View Javadoc

1   /**
2    * Copyright 2004-2013 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.hr.time.permissions;
17  
18  import java.math.BigDecimal;
19  import java.sql.Date;
20  import java.util.List;
21  import java.util.Map;
22  
23  import org.apache.commons.collections.CollectionUtils;
24  import org.apache.commons.lang.StringUtils;
25  import org.apache.log4j.Logger;
26  import org.kuali.hr.job.Job;
27  import org.kuali.hr.lm.LMConstants;
28  import org.kuali.hr.lm.earncodesec.EarnCodeSecurity;
29  import org.kuali.hr.lm.leaveblock.LeaveBlock;
30  import org.kuali.hr.lm.timeoff.SystemScheduledTimeOff;
31  import org.kuali.hr.lm.workflow.LeaveRequestDocument;
32  import org.kuali.hr.time.assignment.Assignment;
33  import org.kuali.hr.time.assignment.AssignmentDescriptionKey;
34  import org.kuali.hr.time.authorization.DepartmentalRule;
35  import org.kuali.hr.time.authorization.DepartmentalRuleAuthorizer;
36  import org.kuali.hr.time.calendar.CalendarEntries;
37  import org.kuali.hr.time.collection.rule.TimeCollectionRule;
38  import org.kuali.hr.time.paytype.PayType;
39  import org.kuali.hr.time.principal.PrincipalHRAttributes;
40  import org.kuali.hr.time.roles.TkUserRoles;
41  import org.kuali.hr.time.roles.UserRoles;
42  import org.kuali.hr.time.service.base.TkServiceLocator;
43  import org.kuali.hr.time.timeblock.TimeBlock;
44  import org.kuali.hr.time.timesheet.TimesheetDocument;
45  import org.kuali.hr.time.util.TKContext;
46  import org.kuali.hr.time.util.TKUser;
47  import org.kuali.hr.time.util.TKUtils;
48  import org.kuali.hr.time.util.TkConstants;
49  import org.kuali.hr.time.workarea.WorkArea;
50  import org.kuali.hr.time.workflow.TimesheetDocumentHeader;
51  import org.kuali.rice.kew.api.KewApiConstants;
52  import org.kuali.rice.kew.api.KewApiServiceLocator;
53  import org.kuali.rice.kew.api.document.DocumentStatus;
54  import org.kuali.rice.kew.doctype.SecuritySession;
55  import org.kuali.rice.kew.routeheader.DocumentRouteHeaderValue;
56  import org.kuali.rice.kew.service.KEWServiceLocator;
57  import org.kuali.rice.krad.util.GlobalVariables;
58  
59  public class TkPermissionsServiceImpl implements TkPermissionsService {
60      private static final Logger LOG = Logger
61              .getLogger(DepartmentalRuleAuthorizer.class);
62  
63      @Override
64      public boolean canAddTimeBlock() {
65          boolean addTimeBlock = false;
66  
67          if (TKUser.isSystemAdmin()) {
68              addTimeBlock = true;
69          } else {
70          	String documentStatus = TKContext.getCurrentTimesheetDocument().getDocumentHeader().getDocumentStatus();
71              boolean docFinal = DocumentStatus.FINAL.getCode().equals(documentStatus)
72                      || DocumentStatus.CANCELED.getCode().equals(documentStatus)
73                      || DocumentStatus.DISAPPROVED.getCode().equals(documentStatus);
74              if (!docFinal) {
75                  if (StringUtils
76                          .equals(TKContext.getCurrentTimesheetDocument().getPrincipalId(),
77                          		GlobalVariables.getUserSession().getPrincipalId())
78                          || TkUserRoles.getUserRoles(GlobalVariables.getUserSession().getPrincipalId()).isSystemAdmin()
79                          || TKUser.isLocationAdmin()
80  //                        || TKUser.isDepartmentAdmin()
81                          || TKUser.isReviewer()
82                          || TKUser.isApprover()) {
83                      addTimeBlock = true;
84                  }
85              }
86          }
87          return addTimeBlock;
88      }
89  
90      @Override
91      public boolean canEditTimeBlockAllFields(TimeBlock tb) {
92          String userId = GlobalVariables.getUserSession().getPrincipalId();
93  
94          if (userId != null) {
95  
96              if (TKUser.isSystemAdmin()) {
97                  return true;
98              }
99              
100             if (StringUtils.isNotBlank(tb.getDocumentId())) {
101 	        	DocumentStatus documentStatus = KewApiServiceLocator.getWorkflowDocumentService().getDocumentStatus(tb.getDocumentId());
102 	            if (DocumentStatus.CANCELED.equals(documentStatus) || DocumentStatus.DISAPPROVED.equals(documentStatus)) {
103 	            	return false;
104 	            }
105             }
106             
107             Job job = TkServiceLocator.getJobService().getJob(
108                     TKContext.getTargetPrincipalId(), tb.getJobNumber(),
109                     tb.getEndDate());
110             PayType payType = job.getPayTypeObj();
111 
112             if ((TKUser.isTimesheetApprover()
113                     && TKUser.getApproverWorkAreas().contains(tb.getWorkArea()))
114                  || (TKUser.isTimesheetReviewer()
115                     && TKUser.getReviewerWorkAreas().contains(tb.getWorkArea()))) {
116 
117                 if (StringUtils.equals(payType.getRegEarnCode(), tb.getEarnCode())) {
118                     TimeCollectionRule tcr = TkServiceLocator.getTimeCollectionRuleService().getTimeCollectionRule(job.getDept(),tb.getWorkArea(),tb.getBeginDate());
119                     
120                     if (tcr != null && !tcr.isClockUserFl()) {
121                     	return true;
122                     } else {
123                         return false;
124                     }
125                 }
126 
127                 List<EarnCodeSecurity> deptEarnCodes = TkServiceLocator
128                         .getEarnCodeSecurityService().getEarnCodeSecurities(
129                                 job.getDept(), job.getHrSalGroup(),
130                                 job.getLocation(), tb.getEndDate());
