
911 								docEmpInfo.setEmploymentTypeCode(empInfo.getEmployeeType() != null ? empInfo.getEmployeeType().getCode() : null);
912 								docEmpInfo.setActive(empInfo.isActive());
913 								docEmpInfo.setPrimary(empInfo.isPrimary());
914 								docEmpInfo.setEntityAffiliationId(empInfo.getEntityAffiliation() != null ? empInfo.getEntityAffiliation().getId() : null);
915 								// there is no version number on KimEntityEmploymentInformationInfo
916 								//docEmpInfo.setVersionNumber(empInfo.getVersionNumber());
917 								docEmpInfo.setEdit(true);
918 								KradDataServiceLocator.getDataObjectService().wrap(docEmpInfo).fetchRelationship("employmentType");
919 								docEmploymentInformations.add(docEmpInfo);
920 							}
921 						}
922 					}
923 					docAffiliation.setEmpInfos(docEmploymentInformations);
924 				}
925 			}
926 		}
927 		return docAffiliations;
928 
929 	}
930 
931     protected boolean setupPrincipal(IdentityManagementPersonDocument identityManagementPersonDocument, EntityBo kimEntity, List<PrincipalBo> origPrincipals) {
932     	boolean inactivatingPrincipal = false;
933 		List<PrincipalBo> principals = new ArrayList<PrincipalBo>();
934 		PrincipalBo principal = new PrincipalBo();
935         principal.setPrincipalName(identityManagementPersonDocument.getPrincipalName());
936 		principal.setPrincipalId(identityManagementPersonDocument.getPrincipalId());
937 		principal.setActive(identityManagementPersonDocument.isActive());
938 		principal.setEntityId(identityManagementPersonDocument.getEntityId());
939 		if(ObjectUtils.isNotNull(origPrincipals)){
940 			for (PrincipalBo prncpl : origPrincipals) {
941 				if (prncpl.getPrincipalId()!=null && StringUtils.equals(prncpl.getPrincipalId(), principal.getPrincipalId())) {
942 					principal.setVersionNumber(prncpl.getVersionNumber());
943                     principal.setObjectId(prncpl.getObjectId());
944                     principal.setPassword(prncpl.getPassword());
945 					// check if inactivating the principal
946 					if ( prncpl.isActive() && !principal.isActive() ) {
947 						inactivatingPrincipal = true;
948 					}
949 				}
950 			}
951 		}
952 		principals.add(principal);
953 
954 		kimEntity.setPrincipals(principals);
955 		return inactivatingPrincipal;
956 	}
957 
958     protected void setupPrivacy(IdentityManagementPersonDocument identityManagementPersonDocument, EntityBo kimEntity, EntityPrivacyPreferencesBo origPrivacy) {
959 		EntityPrivacyPreferencesBo privacyPreferences = new EntityPrivacyPreferencesBo();
960 		privacyPreferences.setEntityId(identityManagementPersonDocument.getEntityId());
961 		privacyPreferences.setSuppressAddress(identityManagementPersonDocument.getPrivacy().isSuppressAddress());
962 		privacyPreferences.setSuppressEmail(identityManagementPersonDocument.getPrivacy().isSuppressEmail());
963 		privacyPreferences.setSuppressName(identityManagementPersonDocument.getPrivacy().isSuppressName());
964 		privacyPreferences.setSuppressPhone(identityManagementPersonDocument.getPrivacy().isSuppressPhone());
965 		privacyPreferences.setSuppressPersonal(identityManagementPersonDocument.getPrivacy().isSuppressPersonal());
966 		if (ObjectUtils.isNotNull(origPrivacy)) {
967 			privacyPreferences.setVersionNumber(origPrivacy.getVersionNumber());
968             privacyPreferences.setObjectId(origPrivacy.getObjectId());
969 		}
970 		kimEntity.setPrivacyPreferences(privacyPreferences);
971 	}
972     protected PersonDocumentPrivacy loadPrivacyReferences(EntityPrivacyPreferences privacyPreferences) {
973 		PersonDocumentPrivacy docPrivacy = new PersonDocumentPrivacy();
974 		docPrivacy.setSuppressAddress(privacyPreferences.isSuppressAddress());
975 		docPrivacy.setSuppressEmail(privacyPreferences.isSuppressEmail());
976 		docPrivacy.setSuppressName(privacyPreferences.isSuppressName());
977 		docPrivacy.setSuppressPhone(privacyPreferences.isSuppressPhone());
978 		docPrivacy.setSuppressPersonal(privacyPreferences.isSuppressPersonal());
979 		docPrivacy.setEdit(true);
980 		return docPrivacy;
981 	}
982 
983     protected void setupName(IdentityManagementPersonDocument identityManagementPersonDocument, EntityBo kimEntity, List<EntityNameBo> origNames) {
984     	if ( !identityManagementPersonDocument.getPrivacy().isSuppressName() ||
985     			canOverrideEntityPrivacyPreferences( getInitiatorPrincipalId(identityManagementPersonDocument), identityManagementPersonDocument.getPrincipalId() ) ) {
986 	    	List<EntityNameBo> entityNames = new ArrayList<EntityNameBo>();
987 			if(CollectionUtils.isNotEmpty(identityManagementPersonDocument.getNames())){
988 				for (PersonDocumentName name : identityManagementPersonDocument.getNames()) {
989 				    EntityNameBo entityName = new EntityNameBo();
990 					entityName.setNameCode(name.getNameCode());
991                     if (name.getEntityNameType() != null) {
992                         entityName.setNameType(name.getEntityNameType());
993                     } else {
994                         if (StringUtils.isNotEmpty(name.getNameCode())) {
995                             entityName.setNameType(
996                                     EntityNameTypeBo.from(getIdentityService().getNameType(name.getNameCode())));
997                         }
998                     }
999 					entityName.setFirstName(name.getFirstName());
1000 					entityName.setLastName(name.getLastName());
1001 					entityName.setMiddleName(name.getMiddleName());
1002 					entityName.setNamePrefix(name.getNamePrefix());
1003 					entityName.setNameSuffix(name.getNameSuffix());
1004 					entityName.setActive(name.isActive());
1005 					entityName.setDefaultValue(name.isDflt());
1006 					entityName.setId(name.getEntityNameId());
1007 					entityName.setEntityId(identityManagementPersonDocument.getEntityId());
1008 					if(ObjectUtils.isNotNull(origNames)){
1009 						for (EntityNameBo origName : origNames) {
1010 							if (origName.getId()!=null && StringUtils.equals(origName.getId(), entityName.getId())) {
1011 								entityName.setVersionNumber(origName.getVersionNumber());
1012 							}
1013 
1014 						}
1015 					}
1016 					entityNames.add(entityName);
1017 				}
1018 			}
1019 			kimEntity.setNames(entityNames);
1020     	}
1021 	}
1022 
1023     protected void setupAffiliation(IdentityManagementPersonDocument identityManagementPersonDocument, EntityBo kimEntity,List<EntityAffiliationBo> origAffiliations, List<EntityEmploymentBo> origEmpInfos) {
1024 		List<EntityAffiliationBo> entityAffiliations = new ArrayList<EntityAffiliationBo>();
1025 		// employment informations
1026 		List<EntityEmploymentBo> entityEmploymentInformations = new ArrayList<EntityEmploymentBo>();
1027 		if(CollectionUtils.isNotEmpty(identityManagementPersonDocument.getAffiliations())){
1028 			for (PersonDocumentAffiliation affiliation : identityManagementPersonDocument.getAffiliations()) {
1029 				EntityAffiliationBo entityAffiliation = new EntityAffiliationBo();
1030 				entityAffiliation.setAffiliationTypeCode(affiliation.getAffiliationTypeCode());
1031                 if (affiliation.getAffiliationType() != null) {
1032                         entityAffiliation.setAffiliationType(affiliation.getAffiliationType());
1033                 } else {
1034                     if (StringUtils.isNotEmpty(affiliation.getAffiliationTypeCode())) {
1035                         entityAffiliation.setAffiliationType(EntityAffiliationTypeBo.from(getIdentityService().getAffiliationType(
1036                                 affiliation.getAffiliationTypeCode())));
1037                     }
1038                 }
1039 				entityAffiliation.setCampusCode(affiliation.getCampusCode());
1040 				entityAffiliation.setActive(affiliation.isActive());
1041 				entityAffiliation.setDefaultValue(affiliation.isDflt());
1042 				entityAffiliation.setEntityId(identityManagementPersonDocument.getEntityId());
1043 				entityAffiliation.setId(affiliation.getEntityAffiliationId());
1044 				if(ObjectUtils.isNotNull(origAffiliations)){
1045 				// EntityAffiliationImpl does not define empinfos as collection
1046 					for (EntityAffiliationBo origAffiliation : origAffiliations) {
1047 						if(isSameAffiliation(origAffiliation, entityAffiliation)){
1048 							entityAffiliation.setId(origAffiliation.getId());
1049 						}
1050 						if (origAffiliation.getId()!=null && StringUtils.equals(origAffiliation.getId(), entityAffiliation.getId())) {
1051 							entityAffiliation.setVersionNumber(origAffiliation.getVersionNumber());
1052 						}
1053 					}
1054 				}
1055 				entityAffiliations.add(entityAffiliation);
1056 				int employeeRecordCounter = origEmpInfos==null?0:origEmpInfos.size();
1057 				if(CollectionUtils.isNotEmpty(affiliation.getEmpInfos())){
1058 					for (PersonDocumentEmploymentInfo empInfo : affiliation.getEmpInfos()) {
1059 						EntityEmploymentBo entityEmpInfo = new EntityEmploymentBo();
1060 						entityEmpInfo.setId(empInfo.getEntityEmploymentId());
1061 						entityEmpInfo.setEmployeeId(empInfo.getEmployeeId());
1062 						entityEmpInfo.setEmploymentRecordId(empInfo.getEmploymentRecordId());
1063 						entityEmpInfo.setBaseSalaryAmount(empInfo.getBaseSalaryAmount());
1064 						entityEmpInfo.setPrimaryDepartmentCode(empInfo.getPrimaryDepartmentCode());
1065 						entityEmpInfo.setEmployeeStatusCode(empInfo.getEmploymentStatusCode());
1066                         if (empInfo.getEmploymentStatus() != null) {
1067                             entityEmpInfo.setEmployeeStatus(empInfo.getEmploymentStatus());
1068                         } else {
1069                             if (StringUtils.isNotEmpty(empInfo.getEmploymentStatusCode())) {
1070                                 entityEmpInfo.setEmployeeStatus(EntityEmploymentStatusBo
1071                                         .from(getIdentityService().getEmploymentStatus(empInfo.getEmploymentStatusCode())));
1072                             }
1073                         }
1074 						entityEmpInfo.setEmployeeTypeCode(empInfo.getEmploymentTypeCode());
1075                         if (empInfo.getEmploymentType() != null) {
1076                             entityEmpInfo.setEmployeeType(empInfo.getEmploymentType());
1077                         } else {
1078                             if (StringUtils.isNotEmpty(empInfo.getEmploymentTypeCode())) {
1079                                 entityEmpInfo.setEmployeeType(EntityEmploymentTypeBo
1080                                         .from(getIdentityService().getEmploymentType(empInfo.getEmploymentTypeCode())));
1081                             }
1082                         }
1083 						entityEmpInfo.setActive(empInfo.isActive());
1084 						entityEmpInfo.setPrimary(empInfo.isPrimary());
1085 						entityEmpInfo.setEntityId(identityManagementPersonDocument.getEntityId());
1086 						entityEmpInfo.setEntityAffiliationId(empInfo.getEntityAffiliationId());
1087 						if(ObjectUtils.isNotNull(origEmpInfos)){
1088 							for (EntityEmploymentBo origEmpInfo : origEmpInfos) {
1089 								if(isSameEmpInfo(origEmpInfo, entityEmpInfo)){
1090 									entityEmpInfo.setId(origEmpInfo.getId());
1091 								}
1092 
1093 								if (origEmpInfo.getId()!=null && StringUtils.equals(origEmpInfo.getId(), entityEmpInfo.getId())) {
1094 									entityEmpInfo.setVersionNumber(origEmpInfo.getVersionNumber());
1095 									entityEmpInfo.setEmploymentRecordId(empInfo.getEmploymentRecordId());
1096 								}
1097 							}
1098 						}
1099 						if(StringUtils.isEmpty(entityEmpInfo.getEmploymentRecordId())){
1100 							employeeRecordCounter++;
1101 							entityEmpInfo.setEmploymentRecordId(employeeRecordCounter+"");
1102 						}
1103 						entityEmploymentInformations.add(entityEmpInfo);
1104 					}
1105 				}
1106 			}
1107 		}
1108 		kimEntity.setEmploymentInformation(entityEmploymentInformations);
1109 		kimEntity.setAffiliations(entityAffiliations);
1110 	}
1111 
1112     /*
1113      * Added to address KULRICE-5071 : "Move the 'show blank qualifier' kim toggle from a Config param to a System param"
1114      *
1115      * This method first checks for a namespace specific parameter with a detailTypeCode of "All" and parameterName of "KIM_SHOW_BLANK_QUALIFIERS".
1116      * If no parameter is found, it checks for the config property "kim.show.blank.qualifiers", and defaults to true if no config property exists.
