Coverage Report

Coverage Report - org.kuali.rice.kns.document.authorization.DocumentAuthorizerBase

Classes in this File

Line Coverage

Branch Coverage

Complexity

DocumentAuthorizerBase

0/96

0/82

4.067

 /*
  * Copyright 2007 The Kuali Foundation
  * 
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  * 
  * http://www.opensource.org/licenses/ecl2.php
  * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.kns.document.authorization;
 
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.kuali.rice.core.xml.dto.AttributeSet;
 import org.kuali.rice.kew.dto.DocumentTypeDTO;
 import org.kuali.rice.kew.dto.ProcessDTO;
 import org.kuali.rice.kew.exception.WorkflowException;
 import org.kuali.rice.kew.util.KEWConstants;
 import org.kuali.rice.kim.bo.Person;
 import org.kuali.rice.kim.util.KIMPropertyConstants;
 import org.kuali.rice.kim.util.KimConstants;
 import org.kuali.rice.kns.authorization.BusinessObjectAuthorizerBase;
 import org.kuali.rice.kns.bo.BusinessObject;
 import org.kuali.rice.kns.document.Document;
 import org.kuali.rice.kns.service.KNSServiceLocator;
 import org.kuali.rice.kns.service.KNSServiceLocatorWeb;
 import org.kuali.rice.kns.util.KNSConstants;
 import org.kuali.rice.kns.workflow.service.KualiWorkflowDocument;
 
 /**
  * DocumentAuthorizer containing common, reusable document-level authorization
  * code.
  */
 public class DocumentAuthorizerBase extends BusinessObjectAuthorizerBase
                 implements DocumentAuthorizer {
         protected static Log LOG = LogFactory.getLog(DocumentAuthorizerBase.class);
         public static final String PRE_ROUTING_ROUTE_NAME = "PreRoute";
         public static final String EDIT_MODE_DEFAULT_TRUE_VALUE = "TRUE";
         public static final String USER_SESSION_METHOD_TO_CALL_OBJECT_KEY = "METHOD_TO_CALL_KEYS_METHOD_OBJECT_KEY";
         public static final String USER_SESSION_METHOD_TO_CALL_COMPLETE_OBJECT_KEY = "METHOD_TO_CALL_KEYS_COMPLETE_OBJECT_KEY";
     public static final String USER_SESSION_METHOD_TO_CALL_COMPLETE_MARKER = "_EXITING";
 