131                 for (EarnCodeSecurity dec : deptEarnCodes) {
132                     if (dec.isApprover()
133                             && StringUtils.equals(dec.getEarnCode(),
134                             tb.getEarnCode())) {
135                         return true;
136                     }
137                 }
138             }
139 
140             if (userId.equals(TKContext.getTargetPrincipalId())
141                     && tb.getClockLogCreated()) {
142                 if (StringUtils.equals(payType.getRegEarnCode(),
143                         tb.getEarnCode())) {
144                     return false;
145                 }
146             }
147 
148             if (userId.equals(TKContext.getTargetPrincipalId())
149                     && !tb.getClockLogCreated()) {
150                 if (StringUtils.equals(payType.getRegEarnCode(),
151                         tb.getEarnCode())) {
152                     return true;
153                 }
154 
155                 List<EarnCodeSecurity> deptEarnCodes = TkServiceLocator
156                         .getEarnCodeSecurityService().getEarnCodeSecurities(
157                                 job.getDept(), job.getHrSalGroup(),
158                                 job.getLocation(), tb.getEndDate());
159                 for (EarnCodeSecurity dec : deptEarnCodes) {
160                     if (dec.isEmployee()
161                             && StringUtils.equals(dec.getEarnCode(),
162                             tb.getEarnCode())) {
163                         return true;
164                     }
165                 }
166             }
167 
168         }
169 
170         return false;
171     }
172 
173     @Override
174     public boolean canEditTimeBlock(TimeBlock tb) {
175         String userId = GlobalVariables.getUserSession().getPrincipalId();
176 
177         if (userId != null) {
178 
179         	// if the sys admin user is working on his own time block, do not grant edit permission without further checking
180             if (TKUser.isSystemAdmin() && !tb.getPrincipalId().equals(userId)) {
181             	return true;
182             }
183             
184             if (StringUtils.isNotBlank(tb.getDocumentId())) {
185 	        	DocumentStatus documentStatus = KewApiServiceLocator.getWorkflowDocumentService().getDocumentStatus(tb.getDocumentId());
186 	            if (DocumentStatus.CANCELED.equals(documentStatus) || DocumentStatus.DISAPPROVED.equals(documentStatus)) {
187 	            	return false;
188 	            }
189             }
190             
191             Job job = TkServiceLocator.getJobService().getJob(
192                     TKContext.getTargetPrincipalId(), tb.getJobNumber(),
193                     tb.getEndDate());
194             PayType payType = TkServiceLocator.getPayTypeService().getPayType(
195                     job.getHrPayType(), tb.getEndDate());
196             
197             if ((TKUser.isTimesheetApprover()
198                     && TKUser.getApproverWorkAreas().contains(tb.getWorkArea()))
199                 ||  (TKUser.isTimesheetReviewer()
200                     && TKUser.getReviewerWorkAreas().contains(tb.getWorkArea()))) {
201 
202                 if (StringUtils.equals(payType.getRegEarnCode(),
203                         tb.getEarnCode())) {
204                     TimeCollectionRule tcr = TkServiceLocator.getTimeCollectionRuleService().getTimeCollectionRule(job.getDept(),tb.getWorkArea(),tb.getBeginDate());
205 
206                     if (tcr == null || tcr.isClockUserFl()) {
207                         //if there is only 1 assignment here, it isn't editable.
208                         TimesheetDocument td = TkServiceLocator.getTimesheetService().getTimesheetDocument(tb.getDocumentId());
209                         Map<String, String> assignments = TkServiceLocator.getAssignmentService().getAssignmentDescriptions(td, false);
210                         if (assignments.size() <= 1) {
211                             return false;
212                         }
213                     }
214                     return true;
215                 }
216 
217                 List<EarnCodeSecurity> deptEarnCodes = TkServiceLocator
218                         .getEarnCodeSecurityService().getEarnCodeSecurities(
219                                 job.getDept(), job.getHrSalGroup(),
220                                 job.getLocation(), tb.getEndDate());
221                 for (EarnCodeSecurity dec : deptEarnCodes) {
222                     if (dec.isApprover()
223                             && StringUtils.equals(dec.getEarnCode(),
224                             tb.getEarnCode())) {
225                         return true;
226                     }
227                 }
228             }
229 
230             //taking out for KPME-2427
231             // if the time block is generated by clock actions, do not allow it to be edited/deleted
232 			//if(tb.getClockLogCreated()) {
233 		    //    return false;
234 			//}
235 
236             if (userId.equals(TKContext.getTargetPrincipalId())) {
237 
238                 if (StringUtils.equals(payType.getRegEarnCode(), tb.getEarnCode())) {
239                     //If you are a clock user and you have only one assignment you should not be allowed to change the assignment
240                     //TODO eventually move this logic to one concise place for editable portions of the timeblock
241                     List<Assignment> assignments = TkServiceLocator.getAssignmentService().getAssignments(TKContext.getPrincipalId(),tb.getBeginDate());
242                     if (assignments.size() == 1) {