1117      *
1118      */
1119     private boolean isBlankRoleQualifierVisible(String namespaceCode) {
1120     	boolean showBlankQualifiers = true;
1121 
1122 		Parameter param = getParameterService().getParameter(namespaceCode, KRADConstants.DetailTypes.ALL_DETAIL_TYPE, KimConstants.ParameterKey.SHOW_BLANK_QUALIFIERS);
1123 	    if (param != null) {
1124 	    	showBlankQualifiers = "Y".equals(param.getValue());
1125 	    } else {
1126 	    	String configProperty = ConfigContext.getCurrentContextConfig().getProperty(SHOW_BLANK_QUALIFIERS);
1127 	    	if (configProperty != null) {
1128 	    		showBlankQualifiers = Boolean.valueOf(configProperty);
1129             }
1130 	    }
1131 
1132 	    return showBlankQualifiers;
1133     }
1134 
1135    private boolean isSameAffiliation(EntityAffiliationBo origAffiliation, EntityAffiliationBo entityAffiliation){
1136     	//entityId
1137     	//affiliationTypeCode
1138     	//campusCode
1139     	return (origAffiliation!=null && entityAffiliation!=null) &&
1140     	(StringUtils.isNotEmpty(origAffiliation.getCampusCode()) && StringUtils.equals(origAffiliation.getCampusCode(), entityAffiliation.getCampusCode()))
1141     	&&
1142     	(StringUtils.isNotEmpty(origAffiliation.getAffiliationTypeCode()) && StringUtils.equals(origAffiliation.getAffiliationTypeCode(), entityAffiliation.getAffiliationTypeCode()))
1143  		&&
1144  		(StringUtils.isNotEmpty(origAffiliation.getEntityId()) && StringUtils.equals(origAffiliation.getEntityId(), entityAffiliation.getEntityId()));
1145     }
1146 
1147     private boolean isSameEmpInfo(EntityEmploymentBo origEmpInfo, EntityEmploymentBo entityEmpInfo){
1148     	//emp_info:
1149     		//employmentRecordId
1150     		//entityId
1151     		//These should be unique - add a business rule
1152     	return (origEmpInfo!=null && entityEmpInfo!=null)
1153     			&& (StringUtils.isNotEmpty(origEmpInfo.getEmploymentRecordId())
1154     					&& StringUtils.equals(origEmpInfo.getEmploymentRecordId(), entityEmpInfo.getEmploymentRecordId() )
1155     				)
1156     			&& StringUtils.equals( origEmpInfo.getEntityId(),entityEmpInfo.getEntityId());
1157     }
1158 
1159     protected void setupPhone(IdentityManagementPersonDocument identityManagementPersonDocument, EntityTypeContactInfoBo entityType, List<EntityPhoneBo> origPhones) {
1160     	if ( !identityManagementPersonDocument.getPrivacy().isSuppressPhone() || canOverrideEntityPrivacyPreferences(getInitiatorPrincipalId(identityManagementPersonDocument), identityManagementPersonDocument.getPrincipalId()) ) {
1161 			List<EntityPhoneBo> entityPhones = new ArrayList<EntityPhoneBo>();
1162 			if(CollectionUtils.isNotEmpty(identityManagementPersonDocument.getPhones())){
1163 				for (PersonDocumentPhone phone : identityManagementPersonDocument.getPhones()) {
1164 					EntityPhoneBo entityPhone = new EntityPhoneBo();
1165 					entityPhone.setPhoneTypeCode(phone.getPhoneTypeCode());
1166                     if (phone.getPhoneType() != null) {
1167                         entityPhone.setPhoneType(phone.getPhoneType());
1168                     } else {
1169                         if (StringUtils.isNotEmpty(phone.getPhoneTypeCode())) {
1170                             entityPhone.setPhoneType(EntityPhoneTypeBo
1171                                     .from(getIdentityService().getAddressType(phone.getPhoneTypeCode())));
1172                         }
1173                     }
1174 					entityPhone.setEntityId(identityManagementPersonDocument.getEntityId());
1175 					entityPhone.setId(phone.getEntityPhoneId());
1176 					entityPhone.setEntityTypeCode(entityType.getEntityTypeCode());
1177 					entityPhone.setPhoneNumber(phone.getPhoneNumber());
1178 					entityPhone.setCountryCode(phone.getCountryCode());
1179 					entityPhone.setExtensionNumber(phone.getExtensionNumber());
1180 					entityPhone.setActive(phone.isActive());
1181 					entityPhone.setDefaultValue(phone.isDflt());
1182 					if(ObjectUtils.isNotNull(origPhones)){
1183 						for (EntityPhoneContract origPhone : origPhones) {
1184 							if (origPhone.getId()!=null && StringUtils.equals(origPhone.getId(), entityPhone.getId())) {
1185 								entityPhone.setVersionNumber(origPhone.getVersionNumber());
1186 							}
1187 						}
1188 					}
1189 					entityPhone.setId(phone.getEntityPhoneId());
1190 					entityPhones.add(entityPhone);
1191 				}
1192 			}
1193 			entityType.setPhoneNumbers(entityPhones);
1194     	}
1195 	}
1196 
1197     protected List<PersonDocumentPhone> loadPhones(IdentityManagementPersonDocument identityManagementPersonDocument, String principalId, List<EntityPhone> entityPhones, boolean suppressDisplay ) {
1198 		List<PersonDocumentPhone> docPhones = new ArrayList<PersonDocumentPhone>();
1199 		if(ObjectUtils.isNotNull(entityPhones)){
1200 			for (EntityPhone phone: entityPhones) {
1201 				if(phone.isActive()){
1202 					PersonDocumentPhone docPhone = new PersonDocumentPhone();
1203                     if (phone.getPhoneType() != null) {
1204 					    docPhone.setPhoneTypeCode(phone.getPhoneType().getCode());
1205                     }
1206 					//docPhone.setPhoneType(((KimEntityPhoneImpl)phone).getPhoneType());
1207 					docPhone.setEntityTypeCode(phone.getEntityTypeCode());
1208 					//We do not need to check the privacy setting here - The UI should care of it
1209 					docPhone.setPhoneNumber(phone.getPhoneNumberUnmasked());
1210 					docPhone.setCountryCode(phone.getCountryCodeUnmasked());
1211 					docPhone.setExtensionNumber(phone.getExtensionNumberUnmasked());
1212 
1213 					docPhone.setActive(phone.isActive());
1214 					docPhone.setDflt(phone.isDefaultValue());
1215 					docPhone.setEntityPhoneId(phone.getId());
1216 					docPhone.setEdit(true);
1217 					docPhones.add(docPhone);
1218 				}
1219 			}
1220 		}
1221 		return docPhones;
1222 
1223 	}
1224 
1225     protected void setupEmail(
1226 			IdentityManagementPersonDocument identityManagementPersonDocument,
1227 			EntityTypeContactInfoBo entityType, List<EntityEmailBo> origEmails) {
1228     	if ( !identityManagementPersonDocument.getPrivacy().isSuppressEmail() || canOverrideEntityPrivacyPreferences(getInitiatorPrincipalId(identityManagementPersonDocument), identityManagementPersonDocument.getPrincipalId()) ) {
1229 			List<EntityEmailBo> entityEmails = new ArrayList<EntityEmailBo>();
1230 			if(CollectionUtils.isNotEmpty(identityManagementPersonDocument.getEmails())){
1231 				for (PersonDocumentEmail email : identityManagementPersonDocument.getEmails()) {
1232 					EntityEmailBo entityEmail = new EntityEmailBo();
1233 					entityEmail.setEntityId(identityManagementPersonDocument.getEntityId());
1234 					entityEmail.setEntityTypeCode(entityType.getEntityTypeCode());
1235                     if (email.getEmailType() != null) {
1236                         entityEmail.setEmailType(email.getEmailType());
1237                     } else {
1238                         if (StringUtils.isNotEmpty(email.getEmailTypeCode())) {
1239                             entityEmail.setEmailType(
1240                                     EntityEmailTypeBo.from(getIdentityService().getEmailType(email.getEmailTypeCode())));
1241                         }
1242                     }
1243 					entityEmail.setEmailTypeCode(email.getEmailTypeCode());
1244 					entityEmail.setEmailAddress(email.getEmailAddress());
1245 					entityEmail.setActive(email.isActive());
1246 					entityEmail.setDefaultValue(email.isDflt());
1247 					entityEmail.setId(email.getEntityEmailId());
1248 					if(ObjectUtils.isNotNull(origEmails)){
1249 						for (EntityEmailContract origEmail : origEmails) {
1250 							if (origEmail.getId()!=null && StringUtils.equals(origEmail.getId(), entityEmail.getId())) {
1251 								entityEmail.setVersionNumber(origEmail.getVersionNumber());
1252 							}
1253 						}
1254 					}
1255 					entityEmails.add(entityEmail);
1256 				}
1257 			}
1258 			entityType.setEmailAddresses(entityEmails);
1259     	}
1260 	}
1261     protected List<PersonDocumentEmail> loadEmails(IdentityManagementPersonDocument identityManagementPersonDocument, String principalId, List<EntityEmail> entityEmails, boolean suppressDisplay ) {
1262 		List<PersonDocumentEmail> emails = new ArrayList<PersonDocumentEmail>();
1263 		if(ObjectUtils.isNotNull(entityEmails)){
1264 			for (EntityEmail email: entityEmails) {
1265 				if(email.isActive()){
1266 					PersonDocumentEmail docEmail = new PersonDocumentEmail();
1267 					//docEmail.setEntityId(email.getEntityId());
1268 					docEmail.setEntityTypeCode(email.getEntityTypeCode());
1269                     if (email.getEmailType() != null) {
1270 					    docEmail.setEmailTypeCode(email.getEmailType().getCode());
1271                     }
1272 					// EmailType not on info object.
1273 					//docEmail.setEmailType(((KimEntityEmailImpl)email).getEmailType());
1274 					//We do not need to check the privacy setting here - The UI should care of it
1275 					docEmail.setEmailAddress(email.getEmailAddressUnmasked());
1276 
1277 					docEmail.setActive(email.isActive());
1278 					docEmail.setDflt(email.isDefaultValue());
1279 					docEmail.setEntityEmailId(email.getId());
1280 					docEmail.setEdit(true);
1281 					emails.add(docEmail);
1282 				}
1283 			}
1284 		}
1285 		return emails;
1286 	}
1287 
1288     protected void setupAddress(
1289 			IdentityManagementPersonDocument identityManagementPersonDocument,
1290 			EntityTypeContactInfoBo entityType, List<EntityAddressBo> origAddresses) {
1291     	if ( !identityManagementPersonDocument.getPrivacy().isSuppressAddress() || canOverrideEntityPrivacyPreferences(getInitiatorPrincipalId(identityManagementPersonDocument), identityManagementPersonDocument.getPrincipalId()) ) {
1292 			List<EntityAddressBo> entityAddresses = new ArrayList<EntityAddressBo>();
1293 			if(CollectionUtils.isNotEmpty(identityManagementPersonDocument.getAddrs())){
1294 				for (PersonDocumentAddress address : identityManagementPersonDocument.getAddrs()) {
1295 					EntityAddressBo entityAddress = new EntityAddressBo();
1296 					entityAddress.setEntityId(identityManagementPersonDocument.getEntityId());
1297 					entityAddress.setEntityTypeCode(entityType.getEntityTypeCode());
1298 					entityAddress.setAddressTypeCode(address.getAddressTypeCode());
1299                     if (address.getAddressType() != null) {
1300                         entityAddress.setAddressType(address.getAddressType());
1301                     } else {
1302                         if (StringUtils.isNotEmpty(address.getAddressTypeCode())) {
1303                             entityAddress.setAddressType(EntityAddressTypeBo.from(
1304                                     getIdentityService().getAddressType(address.getAddressTypeCode())));
1305                         }
1306                     }
1307 					entityAddress.setLine1(address.getLine1());
1308 					entityAddress.setLine2(address.getLine2());
1309 					entityAddress.setLine3(address.getLine3());
1310 					entityAddress.setStateProvinceCode(address.getStateProvinceCode());
1311 					entityAddress.setPostalCode(address.getPostalCode());
1312 					entityAddress.setCountryCode(address.getCountryCode());
1313 					entityAddress.setCity(address.getCity());
1314 					entityAddress.setActive(address.isActive());
1315 					entityAddress.setDefaultValue(address.isDflt());
1316 					entityAddress.setId(address.getEntityAddressId());
1317 					if(ObjectUtils.isNotNull(origAddresses)){
1318 						for (EntityAddressContract origAddress : origAddresses) {
1319 							if (origAddress.getId()!=null && StringUtils.equals(origAddress.getId(), entityAddress.getId())) {
1320 								entityAddress.setVersionNumber(origAddress.getVersionNumber());
1321 							}
1322 						}
1323 					}
1324 					entityAddresses.add(entityAddress);
1325 				}
1326 			}
1327 			entityType.setAddresses(entityAddresses);
1328     	}
1329 	}
1330 
1331     protected List<PersonDocumentAddress> loadAddresses(IdentityManagementPersonDocument identityManagementPersonDocument, String principalId, List<EntityAddress> entityAddresses, boolean suppressDisplay ) {
1332 		List<PersonDocumentAddress> docAddresses = new ArrayList<PersonDocumentAddress>();
1333 		if(ObjectUtils.isNotNull(entityAddresses)){
1334 			for (EntityAddress address: entityAddresses) {
1335 				if(address.isActive()){
1336 					PersonDocumentAddress docAddress = new PersonDocumentAddress();
1337 					docAddress.setEntityTypeCode(address.getEntityTypeCode());
1338 					docAddress.setAddressTypeCode(address.getAddressType().getCode());
1339 
1340 					//We do not need to check the privacy setting here - The UI should care of it
1341 					docAddress.setLine1(address.getLine1Unmasked());
1342 					docAddress.setLine2(address.getLine2Unmasked());
1343 					docAddress.setLine3(address.getLine3Unmasked());
1344 					docAddress.setStateProvinceCode(address.getStateProvinceCodeUnmasked());
1345 					docAddress.setPostalCode(address.getPostalCodeUnmasked());
1346 					docAddress.setCountryCode(address.getCountryCodeUnmasked());
1347 					docAddress.setCity(address.getCityUnmasked());
1348 
1349 					docAddress.setActive(address.isActive());
1350 					docAddress.setDflt(address.isDefaultValue());
1351 					docAddress.setEntityAddressId(address.getId());
1352 					docAddress.setEdit(true);
1353 					docAddresses.add(docAddress);
1354 				}
1355 			}
1356 		}
1357 		return docAddresses;
1358 	}
1359 
1360 
1361     protected List <GroupMemberBo> populateGroupMembers(IdentityManagementPersonDocument identityManagementPersonDocument) {
1362 		List <GroupMemberBo>  groupPrincipals = new ArrayList<GroupMemberBo>();
1363 //		List<? extends Group> origGroups = getGroupService().getGroupsByPrincipalId(identityManagementPersonDocument.getPrincipalId());
1364 		if(CollectionUtils.isNotEmpty(identityManagementPersonDocument.getGroups())){
1365 			for (PersonDocumentGroup group : identityManagementPersonDocument.getGroups()) {
1366 				GroupMember.Builder groupPrincipalImpl = GroupMember.Builder.create(group.getGroupId(), identityManagementPersonDocument.getPrincipalId(), KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE);
1367 				if (group.getActiveFromDate() != null) {
1368 					groupPrincipalImpl.setActiveFromDate(new DateTime(group.getActiveFromDate().getTime()));
1369 				}
1370 				if (group.getActiveToDate() != null) {
1371 					groupPrincipalImpl.setActiveToDate(new DateTime(group.getActiveToDate().getTime()));
1372 				}
1373 				groupPrincipalImpl.setId(group.getGroupMemberId());
1374 
1375 
1376                 //groupPrincipalImpl.setVersionNumber(group.getVersionNumber());
1377 				// get the ORM-layer optimisic locking value
1378 				// TODO: this should be replaced with the retrieval and storage of that value
1379 				// in the document tables and not re-retrieved here
1380 				Collection<GroupMember> currGroupMembers = getGroupService().getMembers(Collections.singletonList(group.getGroupId()));
1381 				if(ObjectUtils.isNotNull(currGroupMembers)){
1382 					for (GroupMember origGroupMember: currGroupMembers) {
1383                         if (origGroupMember.isActive(new DateTime(System.currentTimeMillis()))
1384                             && KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE.equals(origGroupMember.getType())) {
1385                             if(origGroupMember.getId()!=null && StringUtils.equals(origGroupMember.getId(), group.getGroupMemberId())){
1386                                 groupPrincipalImpl.setObjectId(origGroupMember.getObjectId());
1387                                 groupPrincipalImpl.setVersionNumber(origGroupMember.getVersionNumber());
1388                             }
1389                         }
1390 					}
1391 				}
1392 
1393 				groupPrincipals.add(GroupMemberBo.from(groupPrincipalImpl.build()));
1394 
1395 			}
1396 		}
1397 		return groupPrincipals;
1398 	}
1399 
1400     protected List<RoleMemberBo> populateRoleMembers(IdentityManagementPersonDocument identityManagementPersonDocument) {
1401 		List<RoleBo> origRoles = getRolesForPrincipal(identityManagementPersonDocument.getPrincipalId());
1402 
1403 		List <RoleMemberBo> roleMembers = new ArrayList<RoleMemberBo>();
1404 		if(CollectionUtils.isNotEmpty(identityManagementPersonDocument.getRoles())){
1405 			for (PersonDocumentRole role : identityManagementPersonDocument.getRoles()) {
1406 				//if(role.isEditable()){
1407 					List<RoleMemberBo> origRoleMembers = new ArrayList<RoleMemberBo>();
1408 					if(ObjectUtils.isNotNull(origRoles)){
1409 						for (RoleBo origRole : origRoles) {
1410 							if (origRole.getId()!=null && StringUtils.equals(origRole.getId(), role.getRoleId())) {
1411 								origRoleMembers = origRole.getMembers();
1412 								break;
1413 							}
1414 						}
1415 					}
1416 					if (role.getRolePrncpls().isEmpty()) {
1417 						if (!role.getDefinitions().isEmpty()) {
1418 							RoleMemberBo roleMemberImpl = new RoleMemberBo();
1419 							roleMemberImpl.setRoleId(role.getRoleId());
1420 							roleMemberImpl.setMemberId(identityManagementPersonDocument.getPrincipalId());
1421 							roleMemberImpl.setType(MemberType.PRINCIPAL);
1422 							roleMembers.add(roleMemberImpl);
1423 						}
1424 					} else {
1425 						for (KimDocumentRoleMember roleMember : role.getRolePrncpls()) {
1426 							RoleMemberBo roleMemberImpl = new RoleMemberBo();
1427 							roleMemberImpl.setRoleId(role.getRoleId());
1428 							// TODO : principalId is not ready here yet ?