         /**
          * Individual document families will need to reimplement this according to
          * their own needs; this version should be good enough to be usable during
          * initial development.
          */
         public Set<String> getDocumentActions(Document document, Person user,
                         Set<String> documentActions) {
                 if (LOG.isDebugEnabled()) {
                         LOG
                                         .debug("calling DocumentAuthorizerBase.getDocumentActionFlags for document '"
                                                         + document.getDocumentNumber()
                                                         + "'. user '"
                                                         + user.getPrincipalName() + "'");
                 }
                 if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_EDIT)
                                 && !isAuthorizedByTemplate(document,
                                                 KNSConstants.KNS_NAMESPACE,
                                                 KimConstants.PermissionTemplateNames.EDIT_DOCUMENT,
                                                 user.getPrincipalId())) {
                         documentActions.remove(KNSConstants.KUALI_ACTION_CAN_EDIT);
                 }
                 if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_COPY)
                                 && !isAuthorizedByTemplate(document,
                                                 KNSConstants.KNS_NAMESPACE,
                                                 KimConstants.PermissionTemplateNames.COPY_DOCUMENT,
                                                 user.getPrincipalId())) {
                         documentActions.remove(KNSConstants.KUALI_ACTION_CAN_COPY);
                 }
                 if (documentActions
                                 .contains(KNSConstants.KUALI_ACTION_CAN_BLANKET_APPROVE)
                                 && !isAuthorizedByTemplate(
                                                 document,
                                                 KNSConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
                                                 KimConstants.PermissionTemplateNames.BLANKET_APPROVE_DOCUMENT,
                                                 user.getPrincipalId())) {
                         documentActions
                                         .remove(KNSConstants.KUALI_ACTION_CAN_BLANKET_APPROVE);
                 }
                 if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_CANCEL)
                                 && !isAuthorizedByTemplate(document,
                                                 KNSConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
                                                 KimConstants.PermissionTemplateNames.CANCEL_DOCUMENT,
                                                 user.getPrincipalId())) {
                         documentActions.remove(KNSConstants.KUALI_ACTION_CAN_CANCEL);
                 }
                 if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_SAVE)
                                 && !isAuthorizedByTemplate(document,
                                                 KNSConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
                                                 KimConstants.PermissionTemplateNames.SAVE_DOCUMENT,
                                                 user.getPrincipalId())) {
                         documentActions.remove(KNSConstants.KUALI_ACTION_CAN_SAVE);
                 }
                 if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_ROUTE)
                                 && !isAuthorizedByTemplate(document,
                                                 KNSConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
                                                 KimConstants.PermissionTemplateNames.ROUTE_DOCUMENT,
                                                 user.getPrincipalId())) {
                         documentActions.remove(KNSConstants.KUALI_ACTION_CAN_ROUTE);
                 }
                 if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_ACKNOWLEDGE) 
                                 && !canTakeRequestedAction(document,
                                 KEWConstants.ACTION_REQUEST_ACKNOWLEDGE_REQ, user)) {
                         documentActions.remove(KNSConstants.KUALI_ACTION_CAN_ACKNOWLEDGE);
                 }
                 if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_FYI) &&
                                 !canTakeRequestedAction(document, KEWConstants.ACTION_REQUEST_FYI_REQ, user)) {
                         documentActions.remove(KNSConstants.KUALI_ACTION_CAN_FYI);
                 }
                 if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_APPROVE)
                                 || documentActions
                                                 .contains(KNSConstants.KUALI_ACTION_CAN_DISAPPROVE)) {
                         if (!canTakeRequestedAction(document,
                                         KEWConstants.ACTION_REQUEST_APPROVE_REQ, user)) {
                                 documentActions.remove(KNSConstants.KUALI_ACTION_CAN_APPROVE);
                                 documentActions
                                                 .remove(KNSConstants.KUALI_ACTION_CAN_DISAPPROVE);
                         }
                 }
                 
                 if ( !canSendAnyTypeAdHocRequests(document, user) ) {
                         documentActions.remove(KNSConstants.KUALI_ACTION_CAN_ADD_ADHOC_REQUESTS);
                         documentActions.remove(KNSConstants.KUALI_ACTION_CAN_SEND_ADHOC_REQUESTS);
                         documentActions.remove(KNSConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
                 }
                 
                 if(documentActions
                                 .contains(KNSConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI)
                                 && !canSendAdHocRequests(document, KEWConstants.ACTION_REQUEST_FYI_REQ, user)){
                         documentActions.remove(KNSConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
                 }
                                 
                 if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_ANNOTATE)
                                 && !documentActions
                                                 .contains(KNSConstants.KUALI_ACTION_CAN_EDIT)) {
                         documentActions.remove(KNSConstants.KUALI_ACTION_CAN_ANNOTATE);
                 }
                 if(documentActions.contains(KNSConstants.KUALI_ACTION_CAN_EDIT__DOCUMENT_OVERVIEW) 
                                 &&!canEditDocumentOverview(document, user)){
                         documentActions.remove(KNSConstants.KUALI_ACTION_CAN_EDIT__DOCUMENT_OVERVIEW);
                 }
                 return documentActions;
         }
 