243                     	TimeCollectionRule tcr = TkServiceLocator.getTimeCollectionRuleService().getTimeCollectionRule(job.getDept(),tb.getWorkArea(),job.getHrPayType(),tb.getBeginDate());
244                     	
245                     	return tcr != null && !tcr.isClockUserFl();
246                     } else {
247                         return true;
248                     }
249                 }
250 
251                 List<EarnCodeSecurity> deptEarnCodes = TkServiceLocator
252                         .getEarnCodeSecurityService().getEarnCodeSecurities(
253                                 job.getDept(), job.getHrSalGroup(),
254                                 job.getLocation(), tb.getEndDate());
255                 for (EarnCodeSecurity dec : deptEarnCodes) {
256                     if (dec.isEmployee()
257                             && StringUtils.equals(dec.getEarnCode(),
258                             tb.getEarnCode())) {
259                         return true;
260                     }
261                 }
262             }
263 
264         }
265 
266         return false;
267     }
268 
269     @Override
270     public boolean canDeleteTimeBlock(TimeBlock tb) {
271         String userId = GlobalVariables.getUserSession().getPrincipalId();
272 
273         if (userId != null) {
274 
275         	// if the sys admin user is working on his own time block, do not grant delete permission without further checking
276             if (TKUser.isSystemAdmin()&& !tb.getPrincipalId().equals(userId)) {
277             	return true;
278             }
279             
280             if (StringUtils.isNotBlank(tb.getDocumentId())) {
281 	        	DocumentStatus documentStatus = KewApiServiceLocator.getWorkflowDocumentService().getDocumentStatus(tb.getDocumentId());
282 	            if (DocumentStatus.CANCELED.equals(documentStatus) || DocumentStatus.DISAPPROVED.equals(documentStatus)) {
283 	            	return false;
284 	            }
285             }
286             
287             Job job = TkServiceLocator.getJobService().getJob(
288                     TKContext.getTargetPrincipalId(), tb.getJobNumber(),
289                     tb.getEndDate());
290             PayType payType = TkServiceLocator.getPayTypeService().getPayType(
291                     job.getHrPayType(), tb.getEndDate());
292 
293             if (TKUser.isTimesheetApprover()
294                     && TKUser.getApproverWorkAreas().contains(tb.getWorkArea())
295                     || TKUser.isTimesheetReviewer()
296                     && TKUser.getReviewerWorkAreas().contains(tb.getWorkArea())) {
297 
298                 if (StringUtils.equals(payType.getRegEarnCode(),
299                         tb.getEarnCode())) {
300                     return true;
301                 }
302 
303                 List<EarnCodeSecurity> deptEarnCodes = TkServiceLocator
304                         .getEarnCodeSecurityService().getEarnCodeSecurities(
305                                 job.getDept(), job.getHrSalGroup(),
306                                 job.getLocation(), tb.getEndDate());
307                 for (EarnCodeSecurity dec : deptEarnCodes) {
308                     if (dec.isApprover()
309                             && StringUtils.equals(dec.getEarnCode(),
310                             tb.getEarnCode())) {
311                         return true;
312                     }
313                 }
314             }
315 
316 //            // If the timeblock was created by the employee himeself and is a sync timeblock,
317 //            // the user can't delete the timeblock
318 //            if (userId.equals(TKContext.getTargetPrincipalId())
319 //                    && tb.getClockLogCreated()) {
320 //                return false;
321 //            // But if the timeblock was created by the employee himeself and is an async timeblock,
322 //            // the user should be able to delete that timeblock
323 //            } else if (userId.equals(TKContext.getTargetPrincipalId()) && !tb.getClockLogCreated() ) {
324 //                return true;
325 //            } else {
326             
327             // if the time block is generated by clock actions, do not allow it to be edited/deleted
328 			if(tb.getClockLogCreated()) {
329 					return false;
330 			}
331 
332             //if on a regular earncode and the user is a clock user and this is the users timesheet, do not allow to be deleted
333             if (StringUtils.equals(payType.getRegEarnCode(), tb.getEarnCode())) {
334             	TimeCollectionRule tcr = TkServiceLocator.getTimeCollectionRuleService().getTimeCollectionRule(job.getDept(),tb.getWorkArea(),payType.getPayType(),tb.getEndDate());
335             	
336             	if (tcr == null || tcr.isClockUserFl()) {
337             		if (StringUtils.equals(userId,TKContext.getTargetPrincipalId())) {
338 	                    return false;
339 	                }  else {
340 	                    return true;
341 	                }
342                 }
343             }
344             
345             //KPME-2264 -
346             // EE's should be able to remove timeblocks added via the time detail calendar only after checking prior conditions,
347 			if (userId.equals(TKContext.getTargetPrincipalId())) {
348 				return true;
349 			} 
350             
351             List<EarnCodeSecurity> deptEarnCodes = TkServiceLocator
352                     .getEarnCodeSecurityService().getEarnCodeSecurities(
353                             job.getDept(), job.getHrSalGroup(),
354                             job.getLocation(), tb.getEndDate());
355             for (EarnCodeSecurity dec : deptEarnCodes) {
356                 if (dec.isEmployee()