1429 							roleMemberImpl.setMemberId(identityManagementPersonDocument.getPrincipalId());
1430 							roleMemberImpl.setType(MemberType.PRINCIPAL);
1431 							roleMemberImpl.setId(roleMember.getRoleMemberId());
1432 							if (roleMember.getActiveFromDate() != null) {
1433 								roleMemberImpl.setActiveFromDateValue(
1434                                         new java.sql.Timestamp(roleMember.getActiveFromDate().getTime()));
1435 							}
1436 							if (roleMember.getActiveToDate() != null) {
1437 								roleMemberImpl.setActiveToDateValue(
1438                                         new java.sql.Timestamp(roleMember.getActiveToDate().getTime()));
1439 							}
1440 							List<RoleMemberAttributeDataBo> origAttributes = new ArrayList<RoleMemberAttributeDataBo>();
1441 							if(ObjectUtils.isNotNull(origRoleMembers)){
1442 								for (RoleMemberBo origMember : origRoleMembers) {
1443 									if (origMember.getId()!=null && StringUtils.equals(origMember.getId(), roleMember.getRoleMemberId())) {
1444 										origAttributes = origMember.getAttributeDetails();
1445 										roleMemberImpl.setVersionNumber(origMember.getVersionNumber());
1446 									}
1447 								}
1448 							}
1449 							List<RoleMemberAttributeDataBo> attributes = new ArrayList<RoleMemberAttributeDataBo>();
1450 							if(CollectionUtils.isNotEmpty(roleMember.getQualifiers())){
1451 								for (KimDocumentRoleQualifier qualifier : roleMember.getQualifiers()) {
1452 									//if (StringUtils.isNotBlank(qualifier.getAttrVal())) {
1453 										RoleMemberAttributeDataBo attribute = new RoleMemberAttributeDataBo();
1454 										attribute.setId(qualifier.getAttrDataId());
1455 										attribute.setAttributeValue(qualifier.getAttrVal());
1456 										attribute.setKimAttributeId(qualifier.getKimAttrDefnId());
1457 										attribute.setAssignedToId(qualifier.getRoleMemberId());
1458 										attribute.setKimTypeId(qualifier.getKimTypId());
1459 
1460 										updateAttrValIfNecessary(attribute);
1461 
1462 										if(ObjectUtils.isNotNull(origAttributes)){
1463 											for (RoleMemberAttributeDataBo origAttribute : origAttributes) {
1464 												if (origAttribute.getId()!=null && StringUtils.equals(origAttribute.getId(), qualifier.getAttrDataId())) {
1465 													attribute.setVersionNumber(origAttribute.getVersionNumber());
1466 												}
1467 											}
1468 										}
1469 										if (attribute.getVersionNumber() != null || StringUtils.isNotBlank(qualifier.getAttrVal())) {
1470 											attributes.add(attribute);
1471 										}
1472 									//}
1473 								}
1474 							}
1475 							roleMemberImpl.setAttributeDetails(attributes);
1476 							roleMembers.add(roleMemberImpl);
1477 						}
1478 					}
1479 				//}
1480 			}
1481 		}
1482 		return roleMembers;
1483 	}
1484 
1485 	protected List<DelegateTypeBo> populateDelegations(IdentityManagementPersonDocument identityManagementPersonDocument){
1486 		List<DelegateTypeBo> origDelegations = getPersonDelegations(identityManagementPersonDocument.getPrincipalId());
1487 		List<DelegateTypeBo> kimDelegations = new ArrayList<DelegateTypeBo>();
1488 		DelegateTypeBo newKimDelegation;
1489 		DelegateTypeBo origDelegationImplTemp = null;
1490 		List<DelegateMemberBo> origMembers;
1491 		boolean activatingInactive = false;
1492 		String newDelegationIdAssigned = "";
1493 		if(CollectionUtils.isNotEmpty(identityManagementPersonDocument.getDelegations())){
1494 			for(RoleDocumentDelegation roleDocumentDelegation: identityManagementPersonDocument.getDelegations()){
1495 				newKimDelegation = new DelegateTypeBo();
1496 				KimCommonUtilsInternal.copyProperties(newKimDelegation, roleDocumentDelegation);
1497 				newKimDelegation.setRoleId(roleDocumentDelegation.getRoleId());
1498 				if(ObjectUtils.isNotNull(origDelegations)){
1499 					for(DelegateTypeBo origDelegationImpl: origDelegations){
1500 						if((origDelegationImpl.getRoleId()!=null && StringUtils.equals(origDelegationImpl.getRoleId(), newKimDelegation.getRoleId())) &&
1501 								(origDelegationImpl.getDelegationId()!=null && StringUtils.equals(origDelegationImpl.getDelegationId(), newKimDelegation.getDelegationId()))){
1502 							//TODO: verify if you want to add  && newRoleMember.isActive() condition to if...
1503 							newDelegationIdAssigned = newKimDelegation.getDelegationId();
1504 							newKimDelegation.setDelegationId(origDelegationImpl.getDelegationId());
1505 							activatingInactive = true;
1506 						}
1507 						if(origDelegationImpl.getDelegationId()!=null && StringUtils.equals(origDelegationImpl.getDelegationId(), newKimDelegation.getDelegationId())){
1508 							newKimDelegation.setVersionNumber(origDelegationImpl.getVersionNumber());
1509 							origDelegationImplTemp = origDelegationImpl;
1510 						}
1511 					}
1512 				}
1513 				origMembers = (origDelegationImplTemp==null || origDelegationImplTemp.getMembers()==null)?
1514 									new ArrayList<DelegateMemberBo>():origDelegationImplTemp.getMembers();
1515 				newKimDelegation.setMembers(getDelegationMembers(roleDocumentDelegation.getMembers(), origMembers, null, activatingInactive, newDelegationIdAssigned));
1516                 newKimDelegation.setVersionNumber(null);
1517 				kimDelegations.add(newKimDelegation);
1518 				activatingInactive = false;
1519 			}
1520 		}
1521 		return kimDelegations;
1522 	}
1523 
1524     protected List <RoleMemberAttributeDataBo> getBlankRoleMemberAttrs(List <RoleMemberBo> rolePrncpls) {
1525 
1526 		List <RoleMemberAttributeDataBo>  blankRoleMemberAttrs = new ArrayList<RoleMemberAttributeDataBo>();
1527 		if(ObjectUtils.isNotNull(rolePrncpls)){
1528 			for (RoleMemberBo roleMbr : rolePrncpls) {
1529 				List <RoleMemberAttributeDataBo>  roleMemberAttrs = new ArrayList<RoleMemberAttributeDataBo>();
1530 				if (CollectionUtils.isNotEmpty(roleMbr.getAttributeDetails())) {
1531 					for (RoleMemberAttributeDataBo attr : roleMbr.getAttributeDetails()) {
1532 						if (StringUtils.isBlank(attr.getAttributeValue())) {
1533 							roleMemberAttrs.add(attr);
1534 						}
1535 					}
1536 					if (!roleMemberAttrs.isEmpty()) {
1537 						roleMbr.getAttributeDetails().removeAll(roleMemberAttrs);
1538 						blankRoleMemberAttrs.addAll(roleMemberAttrs);
1539 					}
1540 
1541 				}
1542 			}
1543 		}
1544 
1545 		return blankRoleMemberAttrs;
1546 
1547 	}
1548 
1549     protected List <RoleResponsibilityActionBo> populateRoleRspActions(IdentityManagementPersonDocument identityManagementPersonDocument) {
1550 //		List<RoleImpl> origRoles = getRolesForPrincipal(identityManagementPersonDocument.getPrincipalId());
1551 
1552 		List <RoleResponsibilityActionBo>  roleRspActions = new ArrayList<RoleResponsibilityActionBo>();
1553 		if(CollectionUtils.isNotEmpty(identityManagementPersonDocument.getRoles())){
1554 			for (PersonDocumentRole role : identityManagementPersonDocument.getRoles()) {
1555 				if(CollectionUtils.isNotEmpty(role.getRolePrncpls())){
1556 					for (KimDocumentRoleMember roleMbr : role.getRolePrncpls()) {
1557 						if(CollectionUtils.isNotEmpty(roleMbr.getRoleRspActions())){
1558 							for (KimDocumentRoleResponsibilityAction roleRspAction : roleMbr.getRoleRspActions()) {
1559 								RoleResponsibilityActionBo entRoleRspAction = new RoleResponsibilityActionBo();
1560 								entRoleRspAction.setId(roleRspAction.getRoleResponsibilityActionId());
1561 								entRoleRspAction.setActionPolicyCode(roleRspAction.getActionPolicyCode());
1562 								entRoleRspAction.setActionTypeCode(roleRspAction.getActionTypeCode());
1563 								entRoleRspAction.setPriorityNumber(roleRspAction.getPriorityNumber());
1564 								entRoleRspAction.setRoleMemberId(roleRspAction.getRoleMemberId());
1565 								entRoleRspAction.setRoleResponsibilityId(roleRspAction.getRoleResponsibilityId());
1566 								List<RoleResponsibilityActionBo> actions = getRoleRspActions( roleMbr.getRoleMemberId());
1567 								if(ObjectUtils.isNotNull(actions)){
1568 									for(RoleResponsibilityActionBo orgRspAction : actions) {
1569 										if (orgRspAction.getId()!=null && StringUtils.equals(orgRspAction.getId(), roleRspAction.getRoleResponsibilityActionId())) {
1570 											entRoleRspAction.setVersionNumber(orgRspAction.getVersionNumber());
1571 										}
1572 									}
1573 								}
1574 								roleRspActions.add(entRoleRspAction);
1575 							}
1576 						}
1577 					}
1578 				}
1579 			}
1580 		}
1581 		return roleRspActions;
1582 
1583 	}
1584 
1585 	protected DataObjectService getDataObjectService() {
1586 		if ( dataObjectService == null ) {
1587 			dataObjectService = KradDataServiceLocator.getDataObjectService();
1588 		}
1589 		return dataObjectService;
1590 	}
1591 
1592 	protected IdentityService getIdentityService() {
1593 		if ( identityService == null ) {
1594 			identityService = KimApiServiceLocator.getIdentityService();
1595 		}
1596 		return identityService;
1597 	}
1598 
1599 	protected GroupService getGroupService() {
1600 		if ( groupService == null ) {
1601 			groupService = KimApiServiceLocator.getGroupService();
1602 		}
1603 		return groupService;
1604 	}
1605 
1606 	protected DocumentHelperService getDocumentHelperService() {
1607 	    if ( documentHelperService == null ) {
1608 	        documentHelperService = KNSServiceLocator.getDocumentHelperService();
1609 		}
1610 	    return this.documentHelperService;
1611 	}
1612 
1613 	protected RoleService getRoleService() {
1614 	   	if(roleService == null){
1615 	   		roleService = KimApiServiceLocator.getRoleService();
1616     	}
1617 		return roleService;
1618 	}
1619 
1620 	public void setRoleService(RoleService roleService) {
1621 		this.roleService = roleService;
1622 	}
1623 
1624 	protected ResponsibilityService getResponsibilityService() {
1625 	   	if ( responsibilityService == null ) {
1626     		responsibilityService = KimApiServiceLocator.getResponsibilityService();
1627     	}
1628 		return responsibilityService;
1629 	}
1630 
1631 	public void setResponsibilityService(ResponsibilityService responsibilityService) {
1632 		this.responsibilityService = responsibilityService;
1633 	}
1634 
1635 
1636 	/* Role document methods */
1637 	@Override
1638     public void loadRoleDoc(IdentityManagementRoleDocument identityManagementRoleDocument, Role role){
1639 		RoleBo roleBo = getDataObjectService().find(RoleBo.class, role.getId());
1640 
1641 		identityManagementRoleDocument.setRoleId(roleBo.getId());
1642 		identityManagementRoleDocument.setKimType(KimTypeBo.to(roleBo.getKimRoleType()));
1643 		identityManagementRoleDocument.setRoleTypeName(roleBo.getKimRoleType().getName());
1644 		identityManagementRoleDocument.setRoleTypeId(roleBo.getKimTypeId());
1645 		identityManagementRoleDocument.setRoleName(roleBo.getName());
1646 		identityManagementRoleDocument.setRoleDescription(roleBo.getDescription());
1647 		identityManagementRoleDocument.setActive(roleBo.isActive());
1648 		identityManagementRoleDocument.setRoleNamespace(roleBo.getNamespaceCode());
1649 		identityManagementRoleDocument.setEditing(true);
1650 
1651 		identityManagementRoleDocument.setPermissions(loadPermissions(
1652                 getDataObjectService().findMatching(RolePermissionBo.class,
1653                         QueryByCriteria.Builder.forAttribute(KimConstants.PrimaryKeyConstants.SUB_ROLE_ID, role.getId()).build()).getResults()));
1654         identityManagementRoleDocument.setResponsibilities(loadResponsibilities(
1655                 getDataObjectService().findMatching(RoleResponsibilityBo.class,
1656                         QueryByCriteria.Builder.forAttribute(KimConstants.PrimaryKeyConstants.SUB_ROLE_ID, role.getId()).build()).getResults()));
1657         loadResponsibilityRoleRspActions(identityManagementRoleDocument);
1658         identityManagementRoleDocument.setMembers(loadRoleMembers(identityManagementRoleDocument, roleBo.getMembers()));
1659         loadMemberRoleRspActions(identityManagementRoleDocument);
1660 		identityManagementRoleDocument.setDelegations(loadRoleDocumentDelegations(identityManagementRoleDocument, getRoleDelegations(roleBo.getId())));
1661 		//Since delegation members are flattened out on the UI...