         public final boolean canInitiate(String documentTypeName, Person user) {
                 String nameSpaceCode = KNSConstants.KUALI_RICE_SYSTEM_NAMESPACE;
                 AttributeSet permissionDetails = new AttributeSet();
                 permissionDetails.put(KimConstants.AttributeConstants.DOCUMENT_TYPE_NAME,
                                 documentTypeName);
                 return getIdentityManagementService().isAuthorizedByTemplateName(
                                 user.getPrincipalId(), nameSpaceCode,
                                 KimConstants.PermissionTemplateNames.INITIATE_DOCUMENT,
                                 permissionDetails, null);
         }
 
         public final boolean canReceiveAdHoc(Document document, Person user,
                         String actionRequestCode) {
                 Map<String,String> additionalPermissionDetails = new HashMap<String, String>();
                 additionalPermissionDetails.put(KimConstants.AttributeConstants.ACTION_REQUEST_CD, actionRequestCode);
                 return isAuthorizedByTemplate(document,
                                 KNSConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
                                 KimConstants.PermissionTemplateNames.AD_HOC_REVIEW_DOCUMENT,
                                 user.getPrincipalId(), additionalPermissionDetails, null );
         }
 
         public final boolean canOpen(Document document, Person user) {
                 return isAuthorizedByTemplate(document, KNSConstants.KNS_NAMESPACE,
                                 KimConstants.PermissionTemplateNames.OPEN_DOCUMENT, user
                                                 .getPrincipalId());
         }
 
         public final boolean canAddNoteAttachment(Document document,
                         String attachmentTypeCode, Person user) {
                 Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
                 if (attachmentTypeCode != null) {
                         additionalPermissionDetails.put(KimConstants.AttributeConstants.ATTACHMENT_TYPE_CODE,
                                         attachmentTypeCode);
                 }
                 return isAuthorizedByTemplate(document, KNSConstants.KNS_NAMESPACE,
                                 KimConstants.PermissionTemplateNames.ADD_NOTE_ATTACHMENT, user
                                                 .getPrincipalId(), additionalPermissionDetails, null);
         }
 
         public final boolean canDeleteNoteAttachment(Document document,
                         String attachmentTypeCode, String createdBySelfOnly, Person user) {
                 Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
                 if (attachmentTypeCode != null) {
                         additionalPermissionDetails.put(KimConstants.AttributeConstants.ATTACHMENT_TYPE_CODE,
                                         attachmentTypeCode);
                 }
                 additionalPermissionDetails.put(KimConstants.AttributeConstants.CREATED_BY_SELF,
                                 createdBySelfOnly);
                 return isAuthorizedByTemplate(document, KNSConstants.KNS_NAMESPACE,
                                 KimConstants.PermissionTemplateNames.DELETE_NOTE_ATTACHMENT,
                                 user.getPrincipalId(), additionalPermissionDetails, null);
         }
 
         public final boolean canViewNoteAttachment(Document document,
                         String attachmentTypeCode, Person user) {
                 Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
                 if (attachmentTypeCode != null) {
                         additionalPermissionDetails.put(KimConstants.AttributeConstants.ATTACHMENT_TYPE_CODE,
                                         attachmentTypeCode);
                 }
                 return isAuthorizedByTemplate(document, KNSConstants.KNS_NAMESPACE,
                                 KimConstants.PermissionTemplateNames.VIEW_NOTE_ATTACHMENT, user
                                                 .getPrincipalId(), additionalPermissionDetails, null);
         }
         
         public final boolean canSendAdHocRequests(Document document,
                         String actionRequestCd, Person user) {
                 Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
                 if (actionRequestCd != null) {
                         additionalPermissionDetails.put(KimConstants.AttributeConstants.ACTION_REQUEST_CD,
                                         actionRequestCd);
                 }
                 return isAuthorizedByTemplate(document, KNSConstants.KNS_NAMESPACE,
                                 KimConstants.PermissionTemplateNames.SEND_AD_HOC_REQUEST, user
                                                 .getPrincipalId(), additionalPermissionDetails, null);
         }
         