357                         && StringUtils.equals(dec.getEarnCode(),
358                         tb.getEarnCode())
359                         && hasManagerialRolesOnWorkArea(tb)) {
360                     return true;
361                 }
362             }
363 
364         }
365 
366         return false;
367     }
368 
369     @Override
370     public boolean canEditLeaveBlock(LeaveBlock lb) {
371         String userId = GlobalVariables.getUserSession().getPrincipalId();
372         
373         if (userId != null) {
374         	String documentId = lb.getDocumentId();
375         	if (StringUtils.isBlank(documentId)) {
376         		TimesheetDocumentHeader timesheetDocumentHeader = TkServiceLocator.getTimesheetDocumentHeaderService().getDocumentHeaderForDate(userId, lb.getLeaveDate());
377         		if (timesheetDocumentHeader != null) {
378         			documentId = timesheetDocumentHeader.getDocumentId();
379         		}
380         	}
381         	if (StringUtils.isNotBlank(documentId)) {
382 	        	DocumentStatus documentStatus = KewApiServiceLocator.getWorkflowDocumentService().getDocumentStatus(documentId);
383 	            if (DocumentStatus.CANCELED.equals(documentStatus) || DocumentStatus.DISAPPROVED.equals(documentStatus)) {
384 	            	return false;
385 	            }
386         	}
387             
388             String blockType = lb.getLeaveBlockType();
389             String requestStatus = lb.getRequestStatus();
390             if (StringUtils.equals(LMConstants.REQUEST_STATUS.DISAPPROVED, requestStatus)) {
391                 return false;
392             }
393             if (StringUtils.equals(LMConstants.REQUEST_STATUS.APPROVED, requestStatus)) {
394             	List<LeaveRequestDocument> docList= TkServiceLocator.getLeaveRequestDocumentService().getLeaveRequestDocumentsByLeaveBlockId(lb.getLmLeaveBlockId());
395             	if(CollectionUtils.isEmpty(docList)) {
396             		return false;	// not a leave request. if this is a leave request, do further checking on it
397             	}            	
398             }
399             if (StringUtils.isBlank(blockType)
400                     || StringUtils.equals(LMConstants.LEAVE_BLOCK_TYPE.LEAVE_CALENDAR, blockType)
401                     || StringUtils.equals(LMConstants.LEAVE_BLOCK_TYPE.TIME_CALENDAR, blockType)) {
402             	if (!TKUser.isDepartmentAdmin()
403                         || TKUser.getApproverWorkAreas().contains(lb.getWorkArea())) {
404             		return true;
405             	}
406             } else if (LMConstants.LEAVE_BLOCK_TYPE.LEAVE_PAYOUT.equals(blockType)
407                     || LMConstants.LEAVE_BLOCK_TYPE.DONATION_MAINT.equals(blockType)
408                     || LMConstants.LEAVE_BLOCK_TYPE.BALANCE_TRANSFER.equals(blockType)
409                     || LMConstants.LEAVE_BLOCK_TYPE.LEAVE_ADJUSTMENT_MAINT.equals(blockType)) {
410                 if (TKUser.isSystemAdmin()) {
411                     return true;
412                 }
413             }
414             // kpme-1689
415             if(StringUtils.equals(LMConstants.LEAVE_BLOCK_TYPE.ACCRUAL_SERVICE, blockType)
416             		&& StringUtils.isNotEmpty(lb.getScheduleTimeOffId())
417             		&& lb.getLeaveAmount().compareTo(BigDecimal.ZERO) == -1) {
418             	if(TKUser.isSystemAdmin()) {
419             		return true;
420             	}
421             	SystemScheduledTimeOff ssto = TkServiceLocator.getSysSchTimeOffService().getSystemScheduledTimeOff(lb.getScheduleTimeOffId());
422             	if(ssto != null && !StringUtils.equals(LMConstants.UNUSED_TIME.NO_UNUSED, ssto.getUnusedTime())) {
423             		return true;
424             	}
425             }
426         }
427 
428         return false;
429     }
430 
431     @Override
432     public boolean canDeleteLeaveBlock(LeaveBlock lb) {
433     	String userId = GlobalVariables.getUserSession().getPrincipalId();
434         
435         if (userId != null) {
436 	    	String documentId = lb.getDocumentId();
437 	    	if (StringUtils.isBlank(documentId)) {
438 	    		TimesheetDocumentHeader timesheetDocumentHeader = TkServiceLocator.getTimesheetDocumentHeaderService().getDocumentHeaderForDate(userId, lb.getLeaveDate());
439 	    		if (timesheetDocumentHeader != null) {
440 	    			documentId = timesheetDocumentHeader.getDocumentId();
441 	    		}
442 	    	}
443 	    	if (StringUtils.isNotBlank(documentId)) {
444 	        	DocumentStatus documentStatus = KewApiServiceLocator.getWorkflowDocumentService().getDocumentStatus(documentId);
445 	            if (DocumentStatus.CANCELED.equals(documentStatus) || DocumentStatus.DISAPPROVED.equals(documentStatus)) {
446 	            	return false;
447 	            }
448 	    	}
449         }
450         
451     	if(StringUtils.equals(LMConstants.REQUEST_STATUS.DISAPPROVED, lb.getRequestStatus()))  {
452             return false;
453         }
454     	if(canBankOrTransferSSTOUsage(lb)) {
455     		return true;
456     	}
457         if (StringUtils.equals(LMConstants.REQUEST_STATUS.APPROVED, lb.getRequestStatus())) {
458         	List<LeaveRequestDocument> docList= TkServiceLocator.getLeaveRequestDocumentService().getLeaveRequestDocumentsByLeaveBlockId(lb.getLmLeaveBlockId());
459         	if(CollectionUtils.isEmpty(docList)) {
460         		return false;	// not a leave request
461         	}
462         }
463        
464         return canEditLeaveBlock(lb);
465     }
466 
467     @Override
468 	public boolean canBankOrTransferSSTOUsage(LeaveBlock lb) {
469 		// if it's an accrual generated ssto usage leave block which can be banked or transferred, and on a current leave calendar,