1662 		setDelegationMembersInDocument(identityManagementRoleDocument);
1663 		identityManagementRoleDocument.setKimType(KimTypeBo.to(roleBo.getKimRoleType()));
1664     }
1665 
1666     @Override
1667     public void loadRoleMembersBasedOnSearch(IdentityManagementRoleDocument identityManagementRoleDocument,
1668                                                     String memberSearchValue){
1669 
1670         List<KimDocumentRoleMember> roleMembersRestricted = new ArrayList<KimDocumentRoleMember>();
1671         List<KimDocumentRoleMember> members = identityManagementRoleDocument.getMembers();
1672         for (KimDocumentRoleMember roleMember : members){
1673             String memberName = roleMember.getMemberName().toLowerCase();
1674             if (memberName.startsWith(memberSearchValue.toLowerCase())) {
1675                 roleMembersRestricted.add(roleMember);
1676             }
1677         }
1678 
1679         identityManagementRoleDocument.setSearchResultMembers(roleMembersRestricted);
1680     }
1681 
1682     @Override
1683     public void clearRestrictedRoleMembersSearchResults(IdentityManagementRoleDocument identityManagementRoleDocument) {
1684         List<KimDocumentRoleMember> roleMembersRestricted =  new ArrayList<KimDocumentRoleMember>();
1685         List<KimDocumentRoleMember> members = identityManagementRoleDocument.getMembers();
1686         identityManagementRoleDocument.setSearchResultMembers(roleMembersRestricted);
1687         identityManagementRoleDocument.setMembers(members);
1688     }
1689 
1690     @Override
1691     public void setDelegationMembersInDocument(IdentityManagementRoleDocument identityManagementRoleDocument){
1692         if(CollectionUtils.isNotEmpty(identityManagementRoleDocument.getDelegations())){
1693             for(RoleDocumentDelegation delegation: identityManagementRoleDocument.getDelegations()){
1694                 if(CollectionUtils.isNotEmpty(delegation.getMembers())){
1695                     RoleMemberBo roleMember;
1696                     for(RoleDocumentDelegationMember member: delegation.getMembers()){
1697                         member.setDelegationTypeCode(delegation.getDelegationTypeCode());
1698                         if (StringUtils.isEmpty(member.getRoleMemberName())) {
1699                             roleMember = getRoleMemberForRoleMemberId(member.getRoleMemberId());
1700                             if(roleMember!=null){
1701                                 member.setRoleMemberName(getMemberName(roleMember.getType(), roleMember.getMemberId()));
1702                                 member.setRoleMemberNamespaceCode(getMemberNamespaceCode(roleMember.getType(), roleMember.getMemberId()));
1703                             }
1704                         }
1705                         member.setEdit(true);
1706                         identityManagementRoleDocument.getDelegationMembers().add(member);
1707                     }
1708                 }
1709             }
1710         }
1711     }
1712 
1713 	protected List<KimDocumentRoleResponsibility> loadResponsibilities(List<RoleResponsibilityBo> roleResponsibilities){
1714 		List<KimDocumentRoleResponsibility> documentRoleResponsibilities = new ArrayList<KimDocumentRoleResponsibility>();
1715 		if(ObjectUtils.isNotNull(roleResponsibilities)){
1716 			for(RoleResponsibilityBo roleResponsibility: roleResponsibilities){
1717 				if(roleResponsibility.isActive()) {
1718 					KimDocumentRoleResponsibility roleResponsibilityCopy = new KimDocumentRoleResponsibility();
1719 					KimCommonUtilsInternal.copyProperties(roleResponsibilityCopy, roleResponsibility);
1720 					roleResponsibilityCopy.setEdit(true);
1721 					documentRoleResponsibilities.add(roleResponsibilityCopy);
1722 				}
1723 			}
1724 		}
1725 		return documentRoleResponsibilities;
1726 	}
1727 
1728 	protected List<KimDocumentRolePermission> loadPermissions(List<RolePermissionBo> rolePermissions){
1729 		List<KimDocumentRolePermission> documentRolePermissions = new ArrayList<KimDocumentRolePermission>();
1730 		KimDocumentRolePermission rolePermissionCopy;
1731 		if(ObjectUtils.isNotNull(rolePermissions)){
1732 			for(RolePermissionBo rolePermission: rolePermissions){
1733 				if ( rolePermission.isActive() ) {
1734 					rolePermissionCopy = new KimDocumentRolePermission();
1735 					rolePermissionCopy.setRolePermissionId(rolePermission.getId());
1736 					rolePermissionCopy.setRoleId(rolePermission.getRoleId());
1737 					rolePermissionCopy.setPermissionId(rolePermission.getPermissionId());
1738 					rolePermissionCopy.setPermission(PermissionBo.to(rolePermission.getPermission()));
1739 					rolePermissionCopy.setEdit(true);
1740 					documentRolePermissions.add(rolePermissionCopy);
1741 				}
1742 			}
1743 		}
1744 		return documentRolePermissions;
1745 	}
1746 
1747     @Override
1748     public void setMembersInDocument(IdentityManagementRoleDocument identityManagementRoleDocument){
1749         if(CollectionUtils.isNotEmpty(identityManagementRoleDocument.getDelegations())){
1750             RoleBo roleBo = getDataObjectService().find(RoleBo.class, identityManagementRoleDocument.getRoleId());
1751             List<RoleMemberBo> members = roleBo.getMembers();
1752             List<RoleMemberBo> membersToRemove = new ArrayList<RoleMemberBo>();
1753             boolean found = false;
1754             for(KimDocumentRoleMember modifiedMember : identityManagementRoleDocument.getModifiedMembers() ) {
1755                 for(RoleMemberBo member : members) {
1756                     if (modifiedMember.getRoleMemberId().equals(member.getId())) {
1757                         membersToRemove.add(member);
1758                         found = true;
1759                     }
1760                     if (found) {
1761                         break;
1762                     }
1763                 }
1764             }
1765             for(RoleMemberBo memberToRemove : membersToRemove ) {
1766                 members.remove(memberToRemove);
1767             }
1768 
1769             identityManagementRoleDocument.setMembers(loadRoleMembers(identityManagementRoleDocument, members));
1770             loadMemberRoleRspActions(identityManagementRoleDocument);
1771         }
1772     }
1773 
1774     public Map<String, Group> findGroupsForRole(final String roleId) {
1775         Map<String, Group> roleGroupMembers = new HashMap<String, Group>();
1776 
1777         // Find group members of a given role
1778         List<RoleMember> groupRoleMembers = getRoleService().findRoleMembers( QueryByCriteria.Builder.fromPredicates(
1779                 PredicateFactory.equal(KIMPropertyConstants.RoleMember.ROLE_ID, roleId)
1780                 , PredicateFactory.equal(KIMPropertyConstants.RoleMember.MEMBER_TYPE_CODE,MemberType.GROUP.getCode()))).getResults();
1781 
1782         List<String> groupIds = new ArrayList<String>( groupRoleMembers.size() );
1783         for ( RoleMember rm : groupRoleMembers ) {
1784             groupIds.add( rm.getMemberId() );
1785         }
1786 
1787         List<Group> groups = getGroupService().getGroups(groupIds);
1788         for ( Group g : groups ) {
1789             roleGroupMembers.put(g.getId(), g);
1790         }
1791         return roleGroupMembers;
1792     }
1793 
1794     protected List<KimDocumentRoleMember> loadRoleMembers(
1795             IdentityManagementRoleDocument identityManagementRoleDocument, List<RoleMemberBo> members){
1796         List<KimDocumentRoleMember> pndMembers = new ArrayList<KimDocumentRoleMember>();
1797 
1798         if(KRADUtils.isNull(members) || members.isEmpty() ){
1799             return pndMembers;
1800         }
1801 
1802         // extract all the principal role member IDs
1803         List<String> roleMemberPrincipalIds = new ArrayList<String>();
1804         for(RoleMemberBo roleMember : members) {
1805             if (roleMember.getType().getCode().equals(KimConstants.KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE.getCode())) {
1806                 if (!roleMemberPrincipalIds.contains(roleMember.getMemberId())) {
1807                     roleMemberPrincipalIds.add(roleMember.getMemberId());
1808                 }
1809             }
1810         }
1811 
1812         // pull in all the names for the principals for later use
1813         Map<String, EntityDefault> principalIdToEntityMap = new HashMap<String,EntityDefault>();
1814         /*KULRICE-12538: If roleMemberPrincipalIds is empty, skip populating list of pricipals*/
1815         if(!roleMemberPrincipalIds.isEmpty()){
1816             List<EntityDefault> principals = getIdentityService().findEntityDefaults( QueryByCriteria.Builder.fromPredicates(
1817                     PredicateFactory.in("principals." + KIMPropertyConstants.Person.PRINCIPAL_ID, roleMemberPrincipalIds)
1818                     , PredicateFactory.equal("principals." + KRADPropertyConstants.ACTIVE, Boolean.TRUE)
1819                     , PredicateFactory.equal(KRADPropertyConstants.ACTIVE, Boolean.TRUE)
1820                     )).getResults();
1821             principalIdToEntityMap = new HashMap<String,EntityDefault>( principals.size() );
1822             for ( EntityDefault entity : principals ) {
1823                 // yes, I'm missing null checks, but since I searched on principal ID - there needs to be
1824                 // at least one record
1825                 principalIdToEntityMap.put( entity.getPrincipals().get(0).getPrincipalId(), entity );
1826             }
1827         }
1828         // pull in all the group members of this role
1829         Map<String, Group> roleGroupMembers = findGroupsForRole(identityManagementRoleDocument.getRoleId());
1830 
1831         for(RoleMemberBo member: members){
1832             KimDocumentRoleMember pndMember = new KimDocumentRoleMember();
1833             pndMember.setActiveFromDate(member.getActiveFromDateValue());
1834             pndMember.setActiveToDate(member.getActiveToDateValue());
1835             pndMember.setActive(member.isActive( getDateTimeService().getCurrentTimestamp()));
1836             if(pndMember.isActive()){
1837                 pndMember.setRoleMemberId(member.getId());
1838                 pndMember.setRoleId(member.getRoleId());
1839                 pndMember.setMemberTypeCode(member.getType().getCode());
1840                 pndMember.setMemberId(member.getMemberId());
1841                 pndMember.setMemberNamespaceCode(getMemberNamespaceCode(member.getType(), member.getMemberId()));
1842 
1843                 if ( StringUtils.equals( pndMember.getMemberTypeCode(), MemberType.PRINCIPAL.getCode() ) ) {
1844                     EntityDefault entity = principalIdToEntityMap.get(member.getMemberId());
1845                     if ( entity != null ) {
1846                         pndMember.setMemberName(entity.getPrincipals().get(0).getPrincipalName());
1847 
1848                         if ( entity.getName() != null ) {
1849                             pndMember.setMemberFullName(entity.getName().getFirstName() + " " + entity.getName().getLastName());
1850                         }
1851                     }
1852                 } else if ( StringUtils.equals( pndMember.getMemberTypeCode(), MemberType.GROUP.getCode() ) ) {
1853                     Group group =  roleGroupMembers.get(member.getMemberId());
1854                     if (group != null) {
1855                         pndMember.setMemberName(group.getName());
1856                         pndMember.setMemberNamespaceCode(group.getNamespaceCode());
1857                         pndMember.setMemberFullName(group.getName());
1858                     }
1859                 } else if ( StringUtils.equals( pndMember.getMemberTypeCode(), MemberType.ROLE.getCode() ) ) {
1860                     pndMember.setMemberName(getMemberName(member.getType(), member.getMemberId()));
1861                     pndMember.setMemberFullName(getMemberFullName(member.getType(), member.getMemberId()));
1862                 }
1863 
1864                 pndMember.setQualifiers(loadRoleMemberQualifiers(identityManagementRoleDocument, member.getAttributeDetails()));
1865                 pndMember.setEdit(true);
1866                 pndMembers.add(pndMember);
1867             }
1868         }
1869         Collections.sort(pndMembers, identityManagementRoleDocument.getMemberMetaDataType());
1870         return pndMembers;
1871     }
1872 
1873     protected void loadResponsibilityRoleRspActions(IdentityManagementRoleDocument identityManagementRoleDocument){
1874 		if(CollectionUtils.isNotEmpty(identityManagementRoleDocument.getResponsibilities())){
1875 			for(KimDocumentRoleResponsibility responsibility: identityManagementRoleDocument.getResponsibilities()){
1876 				responsibility.getRoleRspActions().addAll(loadKimDocumentRoleRespActions(
1877 						getRoleResponsibilityActionImpls(responsibility.getRoleResponsibilityId())));
1878 			}
1879 		}
1880 	}
1881 
1882     protected RoleResponsibilityActionBo getRoleResponsibilityActionImpl(String roleResponsibilityActionId){
1883         return getDataObjectService().find(RoleResponsibilityActionBo.class, roleResponsibilityActionId);
1884     }
1885 
1886 	protected List<RoleResponsibilityActionBo> getRoleResponsibilityActionImpls(String roleResponsibilityId){
1887 		return getDataObjectService().findMatching(RoleResponsibilityActionBo.class, QueryByCriteria.Builder.fromPredicates(
1888                 PredicateFactory.equal(KimConstants.PrimaryKeyConstants.ROLE_MEMBER_ID, "*"),
1889                 PredicateFactory.equal(KimConstants.PrimaryKeyConstants.ROLE_RESPONSIBILITY_ID, roleResponsibilityId)
1890                 )).getResults();
1891 	}
1892 
1893 	@Override
1894     public List<RoleResponsibilityActionBo> getRoleMemberResponsibilityActionImpls(String roleMemberId){
1895 		return getDataObjectService().findMatching(RoleResponsibilityActionBo.class,
1896                 QueryByCriteria.Builder.forAttribute(KimConstants.PrimaryKeyConstants.ROLE_MEMBER_ID, roleMemberId).build()).getResults();
1897 	}
1898 
1899 	protected void loadMemberRoleRspActions(IdentityManagementRoleDocument identityManagementRoleDocument){
1900 		if(CollectionUtils.isNotEmpty(identityManagementRoleDocument.getMembers())){
1901 			for(KimDocumentRoleMember member: identityManagementRoleDocument.getMembers()){
1902 				member.getRoleRspActions().addAll(loadKimDocumentRoleRespActions(
1903 						getRoleMemberResponsibilityActionImpls(member.getRoleMemberId()) ) );
1904 			}
1905 		}
1906 	}
1907 
1908 	protected List<KimDocumentRoleResponsibilityAction> loadKimDocumentRoleRespActions(
1909 			List<RoleResponsibilityActionBo> roleRespActionImpls){
1910 		List<KimDocumentRoleResponsibilityAction> documentRoleRespActions = new ArrayList<KimDocumentRoleResponsibilityAction>();
1911 		KimDocumentRoleResponsibilityAction documentRoleRespAction;
1912 		if(ObjectUtils.isNotNull(roleRespActionImpls)){
1913 			for(RoleResponsibilityActionBo roleRespActionImpl: roleRespActionImpls){
1914 				documentRoleRespAction = new KimDocumentRoleResponsibilityAction();
1915 				KimCommonUtilsInternal.copyProperties(documentRoleRespAction, roleRespActionImpl);
1916 
1917                 //primary key has different name in these objects!  we need to make sure to copy it over
1918                 documentRoleRespAction.setRoleResponsibilityActionId(roleRespActionImpl.getId());
1919 
1920 				// handle the roleResponsibility object being null since not all may be defined when ID value is "*"
1921 				if ( ObjectUtils.isNotNull(roleRespActionImpl.getRoleResponsibility()) ) {
1922 					documentRoleRespAction.setKimResponsibility(roleRespActionImpl.getRoleResponsibility().getKimResponsibility());
1923 				}
1924 				documentRoleRespActions.add(documentRoleRespAction);
1925 			}
1926 		}
1927 		return documentRoleRespActions;
1928 	}
1929 
1930     @Override
1931     public Object getMember(MemberType memberType, String memberId){
1932     	if(MemberType.PRINCIPAL.equals(memberType)) {
1933     	    return getIdentityService().getPrincipal(memberId);
1934         } else if(MemberType.GROUP.equals(memberType)){
1935             return getGroupService().getGroup(memberId);
1936         } else if(MemberType.ROLE.equals(memberType)){
1937         	return getRoleService().getRole(memberId);
1938         }
1939     	return null;
1940     }
1941 
1942 	@Override
1943     public String getMemberName(MemberType memberType, String memberId){
1944 		if (memberType == null || StringUtils.isEmpty(memberId)) {
1945 		    return "";
1946 	    }
1947 		Object member = getMember(memberType, memberId);
1948 		if (member == null) {
1949 		    return "";
1950 		}
1951 		return getMemberName(memberType, member);
1952 	}
1953 
1954 	public String getMemberFullName(MemberType memberType, String memberId){
1955 		if(memberType == null || StringUtils.isEmpty(memberId)) {
1956 		    return "";
1957 	    }
1958         if(MemberType.PRINCIPAL.equals(memberType)){
1959         	EntityDefault principalInfo = getIdentityService().getEntityDefaultByPrincipalId(memberId);
1960         	if (principalInfo != null &&  principalInfo.getName() != null ) {
1961     		    return principalInfo.getName().getFirstName() + " " + principalInfo.getName().getLastName();
1962         	}
1963         } else if(MemberType.GROUP.equals(memberType)){
1964         	Group group = (Group) getMember(memberType, memberId);
1965         	if (group != null) {
1966         		return group.getName();
1967         	}
1968         } else if(MemberType.ROLE.equals(memberType)){
1969         	Role role = (Role) getMember(memberType, memberId);
1970         	if ( role != null ) {
1971         	    return role.getName();
1972         	}
1973         }
1974         return "";
1975 	}
1976 
1977 	@Override
1978     public String getMemberNamespaceCode(MemberType memberType, String memberId){
1979         if(memberType == null || StringUtils.isEmpty(memberId)) {
1980             return "";
1981         }
1982     	Object member = getMember(memberType, memberId);
1983     	if ( member == null ) {
1984     	    return "";
1985     	}
1986         /* KULRICE-12537: Cast the GroupBo member to GroupContract and RoleBo member to RoleContract to avoid ClassCastException*/
1987         if(MemberType.GROUP.equals(memberType)){
1988             return ((GroupContract)member).getNamespaceCode();
1989         } else if(MemberType.ROLE.equals(memberType)){
1990             return ((RoleContract)member).getNamespaceCode();
1991         }
1992         return "";
1993 	}
1994 
1995     @Override
1996     public String getMemberIdByName(MemberType memberType, String memberNamespaceCode, String memberName){
1997         if(MemberType.PRINCIPAL.equals(memberType)){
1998             Principal principal = getIdentityService().getPrincipalByPrincipalName(memberName);
1999             if(principal!=null) {
2000                 return principal.getPrincipalId();
2001             }
2002 
2003        } else if(MemberType.GROUP.equals(memberType)){
2004         	Group groupInfo = getGroupService().getGroupByNamespaceCodeAndName(memberNamespaceCode, memberName);
2005         	if (groupInfo!=null) {
2006                 return groupInfo.getId();
2007             }
2008 
2009         } else if(MemberType.ROLE.equals(memberType)){
2010         	return getRoleService().getRoleIdByNamespaceCodeAndName(memberNamespaceCode, memberName);
2011         }
2012         return "";
2013     }
2014 
2015     @Override
2016     public String getMemberName(MemberType memberType, Object member){
2017         /*KULRICE-12539: Cast member object to PrincipalContract instead of Principal*/
2018         if(MemberType.PRINCIPAL.equals(memberType)){
2019             return ((PrincipalContract)member).getPrincipalName();
2020         } /* KULRICE-12537: Cast the GroupBo member to GroupContract and RoleBo member to RoleContract to avoid ClassCastException*/
