001/* 002 * Copyright 2010 The Kuali Foundation. 003 * 004 * Licensed under the Educational Community License, Version 1.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl1.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.kuali.ole.coa.document.authorization; 018 019import java.util.HashMap; 020import java.util.Map; 021import java.util.Set; 022 023import org.kuali.ole.coa.businessobject.Organization; 024import org.kuali.ole.sys.OLEConstants; 025import org.kuali.ole.sys.OLEPropertyConstants; 026import org.kuali.ole.sys.context.SpringContext; 027import org.kuali.ole.sys.document.authorization.FinancialSystemMaintenanceDocumentPresentationControllerBase; 028import org.kuali.ole.sys.identity.OleKimAttributes; 029import org.kuali.rice.kim.api.KimConstants; 030import org.kuali.rice.kim.api.identity.Person; 031import org.kuali.rice.kim.api.services.IdentityManagementService; 032import org.kuali.rice.kns.document.MaintenanceDocument; 033import org.kuali.rice.krad.datadictionary.AttributeSecurity; 034import org.kuali.rice.krad.service.DataDictionaryService; 035import org.kuali.rice.krad.util.GlobalVariables; 036 037/** 038 * This class can be shared by all account-involved maintenance documents which have special nested reference accounts. 039 */ 040public class OrganizationtMaintenanceDocumentPresentationController extends FinancialSystemMaintenanceDocumentPresentationControllerBase { 041 /** 042 * @see org.kuali.rice.krad.document.authorization.MaintenanceDocumentPresentationControllerBase#getConditionallyReadOnlyPropertyNames(org.kuali.rice.kns.document.MaintenanceDocument) 043 * 044 * This methods adds the extra COA code fields that are PKs of nested reference accounts but don't exist in the BO as FKs 045 * to the readOnlyPropertyNames set when accounts can't cross charts. 046 * Since these fields aren't included in AccountPersistenceStructureService.listChartOfAccountsCodeNames as 047 * in super.getConditionallyReadOnlyPropertyNames, they need to be added individually for such special cases. 048 */ 049 @Override 050 public Set<String> getConditionallyReadOnlyPropertyNames(MaintenanceDocument document) { 051 Set<String> readOnlyPropertyNames = super.getConditionallyReadOnlyPropertyNames(document); 052 053 DataDictionaryService dataDictionaryService = SpringContext.getBean(DataDictionaryService.class); 054 055 AttributeSecurity chartReadOnlyAttributeSecurity = dataDictionaryService.getAttributeSecurity(Organization.class.getName(), OLEPropertyConstants.CAMPUS_PLANT_CHART_CODE); 056 chartReadOnlyAttributeSecurity.setReadOnly(true); 057 058 AttributeSecurity plantAccountReadOnlyAttributeSecurity = dataDictionaryService.getAttributeSecurity(Organization.class.getName(), OLEPropertyConstants.CAMPUS_PLANT_ACCOUNT_NUMBER); 059 plantAccountReadOnlyAttributeSecurity.setReadOnly(true); 060 061 AttributeSecurity OrgChartReadOnlyAttributeSecurity = dataDictionaryService.getAttributeSecurity(Organization.class.getName(), OLEPropertyConstants.ORGANIZATION_PLANT_CHART_CODE); 062 OrgChartReadOnlyAttributeSecurity.setReadOnly(true); 063 064 AttributeSecurity orgPlantAccountReadOnlyAttributeSecurity = dataDictionaryService.getAttributeSecurity(Organization.class.getName(), OLEPropertyConstants.ORGANIZATION_PLANT_ACCOUNT_NUMBER); 065 orgPlantAccountReadOnlyAttributeSecurity.setReadOnly(true); 066 067 Organization organization = (Organization) document.getNewMaintainableObject().getDataObject(); 068 069 // get user 070 Person user = GlobalVariables.getUserSession().getPerson(); 071 Map<String,String> roleQualifiers = new HashMap<String,String>(); 072 073 if (isCampuChartManagerAuthorized(user, OLEPropertyConstants.CAMPUS_PLANT_CHART_CODE, roleQualifiers)) { 074 chartReadOnlyAttributeSecurity.setReadOnly(false); 075 } 076 if (isCampuChartManagerAuthorized(user, OLEPropertyConstants.CAMPUS_PLANT_ACCOUNT_NUMBER, roleQualifiers)) { 077 plantAccountReadOnlyAttributeSecurity.setReadOnly(false); 078 } 079 080 if (isCampuChartManagerAuthorized(user, OLEPropertyConstants.ORGANIZATION_PLANT_CHART_CODE, roleQualifiers)) { 081 OrgChartReadOnlyAttributeSecurity.setReadOnly(false); 082 } 083 084 if (isCampuChartManagerAuthorized(user, OLEPropertyConstants.ORGANIZATION_PLANT_ACCOUNT_NUMBER, roleQualifiers)) { 085 orgPlantAccountReadOnlyAttributeSecurity.setReadOnly(false); 086 } 087 088 return readOnlyPropertyNames; 089 } 090 091 /** 092 * This method checks whether the specified user is part of the group who can approve 093 * at the campus chart level when the plant fund attributes are null. 094 * 095 * @param user 096 * @parm propertyName 097 * @param roleQualifiers 098 * @return true if belongs to campus chart group else return false. 099 */ 100 protected boolean isCampuChartManagerAuthorized(Person user, String propertyName, Map<String,String> roleQualifiers) { 101 String principalId = user.getPrincipalId(); 102 String namespaceCode = OLEConstants.ParameterNamespaces.KNS; 103 String permissionTemplateName = KimConstants.PermissionTemplateNames.MODIFY_FIELD; 104 105 Map<String,String> permissionDetails = new HashMap<String,String>(); 106 permissionDetails.put(KimConstants.AttributeConstants.COMPONENT_NAME, Organization.class.getSimpleName()); 107 permissionDetails.put(KimConstants.AttributeConstants.PROPERTY_NAME, propertyName); 108 109 IdentityManagementService identityManagementService = SpringContext.getBean(IdentityManagementService.class); 110 Boolean isAuthorized = identityManagementService.isAuthorizedByTemplateName(principalId, namespaceCode, permissionTemplateName, permissionDetails, roleQualifiers); 111 if (!isAuthorized) { 112 return false; 113 } 114 115 return true; 116 } 117 118}