470 	    // it can be deleted so the accrualed amount can be banked
471 	    return canBankSSTOUsage(lb) || canTransferSSTOUsage(lb);
472 	}
473     
474     @Override
475 	public boolean canBankSSTOUsage(LeaveBlock lb) {
476 	   if(lb.getAccrualGenerated() 
477 			   && StringUtils.isNotEmpty(lb.getScheduleTimeOffId()) 
478 			   && lb.getLeaveAmount().compareTo(BigDecimal.ZERO) < 0) {
479 		   SystemScheduledTimeOff ssto = TkServiceLocator.getSysSchTimeOffService().getSystemScheduledTimeOff(lb.getScheduleTimeOffId());
480 		   if(ssto != null && StringUtils.equals(ssto.getUnusedTime(), LMConstants.UNUSED_TIME.BANK)) {
481 			   Date currentDate = TKUtils.getTimelessDate(null);
482 			   String viewPrincipal = TKUser.getCurrentTargetPersonId();
483 			   CalendarEntries ce = TkServiceLocator.getCalendarService()
484 						.getCurrentCalendarDatesForLeaveCalendar(viewPrincipal, currentDate);
485 			   if(ce != null) {
486 				   if(!lb.getLeaveDate().before(ce.getBeginPeriodDate()) && !lb.getLeaveDate().after(ce.getEndPeriodDate())) {
487 					   return true;
488 				   }
489 			   }
490 			  
491 		   }
492 	   }
493 	   return false;
494 	}
495     @Override
496 	public boolean canTransferSSTOUsage(LeaveBlock lb) {
497 	   if(lb.getAccrualGenerated() 
498 			   && StringUtils.isNotEmpty(lb.getScheduleTimeOffId()) 
499 			   && lb.getLeaveAmount().compareTo(BigDecimal.ZERO) < 0) {
500 		   SystemScheduledTimeOff ssto = TkServiceLocator.getSysSchTimeOffService().getSystemScheduledTimeOff(lb.getScheduleTimeOffId());
501 		   if(ssto != null && StringUtils.equals(ssto.getUnusedTime(), LMConstants.UNUSED_TIME.TRANSFER)) {
502 			   Date currentDate = TKUtils.getTimelessDate(null);
503 			   String viewPrincipal = TKUser.getCurrentTargetPersonId();
504 			   CalendarEntries ce = TkServiceLocator.getCalendarService()
505 						.getCurrentCalendarDatesForLeaveCalendar(viewPrincipal, currentDate);
506 			   if(ce != null) {
507 				   if(!lb.getLeaveDate().before(ce.getBeginPeriodDate()) && !lb.getLeaveDate().after(ce.getEndPeriodDate())) {
508 					   return true;
509 				   }
510 			   }
511 			  
512 		   }
513 	   }
514 	   return false;
515 	}
516 
517     @Override
518     public boolean canViewAdminTab() {
519         UserRoles ur = TKUser.getCurrentTargetRoles();
520 
521         boolean viewAdminTab = ur.isSystemAdmin() || ur.isLocationAdmin()
522                 || ur.isDepartmentAdmin() || ur.isGlobalViewOnly();
523 
524         return viewAdminTab;
525     }
526 
527     @Override
528     public boolean canViewApproverTab() {
529         UserRoles ur = TKUser.getCurrentTargetRoles();
530 
531         boolean viewApproverTab = ur.isSystemAdmin()
532                 || ur.isTimesheetApprover() || ur.isTimesheetReviewer();
533 
534         return viewApproverTab;
535     }
536 
537     @Override
538     public boolean canViewClockTab() {
539         UserRoles ur = TKUser.getCurrentTargetRoles();
540 
541         return ur.isActiveEmployee() && ur.isSynchronous();
542     }
543 
544     @Override
545     public boolean canViewBatchJobsTab() {
546         UserRoles ur = TKUser.getCurrentTargetRoles();
547 
548         return ur.isSystemAdmin();
549     }
550 
551     @Override
552     public boolean canViewPersonInfoTab() {
553         return true;
554     }
555 
556     @Override
557     public boolean canViewTimeDetailTab() {
558         UserRoles ur = TKUser.getCurrentTargetRoles();
559 
560         return ur.isActiveEmployee();
561     }
562 
563     @Override
564     public boolean canViewLeaveAccrualTab() {
565         UserRoles ur = TKUser.getCurrentTargetRoles();
566 
567         return ur.isActiveEmployee();
568     }
569 
570     @Override
571     public boolean canViewTimesheet(String documentId) {
572         boolean viewTimeSheet = false;
573 
574         if (documentId != null) {
575             return canViewTimesheet(TkServiceLocator.getTimesheetService()
576                     .getTimesheetDocument(documentId));
577         }
578 
579         return viewTimeSheet;
580     }
581 
582     @Override
583     public boolean canViewTimesheet(TimesheetDocument document) {
584         boolean viewTimeSheet = false;
585         UserRoles ur = TKUser.getCurrentTargetRoles();
586 
587         if (document == null)
588             return viewTimeSheet;
589 
590         // Sysadmin
591         viewTimeSheet = ur.isSystemAdmin();
592         // Owner
593         viewTimeSheet |= StringUtils.equals(ur.getPrincipalId(),
594                 document.getPrincipalId());
595         // Global VO
596         viewTimeSheet |= ur.isGlobalViewOnly();
597 
598         if (!viewTimeSheet) {
599             // Departmental View Only? || Reviewer || Org Admin || Approver
600             // (document object iteration)
601             List<Assignment> assignments = document.getAssignments();
602             for (Assignment assignment : assignments) {
603                 String dept = assignment.getDept();
604                 Long wa = assignment.getWorkArea();
605 
606                 viewTimeSheet |= ur.getOrgAdminDepartments().contains(dept);
607                 viewTimeSheet |= ur.getApproverWorkAreas().contains(wa);
608                 viewTimeSheet |= ur.getReviewerWorkAreas().contains(wa);
609                 viewTimeSheet |= ur.getDepartmentViewOnlyDepartments()
610                         .contains(dept);
611             }
612         }
613 
614         return viewTimeSheet;
615     }
616 
617     @Override
618     public boolean canEditTimesheet(TimesheetDocument document) {
619         boolean editTimeSheet = false;
620         UserRoles ur = TKUser.getCurrentTargetRoles();
621 
622         // Quick escape.