         public boolean canEditDocumentOverview(Document document, Person user){
                 return isAuthorizedByTemplate(document,
                                 KNSConstants.KNS_NAMESPACE,
                                 KimConstants.PermissionTemplateNames.EDIT_DOCUMENT,
                                 user.getPrincipalId()) && this.isDocumentInitiator(document, user);
         }
         
         protected final boolean canSendAnyTypeAdHocRequests(Document document, Person user) {
                 if(canSendAdHocRequests(document, KEWConstants.ACTION_REQUEST_FYI_REQ, user)) {
                     try {
                 DocumentTypeDTO docType = KNSServiceLocatorWeb.getWorkflowInfoService().getDocType(document.getDocumentHeader().getWorkflowDocument().getDocumentType());
                 ProcessDTO process = docType.getRoutePath().getPrimaryProcess();
                 if (process != null) {
                     if (process.getInitialRouteNode() == null) {
                         return false;
                     }
                 } else {
                     return false;
                 }
                     } catch (WorkflowException e) {
                 return false;
             }
                         return true;
                 }else if(canSendAdHocRequests(document, KEWConstants.ACTION_REQUEST_ACKNOWLEDGE_REQ, user)){
                         return true;
                 }
                 return canSendAdHocRequests(document, KEWConstants.ACTION_REQUEST_APPROVE_REQ, user);
         }
 
         protected boolean canTakeRequestedAction(Document document,
                         String actionRequestCode, Person user) {
                 Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
                 additionalPermissionDetails.put(KimConstants.AttributeConstants.ACTION_REQUEST_CD,
                                 actionRequestCode);
                 return isAuthorizedByTemplate(document, KNSConstants.KNS_NAMESPACE,
                                 KimConstants.PermissionTemplateNames.TAKE_REQUESTED_ACTION,
                                 user.getPrincipalId(), additionalPermissionDetails, null);
         }
 
         @Override
         protected void addPermissionDetails(BusinessObject businessObject,
                         Map<String, String> attributes) {
                 super.addPermissionDetails(businessObject, attributes);
                 if (businessObject instanceof Document) {
                         addStandardAttributes((Document) businessObject, attributes);
                 }
         }
 
         @Override
         protected void addRoleQualification(BusinessObject businessObject,
                         Map<String, String> attributes) {
                 super.addRoleQualification(businessObject, attributes);
                 if (businessObject instanceof Document) {
                         addStandardAttributes((Document) businessObject, attributes);
                 }
         }
 
         protected void addStandardAttributes(Document document,
                         Map<String, String> attributes) {
                 KualiWorkflowDocument wd = document.getDocumentHeader()
                                 .getWorkflowDocument();
                 attributes.put(KimConstants.AttributeConstants.DOCUMENT_NUMBER, document
                                 .getDocumentNumber());
                 attributes.put(KimConstants.AttributeConstants.DOCUMENT_TYPE_NAME, wd.getDocumentType());
                 if (wd.stateIsInitiated() || wd.stateIsSaved()) {
                         attributes.put(KimConstants.AttributeConstants.ROUTE_NODE_NAME,
                                         PRE_ROUTING_ROUTE_NAME);
                 } else {
                         attributes.put(KimConstants.AttributeConstants.ROUTE_NODE_NAME, wd
                                         .getCurrentRouteNodeNames());
                 }
                 attributes.put(KimConstants.AttributeConstants.ROUTE_STATUS_CODE, wd.getRouteHeader()
                                 .getDocRouteStatus());
         }
         
         protected boolean isDocumentInitiator(Document document, Person user) {
         KualiWorkflowDocument workflowDocument = document.getDocumentHeader().getWorkflowDocument();
         return workflowDocument.getInitiatorPrincipalId().equalsIgnoreCase(user.getPrincipalId());
     }
 }