2021         else if(MemberType.GROUP.equals(memberType)){
2022             return ((GroupContract)member).getName();
2023         } else if(MemberType.ROLE.equals(memberType)){
2024         	return ((RoleContract)member).getName();
2025         }
2026         return "";
2027     }
2028 
2029     @Override
2030     public String getMemberNamespaceCode(MemberType memberType, Object member){
2031          /* KULRICE-12537: Cast the GroupBo member to GroupContract and RoleBo member to RoleContract to avoid ClassCastException*/
2032         if(MemberType.GROUP.equals(memberType)){
2033         	return ((GroupContract)member).getNamespaceCode();
2034         } else if(MemberType.ROLE.equals(memberType)){
2035         	return ((RoleContract)member).getNamespaceCode();
2036         }
2037         return "";
2038     }
2039 
2040     protected List<KimDocumentRoleQualifier> loadRoleMemberQualifiers(IdentityManagementRoleDocument identityManagementRoleDocument,
2041 			List<RoleMemberAttributeDataBo> attributeDataList){
2042 		List<KimDocumentRoleQualifier> pndMemberRoleQualifiers = new ArrayList<KimDocumentRoleQualifier>();
2043 		KimDocumentRoleQualifier pndMemberRoleQualifier;
2044 
2045 		// add all attributes from attributeDataList
2046 		if(attributeDataList!=null){
2047 			for(RoleMemberAttributeDataBo memberRoleQualifier: attributeDataList){
2048 				pndMemberRoleQualifier = new KimDocumentRoleQualifier();
2049 				pndMemberRoleQualifier.setAttrDataId(memberRoleQualifier.getId());
2050 				pndMemberRoleQualifier.setAttrVal(memberRoleQualifier.getAttributeValue());
2051 				pndMemberRoleQualifier.setRoleMemberId(memberRoleQualifier.getAssignedToId());
2052 				pndMemberRoleQualifier.setKimTypId(memberRoleQualifier.getKimTypeId());
2053 				pndMemberRoleQualifier.setKimAttrDefnId(memberRoleQualifier.getKimAttributeId());
2054 				pndMemberRoleQualifier.setKimAttribute(memberRoleQualifier.getKimAttribute());
2055 				formatAttrValIfNecessary(pndMemberRoleQualifier);
2056 				pndMemberRoleQualifiers.add(pndMemberRoleQualifier);
2057 			}
2058 		}
2059 		// also add any attributes already in the document that are not in the attributeDataList
2060 		int countOfOriginalAttributesNotPresent = 0;
2061 		List<KimDocumentRoleQualifier> fillerRoleQualifiers = new ArrayList<KimDocumentRoleQualifier>();
2062 
2063 		List<KimAttributeField> origAttributes = identityManagementRoleDocument.getDefinitions();
2064 		if ( origAttributes != null ) {
2065 			for(KimAttributeField key: origAttributes) {
2066 				boolean attributePresent = false;
2067 				String origAttributeId = identityManagementRoleDocument.getKimAttributeDefnId(key);
2068 				if(attributeDataList!=null){
2069 					for(RoleMemberAttributeDataBo memberRoleQualifier: attributeDataList){
2070 						if(origAttributeId!=null && StringUtils.equals(origAttributeId, memberRoleQualifier.getKimAttribute().getId())){
2071 							attributePresent = true;
2072 							break;
2073 						}
2074 					}
2075 				}
2076 				if(!attributePresent){
2077 					countOfOriginalAttributesNotPresent++;
2078 					pndMemberRoleQualifier = new KimDocumentRoleQualifier();
2079 					pndMemberRoleQualifier.setKimAttrDefnId(origAttributeId);
2080 					KradDataServiceLocator.getDataObjectService().wrap(pndMemberRoleQualifier).fetchRelationship("kimAttribute");
2081 					fillerRoleQualifiers.add(pndMemberRoleQualifier);
2082 				}
2083 			}
2084 
2085 			if(countOfOriginalAttributesNotPresent != origAttributes.size()) {
2086 				pndMemberRoleQualifiers.addAll(fillerRoleQualifiers);
2087 			}
2088 		}
2089 		return pndMemberRoleQualifiers;
2090 	}
2091 
2092     @Override
2093     public List<DelegateTypeBo> getRoleDelegations(String roleId){
2094 		if(roleId==null) {
2095 			return new ArrayList<DelegateTypeBo>();
2096         }
2097         return getDataObjectService().findMatching(DelegateTypeBo.class,
2098                 QueryByCriteria.Builder.forAttribute(KIMPropertyConstants.Delegation.ROLE_ID, roleId).build()).getResults();
2099 
2100 	}
2101 
2102     protected List<RoleDocumentDelegation> loadRoleDocumentDelegations(IdentityManagementRoleDocument identityManagementRoleDocument, List<DelegateTypeBo> delegations){
2103 		List<RoleDocumentDelegation> delList = new ArrayList<RoleDocumentDelegation>();
2104 		RoleDocumentDelegation documentDelegation;
2105 		if(ObjectUtils.isNotNull(delegations)){
2106 			for(DelegateTypeBo del: delegations){
2107 				documentDelegation = new RoleDocumentDelegation();
2108 				documentDelegation.setActive(del.isActive());
2109 				if(documentDelegation.isActive()){
2110 					documentDelegation.setDelegationId(del.getDelegationId());
2111 					documentDelegation.setDelegationTypeCode(del.getDelegationTypeCode());
2112 					documentDelegation.setKimTypeId(del.getKimTypeId());
2113 					documentDelegation.setMembers(loadDelegationMembers(identityManagementRoleDocument, del.getMembers()));
2114 					documentDelegation.setRoleId(del.getRoleId());
2115 					documentDelegation.setEdit(true);
2116 					delList.add(documentDelegation);
2117 				}
2118 			}
2119 		}
2120 		return delList;
2121 	}
2122 
2123     protected List<RoleDocumentDelegationMember> loadDelegationMembers(IdentityManagementRoleDocument identityManagementRoleDocument, List<DelegateMemberBo> members){
2124 		List<RoleDocumentDelegationMember> pndMembers = new ArrayList<RoleDocumentDelegationMember>();
2125 		RoleDocumentDelegationMember pndMember;
2126 		RoleMemberBo roleMember;
2127 		if(ObjectUtils.isNotNull(members)){
2128 			for(DelegateMemberBo member: members){
2129 				pndMember = new RoleDocumentDelegationMember();
2130 				pndMember.setActiveFromDate(member.getActiveFromDateValue());
2131 				pndMember.setActiveToDate(member.getActiveToDateValue());
2132 				pndMember.setActive(member.isActive(getDateTimeService().getCurrentTimestamp()));
2133 				if(pndMember.isActive()){
2134 					//KimCommonUtilsInternal.copyProperties(pndMember, member);
2135                     pndMember.setDelegationId(member.getDelegationId());
2136                     pndMember.setDelegationMemberId(member.getDelegationMemberId());
2137                     pndMember.setDelegationTypeCode(member.getType().getCode());
2138                     pndMember.setRoleMemberId(member.getRoleMemberId());
2139                     pndMember.setMemberId(member.getMemberId());
2140                     pndMember.setMemberTypeCode(member.getType().getCode());
2141 
2142 					roleMember = getRoleMemberForRoleMemberId(member.getRoleMemberId());
2143 					if(roleMember!=null){
2144 						pndMember.setRoleMemberName(getMemberName(roleMember.getType(), roleMember.getMemberId()));
2145 						pndMember.setRoleMemberNamespaceCode(getMemberNamespaceCode(roleMember.getType(), roleMember.getMemberId()));
2146 					}
2147 					pndMember.setMemberNamespaceCode(getMemberNamespaceCode(member.getType(), member.getMemberId()));
2148 					pndMember.setMemberName(getMemberName(member.getType(), member.getMemberId()));
2149 					pndMember.setEdit(true);
2150 					pndMember.setQualifiers(loadDelegationMemberQualifiers(identityManagementRoleDocument, member.getAttributeDetails()));
2151 					pndMembers.add(pndMember);
2152 				}
2153 			}
2154 		}
2155 		return pndMembers;
2156 	}
2157 
2158     protected RoleMemberBo getRoleMemberForRoleMemberId(String roleMemberId){
2159 		return getDataObjectService().find(RoleMemberBo.class, roleMemberId);
2160     }
2161 
2162     protected List<RoleDocumentDelegationMemberQualifier> loadDelegationMemberQualifiers(IdentityManagementRoleDocument identityManagementRoleDocument,
2163 			List<DelegateMemberAttributeDataBo> attributeDataList){
2164 		List<RoleDocumentDelegationMemberQualifier> pndMemberRoleQualifiers = new ArrayList<RoleDocumentDelegationMemberQualifier>();
2165 		RoleDocumentDelegationMemberQualifier pndMemberRoleQualifier;
2166 		List<KimAttributeField> origAttributes = identityManagementRoleDocument.getDefinitions();
2167 		boolean attributePresent = false;
2168 		String origAttributeId;
2169 		if(origAttributes!=null){
2170 			for(KimAttributeField key: origAttributes) {
2171 				origAttributeId = identityManagementRoleDocument.getKimAttributeDefnId(key);
2172 				if(attributeDataList!=null){
2173 					for(DelegateMemberAttributeDataBo memberRoleQualifier: attributeDataList){
2174 						if(origAttributeId!=null && StringUtils.equals(origAttributeId, memberRoleQualifier.getKimAttribute().getId())){
2175 							pndMemberRoleQualifier = new RoleDocumentDelegationMemberQualifier();
2176 							pndMemberRoleQualifier.setAttrDataId(memberRoleQualifier.getId());
2177 							pndMemberRoleQualifier.setAttrVal(memberRoleQualifier.getAttributeValue());
2178 							pndMemberRoleQualifier.setDelegationMemberId(memberRoleQualifier.getAssignedToId());
2179 							pndMemberRoleQualifier.setKimTypId(memberRoleQualifier.getKimTypeId());
2180 							pndMemberRoleQualifier.setKimAttrDefnId(memberRoleQualifier.getKimAttributeId());
2181 							pndMemberRoleQualifier.setKimAttribute(memberRoleQualifier.getKimAttribute());
2182 							pndMemberRoleQualifiers.add(pndMemberRoleQualifier);
2183 							attributePresent = true;
2184 						}
2185 					}
2186 				}
2187 				if(!attributePresent){
2188 					pndMemberRoleQualifier = new RoleDocumentDelegationMemberQualifier();
2189 					pndMemberRoleQualifier.setKimAttrDefnId(origAttributeId);
2190 					KradDataServiceLocator.getDataObjectService().wrap(pndMemberRoleQualifier).fetchRelationship("kimAttribute");
2191 					pndMemberRoleQualifiers.add(pndMemberRoleQualifier);
2192 				}
2193 				attributePresent = false;
2194 			}
2195 		}
2196 		return pndMemberRoleQualifiers;
2197 	}
2198 
2199 	/**
2200 	 * @see org.kuali.rice.kim.service.UiDocumentService#saveEntityPerson(IdentityManagementPersonDocument)
2201 	 */
2202 	@Override
2203     public void saveRole(IdentityManagementRoleDocument identityManagementRoleDocument) {
2204 		String roleId = identityManagementRoleDocument.getRoleId();
2205 		RoleBo roleBo = getDataObjectService().find(RoleBo.class, roleId);
2206 
2207         List<DelegateTypeBo> origRoleDelegations = new ArrayList<DelegateTypeBo>();
2208         List<RoleResponsibilityBo> origRoleResponsibilities = new ArrayList<RoleResponsibilityBo>();
2209         List<Object> objectsToSave = new ArrayList<Object>();
2210 
2211 		if (roleBo == null) {
2212 		    roleBo = new RoleBo();
2213 	        roleBo.setId(roleId);
2214 	        roleBo.setKimTypeId(identityManagementRoleDocument.getRoleTypeId());
2215 	        roleBo.setNamespaceCode(identityManagementRoleDocument.getRoleNamespace());
2216 	        identityManagementRoleDocument.setActive(true);
2217 		}
2218         List<RolePermissionBo> origRolePermissions = new ArrayList<RolePermissionBo>();
2219 
2220         QueryByCriteria altCriteria = QueryByCriteria.Builder.forAttribute(KimConstants.PrimaryKeyConstants.SUB_ROLE_ID, roleId).build();
2221     	origRolePermissions = new ArrayList<RolePermissionBo>(getDataObjectService().findMatching(RolePermissionBo.class, altCriteria).getResults());
2222         origRoleResponsibilities = getDataObjectService().findMatching(RoleResponsibilityBo.class, altCriteria).getResults();
2223         origRoleDelegations = getDataObjectService().findMatching(DelegateTypeBo.class, altCriteria).getResults();
2224 
2225         objectsToSave.addAll(getRolePermissions(identityManagementRoleDocument, origRolePermissions));
2226         objectsToSave.addAll(getRoleResponsibilities(identityManagementRoleDocument, origRoleResponsibilities));
2227         objectsToSave.addAll(getRoleResponsibilitiesActions(identityManagementRoleDocument));
2228 
2229         objectsToSave.add(roleBo);
2230         roleBo.setName(identityManagementRoleDocument.getRoleName());
2231         roleBo.setDescription(identityManagementRoleDocument.getRoleDescription());
2232         roleBo.setActive(identityManagementRoleDocument.isActive());
2233 
2234 		if( getKimTypeInfoService().getKimType(identityManagementRoleDocument.getRoleTypeId()) == null ) {
2235 			LOG.error( "Kim type not found for:"+identityManagementRoleDocument.getRoleTypeId(), new Throwable() );
2236 		}
2237 
2238 		String initiatorPrincipalId = getInitiatorPrincipalId(identityManagementRoleDocument);
2239 
2240 		if(canAssignToRole(identityManagementRoleDocument, initiatorPrincipalId)){
2241 			updateRoleMembers( roleBo.getId(), roleBo.getKimTypeId(), identityManagementRoleDocument.getModifiedMembers(), roleBo.getMembers());
2242 
2243 			objectsToSave.addAll(getRoleMemberResponsibilityActions(roleBo.getMembers()));
2244 			objectsToSave.addAll(getRoleDelegations(identityManagementRoleDocument, origRoleDelegations));
2245 		}
2246         for ( Object bo : objectsToSave ) {
2247             getDataObjectService().save(bo);
2248         }
2249 		KimImplServiceLocator.getResponsibilityInternalService().updateActionRequestsForResponsibilityChange(getChangedRoleResponsibilityIds(identityManagementRoleDocument, origRoleResponsibilities));
2250 		if(!roleBo.isActive()){
2251 			// when a role is inactivated, inactivate the memberships of principals, groups, and roles in
2252 			// that role, delegations, and delegation members, and that roles memberships in other roles
2253 			KimImplServiceLocator.getRoleInternalService().roleInactivated(identityManagementRoleDocument.getRoleId());
2254 		}
2255 	}
2256 
2257 	protected List<RolePermissionBo> getRolePermissions(
2258 			IdentityManagementRoleDocument identityManagementRoleDocument, List<RolePermissionBo> origRolePermissions){
2259 		List<RolePermissionBo> rolePermissions = new ArrayList<RolePermissionBo>();
2260 		if(CollectionUtils.isNotEmpty(identityManagementRoleDocument.getPermissions())){
2261 			for(KimDocumentRolePermission documentRolePermission: identityManagementRoleDocument.getPermissions()){
2262 				RolePermissionBo newRolePermission = new RolePermissionBo();
2263 				newRolePermission.setId(documentRolePermission.getRolePermissionId());
2264 				newRolePermission.setRoleId(identityManagementRoleDocument.getRoleId());
2265 				newRolePermission.setPermissionId(documentRolePermission.getPermissionId());
2266 				newRolePermission.setActive( documentRolePermission.isActive() );
2267 
2268 				newRolePermission.setActive(documentRolePermission.isActive());
2269 				if (ObjectUtils.isNotNull(origRolePermissions)) {
2270                     for (RolePermissionBo origPermissionImpl : origRolePermissions) {
2271                         if (!StringUtils.equals(origPermissionImpl.getRoleId(), newRolePermission.getRoleId())
2272                                 && StringUtils.equals(origPermissionImpl.getPermissionId(), newRolePermission.getPermissionId())
2273                                 && origPermissionImpl.isActive()
2274                                 && newRolePermission.isActive()) {
2275 							newRolePermission.setId(origPermissionImpl.getId());
2276 						}
2277 						if(origPermissionImpl.getId()!=null && StringUtils.equals(origPermissionImpl.getId(), newRolePermission.getId())){
2278 							newRolePermission.setVersionNumber(origPermissionImpl.getVersionNumber());
2279                             newRolePermission.setObjectId(origPermissionImpl.getObjectId());
2280 						}
2281 					}
2282 				}
2283 				rolePermissions.add(newRolePermission);
2284 			}
2285 		}
2286 		return rolePermissions;
2287 	}
2288 
2289 	protected List<RoleResponsibilityBo> getRoleResponsibilities(
2290 			IdentityManagementRoleDocument identityManagementRoleDocument, List<RoleResponsibilityBo> origRoleResponsibilities){
2291 		List<RoleResponsibilityBo> roleResponsibilities = new ArrayList<RoleResponsibilityBo>();
2292 		RoleResponsibilityBo newRoleResponsibility;
2293 		if(CollectionUtils.isNotEmpty(identityManagementRoleDocument.getResponsibilities())){
2294 			for(KimDocumentRoleResponsibility documentRoleResponsibility: identityManagementRoleDocument.getResponsibilities()){
2295 				newRoleResponsibility = new RoleResponsibilityBo();
2296 				KimCommonUtilsInternal.copyProperties(newRoleResponsibility, documentRoleResponsibility);
2297 				newRoleResponsibility.setActive(documentRoleResponsibility.isActive());
2298 				newRoleResponsibility.setRoleId(identityManagementRoleDocument.getRoleId());
2299                 newRoleResponsibility.setVersionNumber(null);
2300 				if(ObjectUtils.isNotNull(origRoleResponsibilities)){
2301 					for(RoleResponsibilityBo origResponsibilityImpl: origRoleResponsibilities){
2302 						if(!StringUtils.equals(origResponsibilityImpl.getRoleId(), newRoleResponsibility.getRoleId()) &&
2303 								StringUtils.equals(origResponsibilityImpl.getResponsibilityId(), newRoleResponsibility.getResponsibilityId()) &&
2304 								!origResponsibilityImpl.isActive() && newRoleResponsibility.isActive()){
2305 							newRoleResponsibility.setRoleResponsibilityId(origResponsibilityImpl.getRoleResponsibilityId());
2306 						}
2307 						if(origResponsibilityImpl.getRoleResponsibilityId()!=null && StringUtils.equals(origResponsibilityImpl.getRoleResponsibilityId(), newRoleResponsibility.getRoleResponsibilityId())) {
2308                             newRoleResponsibility.setVersionNumber(origResponsibilityImpl.getVersionNumber());
2309                             newRoleResponsibility.setObjectId(origResponsibilityImpl.getObjectId());
2310                         }
2311 					}
2312 				}
2313 				roleResponsibilities.add(newRoleResponsibility);
2314 			}
2315 		}
2316 		return roleResponsibilities;
2317 	}
2318 
2319 
2320 	protected List <RoleResponsibilityActionBo> getRoleResponsibilitiesActions(
2321 			IdentityManagementRoleDocument identityManagementRoleDocument){
2322 		List <RoleResponsibilityActionBo>  roleRspActions = new ArrayList<RoleResponsibilityActionBo>();
2323 		if(CollectionUtils.isNotEmpty(identityManagementRoleDocument.getResponsibilities())){
2324 		// loop over the responsibilities assigned to the role
2325 			for(KimDocumentRoleResponsibility roleResponsibility : identityManagementRoleDocument.getResponsibilities()){
2326 				// only process if the actions are not assigned at the role member level
2327 				if(!getResponsibilityInternalService().areActionsAtAssignmentLevelById(roleResponsibility.getResponsibilityId())){
2328 					List<KimDocumentRoleResponsibilityAction> documentRoleResponsibilityActions = roleResponsibility.getRoleRspActions();
2329 					if( ObjectUtils.isNotNull(documentRoleResponsibilityActions)
2330 							&& !documentRoleResponsibilityActions.isEmpty()
2331 							&& StringUtils.isNotBlank(documentRoleResponsibilityActions.get(0).getRoleResponsibilityActionId() ) ) {
2332 						RoleResponsibilityActionBo roleRspAction = new RoleResponsibilityActionBo();
2333 						roleRspAction.setId(documentRoleResponsibilityActions.get(0).getRoleResponsibilityActionId());
2334 						roleRspAction.setActionPolicyCode(documentRoleResponsibilityActions.get(0).getActionPolicyCode());
2335 						roleRspAction.setActionTypeCode(documentRoleResponsibilityActions.get(0).getActionTypeCode());
2336 						roleRspAction.setPriorityNumber(documentRoleResponsibilityActions.get(0).getPriorityNumber());
2337 						roleRspAction.setForceAction(documentRoleResponsibilityActions.get(0).isForceAction());
2338 						roleRspAction.setRoleMemberId("*");
2339 						roleRspAction.setRoleResponsibilityId(documentRoleResponsibilityActions.get(0).getRoleResponsibilityId());
2340 						updateResponsibilityActionVersionNumber(roleRspAction, getRoleResponsibilityActionImpl(roleRspAction.getId()));
2341 						roleRspActions.add(roleRspAction);
2342 					}
2343 				}
2344 			}
2345 		}
2346 		return roleRspActions;
2347 	}
2348 
2349 	// FIXME: This should be pulling by the PK, not using another method which pulls multiple records and then finds
2350 	// the right one here!