623         if (document == null)
624             return editTimeSheet;
625 
626         // Sysadmin
627         editTimeSheet = ur.isSystemAdmin();
628         // Owner (and not enroute/final)
629         editTimeSheet |= (StringUtils.equals(ur.getPrincipalId(),
630                 document.getPrincipalId()) && (StringUtils.equals(
631                 TkConstants.ROUTE_STATUS.INITIATED, document
632                 .getDocumentHeader().getDocumentStatus())
633                 || StringUtils.equals(TkConstants.ROUTE_STATUS.SAVED, document
634                 .getDocumentHeader().getDocumentStatus()) || (StringUtils
635                 .equals(TkConstants.ROUTE_STATUS.ENROUTE, document
636                         .getDocumentHeader().getDocumentStatus()))));
637 
638         if (!editTimeSheet) {
639             // Departmental View Only? || Reviewer || Org Admin || Approver
640             // (document object iteration)
641             List<Assignment> assignments = document.getAssignments();
642             for (Assignment assignment : assignments) {
643                 String dept = assignment.getDept();
644                 Long wa = assignment.getWorkArea();
645 
646                 editTimeSheet |= ur.getOrgAdminDepartments().contains(dept);
647                 editTimeSheet |= ur.getApproverWorkAreas().contains(wa);
648                 editTimeSheet |= ur.getReviewerWorkAreas().contains(wa);
649             }
650         }
651 
652         return editTimeSheet;
653     }
654 
655     @Override
656     public boolean canEditTimesheet(String documentId) {
657         return canEditTimesheet(TkServiceLocator.getTimesheetService()
658                 .getTimesheetDocument(documentId));
659     }
660 
661     @Override
662     public boolean canApproveTimesheet(TimesheetDocument doc) {
663 
664         TimesheetDocumentHeader docHeader = TkServiceLocator
665                 .getTimesheetDocumentHeaderService().getDocumentHeader(
666                         doc.getDocumentId());
667         boolean isEnroute = StringUtils.equals(docHeader.getDocumentStatus(),
668                 "ENROUTE");
669 
670         if (isEnroute) {
671             DocumentRouteHeaderValue routeHeader = KEWServiceLocator
672                     .getRouteHeaderService().getRouteHeader(doc.getDocumentId());
673             boolean authorized = KEWServiceLocator.getDocumentSecurityService()
674                     .routeLogAuthorized(TKContext.getPrincipalId(),
675                             routeHeader,
676                             new SecuritySession(TKContext.getPrincipalId()));
677             if (authorized) {
678                 List<String> principalsToApprove = KEWServiceLocator
679                         .getActionRequestService()
680                         .getPrincipalIdsWithPendingActionRequestByActionRequestedAndDocId(
681                                 KewApiConstants.ACTION_REQUEST_APPROVE_REQ,
682                                 routeHeader.getDocumentId());
683                 if (!principalsToApprove.isEmpty()
684                         && principalsToApprove.contains(TKContext
685                         .getPrincipalId())) {
686                     return true;
687                 }
688             }
689         }
690         return false;
691     }
692 
693     @Override
694     public boolean canSubmitTimesheet(TimesheetDocument doc) {
695         UserRoles ur = TKUser.getCurrentTargetRoles();
696 
697         if (StringUtils
698                 .equals(TKContext.getPrincipalId(), doc.getPrincipalId())) {
699             return true;
700         }
701 
702         if (ur.isApproverForTimesheet(doc)) {
703             return true;
704         }
705 
706         // System admins can route the document as well as the employee
707         if (ur.isSystemAdmin()) {
708             return true;
709         }
710         return false;
711     }
712 
713     @Override
714     public boolean canSubmitTimesheet(String docId) {
715         TimesheetDocument doc = TkServiceLocator.getTimesheetService()
716                 .getTimesheetDocument(docId);
717         return canSubmitTimesheet(doc);
718     }
719 
720     @Override
721     public boolean canViewLinkOnMaintPages() {
722         return TKUser.isSystemAdmin()
723                 || TKUser.isGlobalViewOnly();
724     }
725 
726     @Override
727     public boolean canViewDeptMaintPages() {
728         UserRoles ur = TKUser.getCurrentTargetRoles();
729 
730         return ur.isSystemAdmin() || ur.isGlobalViewOnly()
731                 || ur.getOrgAdminCharts().size() > 0
732                 || ur.getOrgAdminDepartments().size() > 0
733                 || ur.getDepartmentViewOnlyDepartments().size() > 0
734                 || ur.isAnyApproverActive();
735     }
736 
737     @Override
738     public boolean canViewDeptMaintPages(DepartmentalRule dr) {
739         boolean ret = false;
740         if (TKUser.isSystemAdmin() || TKUser.isGlobalViewOnly())
741             return true;
742 
743         if (dr != null) {
744             // dept | workArea | meaning
745             // ---------|------------|
746             // 1: % , -1 , any dept/work area valid roles
747             // *2: % , <defined> , must have work area <-- *
748             // 3: <defined>, -1 , must have dept, any work area
749             // 4: <defined>, <defined> , must have work area or department
750             // defined
751             //
752             // * Not permitted.