2351 	protected void updateResponsibilityActionVersionNumber(RoleResponsibilityActionBo newRoleRspAction,
2352 			RoleResponsibilityActionBo origRoleRespActionImpl){
2353 		if(ObjectUtils.isNotNull(origRoleRespActionImpl)){
2354             if(origRoleRespActionImpl.getId()!=null && StringUtils.equals(origRoleRespActionImpl.getId(), newRoleRspAction.getId())) {
2355                 newRoleRspAction.setVersionNumber(origRoleRespActionImpl.getVersionNumber());
2356                 newRoleRspAction.setObjectId(origRoleRespActionImpl.getObjectId());
2357             }
2358 		}
2359 	}
2360 
2361 	protected List<RoleResponsibilityActionBo> getRoleMemberResponsibilityActions(List<RoleMemberBo> newRoleMembersList){
2362 		List<RoleResponsibilityActionBo> roleRspActions = new ArrayList<RoleResponsibilityActionBo>();
2363 		if(ObjectUtils.isNotNull(newRoleMembersList)){
2364 			for(RoleMemberBo roleMember: newRoleMembersList){
2365 			    if ( roleMember.getRoleRspActions() != null ) {
2366 			        roleRspActions.addAll(roleMember.getRoleRspActions());
2367 			    }
2368 			}
2369 		}
2370 		return roleRspActions;
2371 	}
2372 
2373 	/*protected List<RoleResponsibilityActionBo> getRoleMemberResponsibilityActions(IdentityManagementRoleDocument identityManagementRoleDocument){
2374 		List<RoleResponsibilityActionBo> roleRspActions = new ArrayList<RoleResponsibilityActionBo>();
2375 		if(CollectionUtils.isNotEmpty(identityManagementRoleDocument.getMembers())){
2376 			for(KimDocumentRoleMember roleMember: identityManagementRoleDocument.getMembers()){
2377 				for(KimDocumentRoleResponsibilityAction roleRspAction : roleMember.getRoleRspActions()){
2378 					RoleResponsibilityActionBo entRoleRspAction = new RoleResponsibilityActionBo();
2379 					entRoleRspAction.setId(roleRspAction.getRoleResponsibilityActionId());
2380 					entRoleRspAction.setActionPolicyCode(roleRspAction.getActionPolicyCode());
2381 					entRoleRspAction.setActionTypeCode(roleRspAction.getActionTypeCode());
2382 					entRoleRspAction.setPriorityNumber(roleRspAction.getPriorityNumber());
2383 					entRoleRspAction.setRoleMemberId(roleRspAction.getRoleMemberId());
2384 					entRoleRspAction.setForceAction(roleRspAction.getForceAction());
2385 					entRoleRspAction.setRoleResponsibilityId(roleRspAction.getRoleResponsibilityId());
2386 					List<RoleResponsibilityActionBo> actions = getRoleRspActions(roleMember.getRoleMemberId());
2387 					if(ObjectUtils.isNotNull(actions)){
2388 						for(RoleResponsibilityActionBo orgRspAction : actions) {
2389 							if (orgRspAction.getId()!=null && StringUtils.equals(orgRspAction.getId(), roleRspAction.getRoleResponsibilityActionId())) {
2390 								entRoleRspAction.setVersionNumber(orgRspAction.getVersionNumber());
2391 							}
2392 						}
2393 					}
2394 					roleRspActions.add(entRoleRspAction);
2395 				}
2396 			}
2397 		}
2398 		return roleRspActions;
2399 	}*/
2400 
2401     protected void updateRoleMembers( String roleId, String kimTypeId, List<KimDocumentRoleMember> modifiedRoleMembers, List<RoleMemberBo> roleMembers){
2402 //        RoleMemberBo newRoleMember;
2403 //        RoleMemberBo origRoleMemberImplTemp;
2404 //        List<RoleMemberAttributeDataBo> origAttributes;
2405 //        boolean activatingInactive = false;
2406 //        String newRoleMemberIdAssigned = "";
2407 
2408         //identityManagementRoleDocument.setKimType(getKimTypeInfoService().getKimType(identityManagementRoleDocument.getRoleTypeId()));
2409         KimType roleType = getKimTypeInfoService().getKimType(kimTypeId);
2410         KimTypeService kimTypeService = KimFrameworkServiceLocator.getKimTypeService(roleType);
2411 
2412         if(CollectionUtils.isEmpty(modifiedRoleMembers)){
2413             return;
2414         }
2415         for(KimDocumentRoleMember documentRoleMember : modifiedRoleMembers){
2416             boolean isNewRoleMember = true;
2417             for( RoleMemberBo roleMember : roleMembers ) {
2418                 // are we editing an existing record?
2419                 if ( StringUtils.equals( roleMember.getId(), documentRoleMember.getRoleMemberId()) ) {
2420                     // yes we are
2421                     roleMember.setActiveFromDateValue(documentRoleMember.getActiveFromDate());
2422                     roleMember.setActiveToDateValue(documentRoleMember.getActiveToDate());
2423                     isNewRoleMember = false;
2424                     updateRoleMemberResponsibilityActions( documentRoleMember.getRoleRspActions(), roleMember.getRoleRspActions() );
2425                     //KULRICE:1157-Added a call to notifyOnMemberRemoval to handle when a role member is inactivated from the role maintenance doc
2426                     if(roleMember.isActive() && !documentRoleMember.isActive()){
2427                         getRoleService().notifyOnMemberRemoval(RoleMemberBo.to(roleMember));
2428                     }
2429                     break;
2430                 }
2431             }
2432             if ( isNewRoleMember ) {
2433                 RoleMemberBo roleMember = null;
2434                 roleMember = new RoleMemberBo();
2435                 roleMember.setId(documentRoleMember.getRoleMemberId());
2436                 roleMember.setRoleId(roleId);
2437                 roleMember.setTypeCode(documentRoleMember.getMemberTypeCode());
2438                 roleMember.setMemberId(documentRoleMember.getMemberId());
2439                 roleMember.setType(MemberType.fromCode(documentRoleMember.getMemberTypeCode()));
2440                 roleMember.setActiveFromDateValue(documentRoleMember.getActiveFromDate());
2441                 roleMember.setActiveToDateValue(documentRoleMember.getActiveToDate());
2442 
2443                 roleMember.setAttributeDetails(getRoleMemberAttributeData(documentRoleMember.getQualifiers(), null));
2444                 roleMember.setRoleRspActions( new ArrayList<RoleResponsibilityActionBo>() );
2445                 updateRoleMemberResponsibilityActions( documentRoleMember.getRoleRspActions(), roleMember.getRoleRspActions() );
2446 
2447                 roleMembers.add(roleMember);
2448             }
2449 
2450 // TODO
2451 //                        !kimTypeService.validateUniqueAttributes(
2452 //                                identityManagementRoleDocument.getKimType().getId(),
2453 //                                documentRoleMember.getQualifierAsMap(), roleMember.getAttributes()).isEmpty()) {
2454 //
2455         }
2456     }
2457 
2458     // FIXME : this is not working yet
2459 	protected void updateRoleMemberResponsibilityActions(List<KimDocumentRoleResponsibilityAction> documentRoleMemberActions, List<RoleResponsibilityActionBo> roleMemberActions){
2460 	    // Make a copy of the list which we can modify - so that we can use it to
2461 	    // remove leftovers from the original list when done with updates and inserts
2462 	    List<RoleResponsibilityActionBo> existingRoleMemberActions = new ArrayList<RoleResponsibilityActionBo>( roleMemberActions );
2463 	    // loop over document items
2464 		for(KimDocumentRoleResponsibilityAction docRoleRspAction : documentRoleMemberActions){
2465 		    boolean isNewAction = true;
2466             // loop over role member items
2467 		    Iterator<RoleResponsibilityActionBo> rraInterator = existingRoleMemberActions.iterator();
2468 		    while ( rraInterator.hasNext() ) {
2469 		        RoleResponsibilityActionBo roleRspAction = rraInterator.next();
2470 			    // we have a match, update the existing record
2471                 // If the ID's match
2472 				if (StringUtils.equals(roleRspAction.getId(), docRoleRspAction.getRoleResponsibilityActionId())) {
2473                     // update the existing record
2474 				    roleRspAction.setActionPolicyCode(docRoleRspAction.getActionPolicyCode());
2475 				    roleRspAction.setActionTypeCode(docRoleRspAction.getActionTypeCode());
2476 				    roleRspAction.setPriorityNumber(docRoleRspAction.getPriorityNumber());
2477 				    roleRspAction.setRoleMemberId(docRoleRspAction.getRoleMemberId());
2478 				    roleRspAction.setForceAction(docRoleRspAction.isForceAction());
2479                     // mark it as a "found" record
2480 				    rraInterator.remove();
2481 				    isNewAction = false;
2482                 }
2483 	            // if no match on the loop, then we have a new record
2484 				if ( isNewAction ) {
2485 				    // create the new item and add it to the list
2486                     RoleResponsibilityActionBo newRoleRspAction = new RoleResponsibilityActionBo();
2487                     newRoleRspAction.setId(docRoleRspAction.getRoleResponsibilityActionId());
2488                     newRoleRspAction.setActionPolicyCode(docRoleRspAction.getActionPolicyCode());
2489                     newRoleRspAction.setActionTypeCode(docRoleRspAction.getActionTypeCode());
2490                     newRoleRspAction.setPriorityNumber(docRoleRspAction.getPriorityNumber());
2491                     newRoleRspAction.setRoleMemberId(docRoleRspAction.getRoleMemberId());
2492                     newRoleRspAction.setForceAction(docRoleRspAction.isForceAction());
2493                     newRoleRspAction.setRoleResponsibilityId("*");
2494                     roleMemberActions.add(newRoleRspAction);
2495 				}
2496 			}
2497             // for all items not "found", they are no longer present, delete them
2498             for ( RoleResponsibilityActionBo missingRra : existingRoleMemberActions ) {
2499                 roleMemberActions.remove(missingRra);
2500             }
2501 		}
2502 		//return roleRspActions;
2503 	}
2504 
2505 	protected List<RoleMemberAttributeDataBo> getRoleMemberAttributeData(List<KimDocumentRoleQualifier> qualifiers, List<RoleMemberAttributeDataBo> origAttributes){
2506 		List<RoleMemberAttributeDataBo> roleMemberAttributeDataList = new ArrayList<RoleMemberAttributeDataBo>();
2507 		RoleMemberAttributeDataBo newRoleMemberAttributeData;
2508 		if(CollectionUtils.isNotEmpty(qualifiers)){
2509 			for(KimDocumentRoleQualifier memberRoleQualifier: qualifiers){
2510 				if(StringUtils.isNotBlank(memberRoleQualifier.getAttrVal())){
2511 					newRoleMemberAttributeData = new RoleMemberAttributeDataBo();
2512 					newRoleMemberAttributeData.setId(memberRoleQualifier.getAttrDataId());
2513 					newRoleMemberAttributeData.setAttributeValue(memberRoleQualifier.getAttrVal());
2514 					newRoleMemberAttributeData.setAssignedToId(memberRoleQualifier.getRoleMemberId());
2515 					newRoleMemberAttributeData.setKimTypeId(memberRoleQualifier.getKimTypId());
2516 					newRoleMemberAttributeData.setKimAttributeId(memberRoleQualifier.getKimAttrDefnId());
2517 
2518 					updateAttrValIfNecessary(newRoleMemberAttributeData);
2519 
2520 					if(ObjectUtils.isNotNull(origAttributes)){
2521 						for(RoleMemberAttributeDataBo origAttribute: origAttributes){
2522 //							if(activatingInactive && StringUtils.equals(origAttribute.getKimAttributeId(), newRoleMemberAttributeData.getKimAttributeId()) &&
2523 //									StringUtils.equals(newRoleMemberAttributeData.getAssignedToId(), newRoleMemberIdAssigned)){
2524 //								newRoleMemberAttributeData.setAssignedToId(origAttribute.getAssignedToId());
2525 //								newRoleMemberAttributeData.setId(origAttribute.getId());
2526 //							}
2527 							if(origAttribute.getId()!=null && StringUtils.equals(origAttribute.getId(), newRoleMemberAttributeData.getId())){
2528 								newRoleMemberAttributeData.setVersionNumber(origAttribute.getVersionNumber());
2529 							}
2530 						}
2531 					}
2532 					roleMemberAttributeDataList.add(newRoleMemberAttributeData);
2533 				}
2534 			}
2535 		}
2536 		return roleMemberAttributeDataList;
2537 	}
2538 
2539 	/**
2540 	 * Determines if the attribute value on the attribute data should be updated; if so, it performs some attribute value formatting.
2541 	 * In the default implementation, this method formats checkbox controls
2542 	 *
2543 	 * @param roleMemberAttributeData a role member qualifier attribute to update
2544 	 */
2545 	protected void updateAttrValIfNecessary(RoleMemberAttributeDataBo roleMemberAttributeData) {
2546 		if (doCheckboxLogic(roleMemberAttributeData.getKimTypeId(), roleMemberAttributeData.getKimAttributeId())) {
2547 			convertCheckboxAttributeData(roleMemberAttributeData);
2548 		}
2549 	}
2550 
2551 	protected void formatAttrValIfNecessary(KimDocumentRoleQualifier roleQualifier) {
2552         if (doCheckboxLogic(roleQualifier.getKimTypId(), roleQualifier.getKimAttrDefnId())) {
2553             formatCheckboxAttributeData(roleQualifier);
2554         }
2555 	}
2556 
2557     private boolean doCheckboxLogic(String kimTypeId, String attrId) {
2558         final KimAttributeField attributeDefinition = getAttributeDefinition(kimTypeId, attrId);
2559         return attributeDefinition != null
2560                 && attributeDefinition.getAttributeField().getControl() != null
2561                 && (attributeDefinition.getAttributeField().getControl() instanceof RemotableCheckboxGroup
2562                         || attributeDefinition.getAttributeField().getControl() instanceof RemotableCheckbox);
2563     }
2564 
2565 	protected void formatCheckboxAttributeData(KimDocumentRoleQualifier roleQualifier) {
2566 		if (roleQualifier.getAttrVal().equals(KimConstants.KIM_ATTRIBUTE_BOOLEAN_TRUE_STR_VALUE)) {
2567 			roleQualifier.setAttrVal(KimConstants.KIM_ATTRIBUTE_BOOLEAN_TRUE_STR_VALUE_DISPLAY);
2568 		} else if (roleQualifier.getAttrVal().equals(KimConstants.KIM_ATTRIBUTE_BOOLEAN_FALSE_STR_VALUE)) {
2569 			roleQualifier.setAttrVal(KimConstants.KIM_ATTRIBUTE_BOOLEAN_FALSE_STR_VALUE_DISPLAY);
2570 		}
2571 	}
2572 
2573 	/**
2574 	 * Finds the KNS attribute used to render the given KimAttributeData
2575 	 *
2576      * @return the KNS attribute used to render that qualifier, or null if the AttributeDefinition cannot be determined
2577 	 */
2578 	protected KimAttributeField getAttributeDefinition(String kimTypId, String attrDefnId) {
2579 		final KimType type = getKimTypeInfoService().getKimType(kimTypId);
2580 		if (type != null && StringUtils.isNotBlank(type.getServiceName())) {
2581             final KimTypeService typeService = (KimTypeService) KimImplServiceLocator.getBean(type.getServiceName());
2582             if (typeService != null) {
2583 				final KimTypeAttribute attributeInfo = type.getAttributeDefinitionById(attrDefnId);
2584 				if (attributeInfo != null) {
2585 					final List<KimAttributeField> attributeMap = typeService.getAttributeDefinitions(type.getId());
2586 					if (attributeMap != null) {
2587 						return DataDictionaryTypeServiceHelper.findAttributeField(
2588                                 attributeInfo.getKimAttribute().getAttributeName(), attributeMap);
2589 					}
2590 				}
2591 			}
2592 		}
2593 		return null;
2594 	}
2595 
2596 	/**
2597 	 * Formats the attribute value on this checkbox attribute, changing "on" to "Y" and "off" to "N"
2598 	 *
2599 	 * @param roleMemberAttributeData the attribute data to format the attribute value of
2600 	 */
2601 	protected void convertCheckboxAttributeData(RoleMemberAttributeDataBo roleMemberAttributeData) {
2602 		if (roleMemberAttributeData.getAttributeValue().equalsIgnoreCase(KimConstants.KIM_ATTRIBUTE_BOOLEAN_TRUE_STR_VALUE_DISPLAY)) {
2603 			roleMemberAttributeData.setAttributeValue(KimConstants.KIM_ATTRIBUTE_BOOLEAN_TRUE_STR_VALUE);
2604 		} else if (roleMemberAttributeData.getAttributeValue().equalsIgnoreCase(KimConstants.KIM_ATTRIBUTE_BOOLEAN_FALSE_STR_VALUE_DISPLAY)) {
2605 			roleMemberAttributeData.setAttributeValue(KimConstants.KIM_ATTRIBUTE_BOOLEAN_FALSE_STR_VALUE);
2606 		}
2607 	}
2608 
2609 	protected List<DelegateTypeBo> getRoleDelegations(IdentityManagementRoleDocument identityManagementRoleDocument, List<DelegateTypeBo> origDelegations){
2610 		List<DelegateTypeBo> kimDelegations = new ArrayList<DelegateTypeBo>();
2611 		DelegateTypeBo newKimDelegation;
2612 		DelegateTypeBo origDelegationImplTemp = null;
2613 		List<DelegateMemberBo> origMembers;
2614         List<DelegateMemberBo> allOrigMembers = new ArrayList<DelegateMemberBo>();;
2615         boolean activatingInactive = false;
2616 		String newDelegationIdAssigned = "";
2617             if(CollectionUtils.isNotEmpty(identityManagementRoleDocument.getDelegations())){
2618 			for(RoleDocumentDelegation roleDocumentDelegation: identityManagementRoleDocument.getDelegations()){
2619 				newKimDelegation = new DelegateTypeBo();
2620 				KimCommonUtilsInternal.copyProperties(newKimDelegation, roleDocumentDelegation);
2621 				newKimDelegation.setRoleId(identityManagementRoleDocument.getRoleId());
2622 				if(ObjectUtils.isNotNull(origDelegations)){
2623 					for(DelegateTypeBo origDelegationImpl: origDelegations){
2624 						if(StringUtils.equals(origDelegationImpl.getRoleId(), newKimDelegation.getRoleId()) &&
2625 								StringUtils.equals(origDelegationImpl.getDelegationId(), newKimDelegation.getDelegationId())){
2626 							//TODO: verify if you want to add  && newRoleMember.isActive() condition to if...
2627 							newDelegationIdAssigned = newKimDelegation.getDelegationId();
2628 							newKimDelegation.setDelegationId(origDelegationImpl.getDelegationId());
2629 							activatingInactive = true;
2630 						}
2631 						if(origDelegationImpl.getDelegationId()!=null && StringUtils.equals(origDelegationImpl.getDelegationId(), newKimDelegation.getDelegationId())){
2632 							newKimDelegation.setVersionNumber(origDelegationImpl.getVersionNumber());
2633                             newKimDelegation.setObjectId(origDelegationImpl.getObjectId());
2634 							origDelegationImplTemp = origDelegationImpl;
2635 						}
2636                         for (DelegateMemberBo delegateMemberBo:origDelegationImpl.getMembers() ) {
2637                             allOrigMembers.add(delegateMemberBo);
2638                         }
2639                     }
2640 				}
2641 				origMembers = (origDelegationImplTemp == null || origDelegationImplTemp.getMembers()==null)?
2642 									new ArrayList<DelegateMemberBo>():origDelegationImplTemp.getMembers();
2643 				newKimDelegation.setMembers(getDelegationMembers(roleDocumentDelegation.getMembers(), origMembers, allOrigMembers, activatingInactive, newDelegationIdAssigned));
2644                 kimDelegations.add(newKimDelegation);
2645 				activatingInactive = false;
2646 			}
2647 		}
2648 		return kimDelegations;
2649 	}
2650 
2651 	protected List<DelegateMemberBo> getDelegationMembers(List<RoleDocumentDelegationMember> delegationMembers,
2652 			List<DelegateMemberBo> origDelegationMembers, List<DelegateMemberBo> allOrigMembers, boolean activatingInactive, String newDelegationIdAssigned){
2653 		List<DelegateMemberBo> delegationsMembersList = new ArrayList<DelegateMemberBo>();
2654 		DelegateMemberBo newDelegationMemberImpl;
2655 		DelegateMemberBo origDelegationMemberImplTemp = null;
2656 		List<DelegateMemberAttributeDataBo> origAttributes;
2657 		String delegationMemberId = "";
2658 		if(CollectionUtils.isNotEmpty(delegationMembers)){
2659 			for(RoleDocumentDelegationMember delegationMember: delegationMembers){
2660 				newDelegationMemberImpl = new DelegateMemberBo();
2661 				KimCommonUtilsInternal.copyProperties(newDelegationMemberImpl, delegationMember);
2662                 newDelegationMemberImpl.setType(MemberType.fromCode(delegationMember.getMemberTypeCode()));
2663 				if(ObjectUtils.isNotNull(origDelegationMembers)){
2664 					for(DelegateMemberBo origDelegationMember: origDelegationMembers){
2665 						if(activatingInactive && StringUtils.equals(origDelegationMember.getMemberId(), newDelegationMemberImpl.getMemberId()) &&
2666 								StringUtils.equals(newDelegationMemberImpl.getDelegationId(), newDelegationIdAssigned) &&
2667 								!origDelegationMember.isActive(getDateTimeService().getCurrentTimestamp())){
2668 							newDelegationMemberImpl.setDelegationId(origDelegationMember.getDelegationId());
2669 							delegationMemberId = newDelegationMemberImpl.getDelegationMemberId();
2670 							newDelegationMemberImpl.setDelegationMemberId(origDelegationMember.getDelegationMemberId());
2671 						}
2672 						if(origDelegationMember.getDelegationMemberId()!=null && StringUtils.equals(origDelegationMember.getDelegationMemberId(), newDelegationMemberImpl.getDelegationMemberId())){
2673 							newDelegationMemberImpl.setVersionNumber(origDelegationMember.getVersionNumber());
2674                             newDelegationMemberImpl.setObjectId(origDelegationMember.getObjectId());
2675                             origDelegationMemberImplTemp = origDelegationMember;
2676 						}
2677 					}
2678 				}
2679                 if(ObjectUtils.isNotNull(allOrigMembers)){
2680                     for (DelegateMemberBo origMember : allOrigMembers) {
2681                         if ((origMember.getDelegationMemberId() != null) &&
2682                             (origMember.getDelegationMemberId().equals(delegationMember.getDelegationMemberId())) &&
2683                             (origMember.getRoleMemberId() != null) &&
2684                             (origMember.getRoleMemberId().equals(delegationMember.getRoleMemberId()))) {
2685                                 newDelegationMemberImpl.setVersionNumber(origMember.getVersionNumber());
2686                                 newDelegationMemberImpl.setObjectId(origMember.getObjectId());
2687                                 origDelegationMemberImplTemp = origMember;
2688                         }
2689                     }
2690                 }
2691                     origAttributes = (origDelegationMemberImplTemp==null || origDelegationMemberImplTemp.getAttributeDetails()==null)?
2692                             new ArrayList<DelegateMemberAttributeDataBo>():origDelegationMemberImplTemp.getAttributeDetails();
2693                     newDelegationMemberImpl.setAttributeDetails(getDelegationMemberAttributeData(delegationMember.getQualifiers(), origAttributes, activatingInactive, delegationMemberId));
2694                     newDelegationMemberImpl.setActiveFromDateValue(delegationMember.getActiveFromDate());
2695                     newDelegationMemberImpl.setActiveToDateValue(delegationMember.getActiveToDate());
2696                     newDelegationMemberImpl.setVersionNumber(null);
2697                     delegationsMembersList.add(newDelegationMemberImpl);
2698 			}
2699 		}
2700 		return delegationsMembersList;
2701 	}
2702 
2703 	//TODO: implement logic same as role members - do not insert qualifiers with blank values
2704 	protected List<DelegateMemberAttributeDataBo> getDelegationMemberAttributeData(
2705 			List<RoleDocumentDelegationMemberQualifier> qualifiers, List<DelegateMemberAttributeDataBo> origAttributes,
2706 			boolean activatingInactive, String delegationMemberId){
2707 		List<DelegateMemberAttributeDataBo> delegationMemberAttributeDataList = new ArrayList<DelegateMemberAttributeDataBo>();
2708 		DelegateMemberAttributeDataBo newDelegationMemberAttributeData;
2709 		if(CollectionUtils.isNotEmpty(qualifiers)){
2710 			for(RoleDocumentDelegationMemberQualifier memberRoleQualifier: qualifiers){
2711 				if(StringUtils.isNotBlank(memberRoleQualifier.getAttrVal())){
2712 					newDelegationMemberAttributeData = new DelegateMemberAttributeDataBo();
2713 					newDelegationMemberAttributeData.setId(memberRoleQualifier.getAttrDataId());
2714 					newDelegationMemberAttributeData.setAttributeValue(memberRoleQualifier.getAttrVal());
2715 					newDelegationMemberAttributeData.setAssignedToId(memberRoleQualifier.getDelegationMemberId());
2716 					newDelegationMemberAttributeData.setKimTypeId(memberRoleQualifier.getKimTypId());
2717 					newDelegationMemberAttributeData.setKimAttributeId(memberRoleQualifier.getKimAttrDefnId());
2718 					if(ObjectUtils.isNotNull(origAttributes)){
2719 						for(DelegateMemberAttributeDataBo origAttribute: origAttributes){
2720 							if(activatingInactive && StringUtils.equals(origAttribute.getKimAttributeId(), newDelegationMemberAttributeData.getKimAttributeId()) &&
2721 									StringUtils.equals(newDelegationMemberAttributeData.getAssignedToId(), delegationMemberId)){
2722 								newDelegationMemberAttributeData.setAssignedToId(origAttribute.getAssignedToId());
2723 								newDelegationMemberAttributeData.setId(origAttribute.getId());
2724 							}
2725 							if(StringUtils.equals(origAttribute.getId(), newDelegationMemberAttributeData.getId())){
2726 								newDelegationMemberAttributeData.setVersionNumber(origAttribute.getVersionNumber());
2727 							}
2728 						}
2729 					}
2730 					delegationMemberAttributeDataList.add(newDelegationMemberAttributeData);
2731 				}
2732 			}
2733 		}
2734 		return delegationMemberAttributeDataList;
2735 	}
2736 
2737 	/* Group document methods */
2738 	@Override
2739     public void loadGroupDoc(IdentityManagementGroupDocument identityManagementGroupDocument, Group groupInfo){
2740 
2741 		identityManagementGroupDocument.setGroupId(groupInfo.getId());
2742         KimType kimType = getKimTypeInfoService().getKimType(groupInfo.getKimTypeId());
2743 		identityManagementGroupDocument.setKimType(kimType);
2744 		identityManagementGroupDocument.setGroupTypeName(kimType.getName());
2745 		identityManagementGroupDocument.setGroupTypeId(kimType.getId());
2746 		identityManagementGroupDocument.setGroupName(groupInfo.getName());
2747 		identityManagementGroupDocument.setGroupDescription(groupInfo.getDescription());
2748 		identityManagementGroupDocument.setActive(groupInfo.isActive());
2749 		identityManagementGroupDocument.setGroupNamespace(groupInfo.getNamespaceCode());
2750 
2751         List<GroupMember> members = new ArrayList(KimApiServiceLocator.getGroupService().getCurrentAndFutureMembers(groupInfo.getId()));
2752         identityManagementGroupDocument.setMembers(loadGroupMembers(identityManagementGroupDocument, members));
2753 
2754 
2755 
2756         identityManagementGroupDocument.setQualifiers(loadGroupQualifiers(identityManagementGroupDocument, groupInfo.getAttributes()));
2757 		identityManagementGroupDocument.setEditing(true);
2758 	}
2759 
2760 	protected static class GroupMemberNameComparator implements Comparator<GroupDocumentMember> {
2761 		/**
2762 		 * @see java.util.Comparator#compare(java.lang.Object, java.lang.Object)
2763 		 */
2764 		@Override
2765         public int compare(GroupDocumentMember m1, GroupDocumentMember m2) {
2766 			return m1.getMemberName().compareToIgnoreCase(m2.getMemberName());
2767 		}
2768 	}
2769 
2770 	protected GroupMemberNameComparator groupMemberNameComparator = new GroupMemberNameComparator();
2771 
2772 	protected List<GroupDocumentMember> loadGroupMembers(
2773 			IdentityManagementGroupDocument identityManagementGroupDocument, List<GroupMember> members){
2774 		List<GroupDocumentMember> pndMembers = new ArrayList<GroupDocumentMember>();
2775 		GroupDocumentMember pndMember = new GroupDocumentMember();
2776 		if(ObjectUtils.isNotNull(members)){
2777 			for(GroupMember member: members){
2778 				pndMember = new GroupDocumentMember();
2779 
2780 				pndMember.setActiveFromDate(member.getActiveFromDate() == null ? null : new Timestamp(member.getActiveFromDate().getMillis()));
2781 				pndMember.setActiveToDate(member.getActiveToDate() == null ? null : new Timestamp(member.getActiveToDate().getMillis()));
2782 				//pndMember.setActive(member.isActive());
2783                 //KULRICE-12285: isActive will returns true only if the members are currently active.