753 
754             if (StringUtils
755                     .equals(dr.getDept(), TkConstants.WILDCARD_CHARACTER)
756                     && dr.getWorkArea().equals(TkConstants.WILDCARD_LONG)) {
757                 // case 1
758                 ret = TKUser.isApprover()
759                         || TKUser.getLocationAdminAreas().size() > 0
760                         || TKUser.getDepartmentAdminAreas().size() > 0;
761             } else if (StringUtils.equals(dr.getDept(),
762                     TkConstants.WILDCARD_CHARACTER)) {
763                 // case 2 *
764                 // Should not encounter this case.
765                 LOG.error("Invalid case encountered while scanning business objects: Wildcard Department & Defined workArea.");
766             } else if (dr.getWorkArea().equals(TkConstants.WILDCARD_LONG)) {
767                 // case 3
768                 ret = TKUser.getDepartmentAdminAreas().contains(dr.getDept());
769             } else {
770                 ret = TKUser.getApproverWorkAreas().contains(dr.getWorkArea())
771                         || TKUser.getDepartmentAdminAreas().contains(dr.getDept());
772             }
773         }
774 
775         return ret;
776     }
777 
778     @Override
779     public boolean canEditDeptMaintPages() {
780         UserRoles ur = TKUser.getCurrentTargetRoles();
781         return ur.isSystemAdmin() || ur.getOrgAdminCharts().size() > 0
782                 || ur.getOrgAdminDepartments().size() > 0;
783     }
784 
785     @Override
786     public boolean canEditDeptMaintPages(DepartmentalRule dr) {
787         boolean ret = false;
788         if (TKUser.isSystemAdmin())
789             return true;
790 
791         if (dr != null && TKUser.getDepartmentAdminAreas().size() > 0) {
792             String dept = dr.getDept();
793             if (StringUtils.equals(dept, TkConstants.WILDCARD_CHARACTER)) {
794                 // Must be system administrator
795                 ret = false;
796             } else {
797                 // Must have parent Department
798                 ret = TKUser.getDepartmentAdminAreas().contains(dr.getDept());
799             }
800         }
801 
802         return ret;
803     }
804 
805     @Override
806     public boolean canWildcardWorkAreaInDeptRule(DepartmentalRule dr) {
807         // Sysadmins and (Departmental OrgAdmins for their Department)
808         if (TKUser.isSystemAdmin())
809             return true;
810 
811         String dept = dr.getDept();
812         if (StringUtils.equals(dept, TkConstants.WILDCARD_CHARACTER)) {
813             // Only system administrators can wildcard the work area if the
814             // department also has a wildcard.
815             return TKUser.isSystemAdmin();
816         } else {
817             return TKUser.getDepartmentAdminAreas().contains(dept);
818         }
819     }
820 
821     @Override
822     public boolean canWildcardDeptInDeptRule(DepartmentalRule dr) {
823         return TKUser.isSystemAdmin();
824     }
825 
826     @Override
827     public boolean canEditOvertimeEarnCode(TimeBlock tb) {
828         WorkArea workArea = TkServiceLocator.getWorkAreaService().getWorkArea(tb.getWorkArea(), new java.sql.Date(tb.getEndTimestamp().getTime()));
829         if (StringUtils.equals(workArea.getOvertimeEditRole(), TkConstants.ROLE_TK_EMPLOYEE)) {
830             return true;
831         } else if (StringUtils.equals(workArea.getOvertimeEditRole(), TkConstants.ROLE_TK_APPROVER) ||
832                 StringUtils.equals(workArea.getOvertimeEditRole(), TkConstants.ROLE_TK_APPROVER_DELEGATE)) {
833             return TKUser.getApproverWorkAreas().contains(workArea.getWorkArea());
834         } else {
835             return TKUser.getDepartmentAdminAreas().contains(workArea.getDepartment().getDept());
836         }
837     }
838     
839     /*
840      * @see org.kuali.hr.time.permissions.TkPermissionsService#canEditRegEarnCode(org.kuali.hr.time.timeblock.TimeBlock)
841      * this method is used in calendar.tag
842      * it's only used when a user is working on its own timesheet, regular earn code cannot be editable on clock entered time block
843      */
844     @Override
845     public boolean canEditRegEarnCode(TimeBlock tb) {
846     	AssignmentDescriptionKey adk = new AssignmentDescriptionKey(tb.getJobNumber().toString(), tb.getWorkArea().toString(), tb.getTask().toString());
847         Assignment anAssignment = TkServiceLocator.getAssignmentService().getAssignment(adk, tb.getBeginDate());
848         if(anAssignment != null) {
849         	// use timesheet's end date to get Time Collection Rule
850         	TimesheetDocumentHeader tdh = TkServiceLocator.getTimesheetDocumentHeaderService().getDocumentHeader(tb.getDocumentId());
851         	Date aDate =  tb.getBeginDate();
852         	if(tdh != null && tdh.getEndDate() != null) {
853         		aDate = new java.sql.Date(tdh.getEndDate().getTime());
854         	}
855         	
856         	TimeCollectionRule tcr = TkServiceLocator.getTimeCollectionRuleService().getTimeCollectionRule(anAssignment.getDept(), anAssignment.getWorkArea(), anAssignment.getJob().getHrPayType(), aDate);
857         	if (tcr == null || tcr.isClockUserFl()) {
858         		// use assignment to get the payType object, then check if the regEarnCode of the paytyep matches the earn code of the timeblock
859         		// if they do match, then return false
860         		PayType pt = TkServiceLocator.getPayTypeService().getPayType(anAssignment.getJob().getHrPayType(), anAssignment.getJob().getEffectiveDate());
861         		if(pt != null && pt.getRegEarnCode().equals(tb.getEarnCode())) {
862         			return false;
863         		}
864         	}
865         }
866     	return true;
867     }
868 
869     @Override
870     public boolean canDeleteDeptLunchDeduction() {
871         return TKUser.isAnyApproverActive();
872     }
873 
874     @Override
875     public boolean canAddSystemLevelRole() {
876         // TODO Auto-generated method stub
877         return false;
878     }
879 
880     @Override
881     public boolean canAddLocationLevelRoles() {
882         // TODO Auto-generated method stub
883         return false;
884     }
885 
886     @Override
887     public boolean canAddDepartmentLevelRoles() {
888         // TODO Auto-generated method stub
889         return false;
890     }
891 
892     @Override
893     public boolean canAddWorkareaLevelRoles() {
894         // TODO Auto-generated method stub
895         return false;
896     }
897 
898     public boolean hasManagerialRolesOnWorkArea(TimeBlock tb) {
899         return TKUser.getApproverWorkAreas().contains(tb.getWorkArea())
900                || TKUser.getReviewerWorkAreas().contains(tb.getWorkArea());
901     }
902     
903     @Override
904     public boolean canViewTimeTabs() {
905     	boolean canViewTimeTabs = false;
906     	Date asOfDate = TKUtils.getTimelessDate(null);
907     	String flsaStatus = TkConstants.FLSA_STATUS_NON_EXEMPT;
908     	// find active assignments as of currentDate
909     	String principalId = TKUser.getCurrentTargetPersonId();
910     	if(isActiveAssignmentFoundOnJobFlsaStatus(principalId, flsaStatus, false)) {
911     		//find timecalendar defined
912     		canViewTimeTabs = isCalendarDefined("payCalendar", principalId, asOfDate, false);
913     	}
914     	return canViewTimeTabs;
915     }
916     
917     private boolean isActiveAssignmentFoundOnJobFlsaStatus(String principalId, String flsaStatus, boolean chkForLeaveEligible) {
918     	boolean isActiveAssFound = false;
919     	Date asOfDate = TKUtils.getTimelessDate(null);
920      	List<Assignment> activeAssignments = TkServiceLocator.getAssignmentService().getAssignments(principalId, asOfDate);
921      	if(activeAssignments != null && !activeAssignments.isEmpty()) {
922      		for(Assignment assignment : activeAssignments) {
923      			if(assignment != null && assignment.getJob() != null && assignment.getJob().getFlsaStatus() != null && assignment.getJob().getFlsaStatus().equalsIgnoreCase(flsaStatus)) {
924      				if(chkForLeaveEligible) {
925      					isActiveAssFound = assignment.getJob().isEligibleForLeave();
926      					if(!isActiveAssFound){
927      						continue;
928      					}
929      				}
930      				isActiveAssFound = true;
931      				break;
932      			}  
933      		}
934      	}
935     	return isActiveAssFound;
936     }
937     
938     private boolean isCalendarDefined(String calendarType, String principalId, Date asOfDate, boolean chkForLeavePlan){
939     	boolean calDefined = false;
940     	PrincipalHRAttributes principalHRAttributes = TkServiceLocator.getPrincipalHRAttributeService().getPrincipalCalendar(principalId, asOfDate);
941     	if(principalHRAttributes != null) {
942     		if(calendarType.equalsIgnoreCase("payCalendar")) {
943     			calDefined = principalHRAttributes.getPayCalendar() != null ? true : false;
944     		} else if(calendarType.equalsIgnoreCase("leaveCalendar")) {
945     			calDefined = principalHRAttributes.getLeaveCalendar() != null ? true : false;
946     			if(calDefined && chkForLeavePlan) {
947     				calDefined = principalHRAttributes.getLeavePlan() != null ? true : false;
948     			}
949     		} 
950     	}
951     	return calDefined;
952     }
953     
954     @Override
955     public boolean canViewLeaveTabsWithEStatus() {
956     	boolean canViewLeaveTabs = false;
957     	String principalId = TKUser.getCurrentTargetPersonId();
958     	Date asOfDate = TKUtils.getTimelessDate(null);
959     	boolean leaveCalNPlanDefined = isCalendarDefined("leaveCalendar", principalId, asOfDate, true);
960     	String flsaStatus = TkConstants.FLSA_STATUS_EXEMPT;
961     	boolean activeAss = isActiveAssignmentFoundOnJobFlsaStatus(principalId, flsaStatus, true);
962     	canViewLeaveTabs = activeAss && leaveCalNPlanDefined;
963     	return canViewLeaveTabs;
964     }
965     
966     @Override
967     public boolean canViewLeaveTabsWithNEStatus() {
968     	boolean canViewLeaveTabs = false;
969     	Date asOfDate = TKUtils.getTimelessDate(null);
970     	String flsaStatus = TkConstants.FLSA_STATUS_NON_EXEMPT;
971     	// find active assignments as of currentDate
972     	String principalId = TKUser.getCurrentTargetPersonId();
973     	boolean activeAss = isActiveAssignmentFoundOnJobFlsaStatus(principalId, flsaStatus, true);
974     	// chk leave plan defined
975     	boolean leaveCalNPlanDefined = isCalendarDefined("leaveCalendar", principalId, asOfDate, true);
976     	boolean timeCalDefined = isCalendarDefined("payCalendar", principalId, asOfDate, false);
977     	canViewLeaveTabs = activeAss && leaveCalNPlanDefined && timeCalDefined;
978     	return canViewLeaveTabs;
979     }
980 
981 }