2784 				//if(pndMember.isActive()){
2785 					pndMember.setGroupMemberId(member.getMemberId());
2786 					pndMember.setGroupId(member.getGroupId());
2787 					pndMember.setMemberId(member.getMemberId());
2788 					pndMember.setMemberName(getMemberName(member.getType(), member.getMemberId()));
2789 					pndMember.setMemberFullName(getMemberFullName(member.getType(), member.getMemberId()));
2790 					pndMember.setMemberTypeCode(member.getType().getCode());
2791 					pndMember.setEdit(true);
2792 					pndMembers.add(pndMember);
2793 				//}
2794 			}
2795 		}
2796 		Collections.sort(pndMembers, groupMemberNameComparator);
2797 		return pndMembers;
2798 	}
2799 
2800 	protected List<GroupDocumentQualifier> loadGroupQualifiers(IdentityManagementGroupDocument IdentityManagementGroupDocument,
2801 			Map<String, String> attributes){
2802 		List<GroupDocumentQualifier> pndGroupQualifiers = new ArrayList<GroupDocumentQualifier>();
2803 		GroupDocumentQualifier pndGroupQualifier = new GroupDocumentQualifier();
2804 		List<KimAttributeField> origAttributes = IdentityManagementGroupDocument.getDefinitions();
2805 		boolean attributePresent = false;
2806 		String origAttributeId;
2807 		if(origAttributes!=null){
2808 
2809 			for(KimAttributeField key: origAttributes) {
2810 				origAttributeId = IdentityManagementGroupDocument.getKimAttributeDefnId(key);
2811 				if(!attributes.isEmpty()){
2812 
2813 					for(GroupAttributeBo groupQualifier: KimAttributeDataBo.createFrom(GroupAttributeBo.class, attributes, IdentityManagementGroupDocument.getGroupTypeId())){
2814 						if(origAttributeId!=null && ObjectUtils.isNotNull(groupQualifier.getKimAttribute()) &&
2815 								StringUtils.equals(origAttributeId, groupQualifier.getKimAttribute().getId())){
2816 							pndGroupQualifier = new GroupDocumentQualifier();
2817 							KimCommonUtilsInternal.copyProperties(pndGroupQualifier, groupQualifier);
2818 							pndGroupQualifier.setAttrDataId(groupQualifier.getId());
2819 							pndGroupQualifier.setAttrVal(groupQualifier.getAttributeValue());
2820 							pndGroupQualifier.setKimAttrDefnId(groupQualifier.getKimAttribute().getId());
2821 							pndGroupQualifier.setKimTypId(groupQualifier.getKimType().getId());
2822 							pndGroupQualifier.setGroupId(groupQualifier.getAssignedToId());
2823 							pndGroupQualifiers.add(pndGroupQualifier);
2824 							attributePresent = true;
2825 						}
2826 					}
2827 				}
2828 				if(!attributePresent){
2829 					pndGroupQualifier = new GroupDocumentQualifier();
2830 					pndGroupQualifier.setKimAttrDefnId(origAttributeId);
2831 					pndGroupQualifiers.add(pndGroupQualifier);
2832 				}
2833 				attributePresent = false;
2834 			}
2835 		}
2836 		return pndGroupQualifiers;
2837 	}
2838 
2839 	/**
2840 	 * @see org.kuali.rice.kim.service.UiDocumentService#saveEntityPerson(IdentityManagementPersonDocument)
2841 	 */
2842 	@Override
2843     public void saveGroup(IdentityManagementGroupDocument identityManagementGroupDocument) {
2844 		GroupBo kimGroup = new GroupBo();
2845 		String groupId = identityManagementGroupDocument.getGroupId();
2846 		GroupBo origGroup = getDataObjectService().find(GroupBo.class, groupId);
2847 		List<GroupMemberBo> origGroupMembers = new ArrayList<GroupMemberBo>();
2848 		if (ObjectUtils.isNull(origGroup)) {
2849 			origGroup = new GroupBo();
2850 			kimGroup.setActive(true);
2851 		} else {
2852 			kimGroup.setVersionNumber(origGroup.getVersionNumber());
2853 			//TODO: when a group is inactivated, inactivate the memberships of principals in that group
2854 			//and the memberships of that group in roles
2855 			kimGroup.setActive(identityManagementGroupDocument.isActive());
2856 			origGroupMembers = getDataObjectService().findMatching(GroupMemberBo.class,
2857 			        QueryByCriteria.Builder.forAttribute(KimConstants.PrimaryKeyConstants.GROUP_ID, groupId).build()).getResults();
2858 		}
2859 
2860 		kimGroup.setId(identityManagementGroupDocument.getGroupId());
2861 		KimType kimType = getKimTypeInfoService().getKimType(identityManagementGroupDocument.getGroupTypeId());
2862 		if( kimType == null ) {
2863 			throw new RuntimeException("Kim type not found for:"+identityManagementGroupDocument.getGroupTypeId());
2864 		}
2865 
2866 		kimGroup.setKimTypeId(kimType.getId());
2867 		kimGroup.setNamespaceCode(identityManagementGroupDocument.getGroupNamespace());
2868 		kimGroup.setName(identityManagementGroupDocument.getGroupName());
2869 		kimGroup.setDescription(identityManagementGroupDocument.getGroupDescription());
2870 		kimGroup.setAttributeDetails(getGroupAttributeData(identityManagementGroupDocument, origGroup.getAttributeDetails()));
2871 
2872 		List<GroupMemberBo> newGroupMembersList = getGroupMembers(identityManagementGroupDocument, origGroupMembers);
2873 		kimGroup.setMembers(newGroupMembersList);  // add the new, complete list to the group
2874 
2875         List<String> oldIds;
2876         List<String> newIds;
2877         oldIds = getGroupService().getMemberPrincipalIds(kimGroup.getId()); // for the actionList update
2878 
2879         kimGroup = getDataObjectService().save(kimGroup);
2880 
2881 		newIds = kimGroup.getMemberPrincipalIds();
2882 		//newIds = getGroupService().getMemberPrincipalIds(kimGroup.getGroupId()); // for the action list update
2883 
2884 		// Do an async update of the action list for the updated groups
2885 		org.kuali.rice.kim.service.KIMServiceLocatorInternal.getGroupInternalService().updateForWorkgroupChange(kimGroup.getId(), oldIds, newIds);
2886 		if(!kimGroup.isActive()){
2887 			// when a group is inactivated, inactivate the memberships of principals in that group
2888 			// and the memberships of that group in roles
2889 			KimImplServiceLocator.getRoleInternalService().groupInactivated(identityManagementGroupDocument.getGroupId());
2890 		}
2891 	}
2892 
2893 	protected List<GroupMemberBo> getGroupMembers(IdentityManagementGroupDocument identityManagementGroupDocument, List<GroupMemberBo> origGroupMembers){
2894 		List<GroupMemberBo> groupMembers = new ArrayList<GroupMemberBo>();
2895 		GroupMemberBo newGroupMember;
2896 		if(CollectionUtils.isNotEmpty(identityManagementGroupDocument.getMembers())){
2897 			for(GroupDocumentMember documentGroupMember: identityManagementGroupDocument.getMembers()){
2898 				newGroupMember = new GroupMemberBo();
2899 				//KimCommonUtilsInternalInternal.copyProperties(newGroupMember, documentGroupMember);
2900                 //copy properties manually for now until new BO created for DocumentGroupMember
2901 
2902 				newGroupMember.setGroupId(identityManagementGroupDocument.getGroupId());
2903                 newGroupMember.setActiveFromDateValue(documentGroupMember.getActiveFromDate());
2904                 newGroupMember.setActiveToDateValue(documentGroupMember.getActiveToDate());
2905                 newGroupMember.setMemberId(documentGroupMember.getMemberId());
2906                 newGroupMember.setTypeCode(documentGroupMember.getMemberTypeCode());
2907 				if(ObjectUtils.isNotNull(origGroupMembers)){
2908 					for(GroupMemberBo origGroupMemberImpl: origGroupMembers){
2909 						if(StringUtils.equals(origGroupMemberImpl.getGroupId(), newGroupMember.getGroupId()) &&
2910 								StringUtils.equals(origGroupMemberImpl.getMemberId(), newGroupMember.getMemberId()) &&
2911 								!origGroupMemberImpl.isActive(getDateTimeService().getCurrentTimestamp())){
2912 							//TODO: verify if you want to add  && newGroupMember.isActive() condition to if...
2913 							newGroupMember.setMemberId(origGroupMemberImpl.getMemberId());
2914 						}
2915                         if(StringUtils.equals(origGroupMemberImpl.getGroupId(), newGroupMember.getGroupId()) &&
2916 								StringUtils.equals(origGroupMemberImpl.getMemberId(), newGroupMember.getMemberId()) &&
2917 								origGroupMemberImpl.isActive(getDateTimeService().getCurrentTimestamp())){
2918 							newGroupMember.setId(origGroupMemberImpl.getId());
2919                             newGroupMember.setVersionNumber(origGroupMemberImpl.getVersionNumber());
2920 						}
2921 					}
2922 				}
2923 				groupMembers.add(newGroupMember);
2924 			}
2925 		}
2926 		return groupMembers;
2927 	}
2928 
2929 	protected List<GroupAttributeBo> getGroupAttributeData(IdentityManagementGroupDocument identityManagementGroupDocument,
2930 			List<GroupAttributeBo> origAttributes){
2931 		List<GroupAttributeBo> groupAttributeDataList = new ArrayList<GroupAttributeBo>();
2932 		GroupAttributeBo newGroupAttributeData;
2933 		if(CollectionUtils.isNotEmpty(identityManagementGroupDocument.getQualifiers())){
2934 			for(GroupDocumentQualifier groupQualifier: identityManagementGroupDocument.getQualifiers()){
2935 				if(StringUtils.isNotBlank(groupQualifier.getAttrVal())){
2936 					newGroupAttributeData = new GroupAttributeBo();
2937 					newGroupAttributeData.setId(groupQualifier.getAttrDataId());
2938 					newGroupAttributeData.setAttributeValue(groupQualifier.getAttrVal());
2939 					newGroupAttributeData.setAssignedToId(groupQualifier.getGroupId());
2940 					newGroupAttributeData.setKimTypeId(groupQualifier.getKimTypId());
2941 					newGroupAttributeData.setKimAttributeId(groupQualifier.getKimAttrDefnId());
2942 					if(ObjectUtils.isNotNull(origAttributes)){
2943 						for(GroupAttributeBo origAttribute: origAttributes){
2944 							if(StringUtils.equals(origAttribute.getKimAttributeId(), newGroupAttributeData.getKimAttributeId()) &&
2945 									StringUtils.equals(newGroupAttributeData.getAssignedToId(), origAttribute.getAssignedToId())){
2946 							    newGroupAttributeData.setId(origAttribute.getId());
2947 							}
2948 							if(origAttribute.getId()!=null && StringUtils.equals(origAttribute.getId(), newGroupAttributeData.getId())){
2949 							    newGroupAttributeData.setVersionNumber(origAttribute.getVersionNumber());
2950 							}
2951 						}
2952 					}
2953 					groupAttributeDataList.add(newGroupAttributeData);
2954 				}
2955 			}
2956 		}
2957 		return groupAttributeDataList;
2958 	}
2959 
2960     protected Set<String> getChangedRoleResponsibilityIds(
2961 			IdentityManagementRoleDocument identityManagementRoleDocument, List<RoleResponsibilityBo> origRoleResponsibilities){
2962 		Set<String> lRet = new HashSet<String>();
2963 		List<String> newResp = new ArrayList<String>();
2964 		List<String> oldResp = new ArrayList<String>();
2965 		if(CollectionUtils.isNotEmpty(identityManagementRoleDocument.getResponsibilities())){
2966 			for(KimDocumentRoleResponsibility documentRoleResponsibility: identityManagementRoleDocument.getResponsibilities()){
2967 				newResp.add(documentRoleResponsibility.getResponsibilityId());
2968 			}
2969 		}
2970 		if(ObjectUtils.isNotNull(origRoleResponsibilities)){
2971 			for(RoleResponsibilityBo roleRespBo: origRoleResponsibilities){
2972 				oldResp.add(roleRespBo.getResponsibilityId());
2973 			}
2974 		}
2975 		lRet.addAll(newResp);
2976 		lRet.addAll(oldResp);
2977 
2978 		return lRet;
2979 	}
2980 
2981 	public KimTypeInfoService getKimTypeInfoService() {
2982 		if ( kimTypeInfoService == null ) {
2983 			kimTypeInfoService = KimApiServiceLocator.getKimTypeInfoService();
2984 		}
2985 		return kimTypeInfoService;
2986 	}
2987 
2988     @Override
2989     public List<KimDocumentRoleMember> getRoleMembers(Map<String,String> fieldValues) {
2990         List<KimDocumentRoleMember> matchingRoleMembers = new ArrayList<KimDocumentRoleMember>();
2991         //Remove since they are KNS fieldValues and not BO
2992         fieldValues.remove(KRADConstants.BACK_LOCATION);
2993         fieldValues.remove(KRADConstants.DOC_FORM_KEY);
2994         fieldValues.remove(KRADConstants.DOC_NUM);
2995 
2996 
2997 
2998 		List<RoleMember> matchingRoleMembersTemp = getRoleService().findRoleMembers(toQuery(fieldValues)).getResults();
2999 		KimDocumentRoleMember matchingRoleMember;
3000 		Object roleMemberObject;
3001 		RoleMemberBo roleMemberBo;
3002 		if(CollectionUtils.isNotEmpty(matchingRoleMembersTemp)){
3003 			for(RoleMember roleMember: matchingRoleMembersTemp){
3004 				roleMemberBo = getRoleMember(roleMember.getId());
3005 				roleMemberObject = getMember(roleMemberBo.getType(), roleMemberBo.getMemberId());
3006 				matchingRoleMember = new KimDocumentRoleMember();
3007                 KimDocumentRoleMember.copyProperties(matchingRoleMember, roleMemberBo);
3008                 matchingRoleMember.setMemberId(roleMemberBo.getMemberId());
3009                 matchingRoleMember.setRoleMemberId(roleMemberBo.getId());
3010 				matchingRoleMember.setMemberName(getMemberName(roleMemberBo.getType(), roleMemberObject));
3011 				matchingRoleMember.setMemberNamespaceCode(getMemberNamespaceCode(roleMemberBo.getType(), roleMemberObject));
3012 				matchingRoleMember.setQualifiers(getQualifiers(roleMemberBo.getAttributeDetails()));
3013 				matchingRoleMembers.add(matchingRoleMember);
3014 			}
3015 		}
3016 		return matchingRoleMembers;
3017     }
3018 
3019    private QueryByCriteria toQuery(Map<String,String> fieldValues) {
3020        String memberTypeCode = fieldValues.get(KIMPropertyConstants.KimMember.MEMBER_TYPE_CODE);
3021        String memberName = fieldValues.get(KimConstants.KimUIConstants.MEMBER_NAME);
3022        String memberNamespaceCode = fieldValues.get(KimConstants.KimUIConstants.MEMBER_NAMESPACE_CODE);
3023 
3024        if(StringUtils.isNotEmpty(memberName) || StringUtils.isNotEmpty(memberNamespaceCode)) {
3025             String memberId  = getMemberIdByName(MemberType.fromCode(memberTypeCode),memberNamespaceCode,memberName)  ;
3026            if(StringUtils.isNotEmpty(memberId)) {
3027                   fieldValues.put(KIMPropertyConstants.KimMember.MEMBER_ID, memberId);
3028            }
3029        }
3030 
3031        List<Predicate> pred = new ArrayList<Predicate>();
3032 
3033        pred.add(PredicateUtils.convertMapToPredicate(fieldValues));
3034        Predicate[] predicates = new Predicate[0];
3035        predicates = pred.toArray(predicates)  ;
3036         return QueryByCriteria.Builder.fromPredicates(predicates);
3037     }
3038 
3039     private List<KimDocumentRoleQualifier> getQualifiers(List<RoleMemberAttributeDataBo> attributes){
3040     	if (attributes==null) {return null;}
3041     	List<KimDocumentRoleQualifier> qualifiers = new ArrayList<KimDocumentRoleQualifier>();
3042     	KimDocumentRoleQualifier qualifier;
3043     	if(ObjectUtils.isNotNull(attributes)){
3044 	    	for(RoleMemberAttributeDataBo attribute: attributes){
3045 		    	qualifier = new KimDocumentRoleQualifier();
3046 				qualifier.setAttrDataId(attribute.getId());
3047 				qualifier.setAttrVal(attribute.getAttributeValue());
3048 				qualifier.setRoleMemberId(attribute.getAssignedToId());
3049 				qualifier.setKimTypId(attribute.getKimTypeId());
3050 				qualifier.setKimAttrDefnId(attribute.getKimAttributeId());
3051 				qualifier.setKimAttribute(attribute.getKimAttribute());
3052 				qualifiers.add(qualifier);
3053 	    	}
3054     	}
3055     	return qualifiers;
3056     }
3057 
3058 	public ResponsibilityInternalService getResponsibilityInternalService() {
3059 		if ( responsibilityInternalService == null ) {
3060 				responsibilityInternalService = KimImplServiceLocator.getResponsibilityInternalService();
3061 		}
3062 		return responsibilityInternalService;
3063 	}
3064 
3065    public PermissionService getPermissionService() {
3066 		if ( permissionService == null ) {
3067 				permissionService = KimApiServiceLocator.getPermissionService();
3068 		}
3069 		return permissionService;
3070 	}
3071 
3072     public ParameterService getParameterService() {
3073     	if ( parameterService == null ) {
3074     		parameterService = CoreFrameworkServiceLocator.getParameterService();
3075     	}
3076     	return parameterService;
3077     }
3078 
3079     public DateTimeService getDateTimeService() {
3080         if ( dateTimeService == null ) {
3081             dateTimeService = CoreApiServiceLocator.getDateTimeService();
3082         }
3083         return this.dateTimeService;
3084     }
3085 
3086     public void setParameterService(ParameterService parameterService) {
3087     	this.parameterService = parameterService;
3088     }
3089 
3090     public static IdentityArchiveService getIdentityArchiveService() {
3091         return GlobalResourceLoader.getService(KIM_IDENTITY_ARCHIVE_SERVICE);
3092     }
3093 }