1		/*
2		* Copyright 2007 The Kuali Foundation
3		*
4		* Licensed under the Educational Community License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.opensource.org/licenses/ecl2.php
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*/
16		package org.kuali.rice.kns.document.authorization;
17
18		import java.util.HashMap;
19		import java.util.Map;
20		import java.util.Set;
21
22		import org.apache.commons.logging.Log;
23		import org.apache.commons.logging.LogFactory;
24		import org.kuali.rice.core.xml.dto.AttributeSet;
25		import org.kuali.rice.kew.dto.DocumentTypeDTO;
26		import org.kuali.rice.kew.dto.ProcessDTO;
27		import org.kuali.rice.kew.exception.WorkflowException;
28		import org.kuali.rice.kew.util.KEWConstants;
29		import org.kuali.rice.kim.bo.Person;
30		import org.kuali.rice.kim.util.KIMPropertyConstants;
31		import org.kuali.rice.kim.util.KimConstants;
32		import org.kuali.rice.kns.authorization.BusinessObjectAuthorizerBase;
33		import org.kuali.rice.kns.bo.BusinessObject;
34		import org.kuali.rice.kns.document.Document;
35		import org.kuali.rice.kns.service.KNSServiceLocator;
36		import org.kuali.rice.kns.service.KNSServiceLocatorWeb;
37		import org.kuali.rice.kns.util.KNSConstants;
38		import org.kuali.rice.kns.workflow.service.KualiWorkflowDocument;
39
40		/**
41		* DocumentAuthorizer containing common, reusable document-level authorization
42		* code.
43		*/
44	0	public class DocumentAuthorizerBase extends BusinessObjectAuthorizerBase
45		implements DocumentAuthorizer {
46	0	protected static Log LOG = LogFactory.getLog(DocumentAuthorizerBase.class);
47		public static final String PRE_ROUTING_ROUTE_NAME = "PreRoute";
48		public static final String EDIT_MODE_DEFAULT_TRUE_VALUE = "TRUE";
49		public static final String USER_SESSION_METHOD_TO_CALL_OBJECT_KEY = "METHOD_TO_CALL_KEYS_METHOD_OBJECT_KEY";
50		public static final String USER_SESSION_METHOD_TO_CALL_COMPLETE_OBJECT_KEY = "METHOD_TO_CALL_KEYS_COMPLETE_OBJECT_KEY";
51		public static final String USER_SESSION_METHOD_TO_CALL_COMPLETE_MARKER = "_EXITING";
52
53		/**
54		* Individual document families will need to reimplement this according to
55		* their own needs; this version should be good enough to be usable during
56		* initial development.
57		*/
58		public Set<String> getDocumentActions(Document document, Person user,
59		Set<String> documentActions) {
60	0	if (LOG.isDebugEnabled()) {
61	0	LOG
62		.debug("calling DocumentAuthorizerBase.getDocumentActionFlags for document '"
63		+ document.getDocumentNumber()
64		+ "'. user '"
65		+ user.getPrincipalName() + "'");
66		}
67	0	if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_EDIT)
68		&& !isAuthorizedByTemplate(document,
69		KNSConstants.KNS_NAMESPACE,
70		KimConstants.PermissionTemplateNames.EDIT_DOCUMENT,
71		user.getPrincipalId())) {
72	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_EDIT);
73		}
74	0	if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_COPY)
75		&& !isAuthorizedByTemplate(document,
76		KNSConstants.KNS_NAMESPACE,
77		KimConstants.PermissionTemplateNames.COPY_DOCUMENT,
78		user.getPrincipalId())) {
79	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_COPY);
80		}
81	0	if (documentActions
82		.contains(KNSConstants.KUALI_ACTION_CAN_BLANKET_APPROVE)
83		&& !isAuthorizedByTemplate(
84		document,
85		KNSConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
86		KimConstants.PermissionTemplateNames.BLANKET_APPROVE_DOCUMENT,
87		user.getPrincipalId())) {
88	0	documentActions
89		.remove(KNSConstants.KUALI_ACTION_CAN_BLANKET_APPROVE);
90		}
91	0	if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_CANCEL)
92		&& !isAuthorizedByTemplate(document,
93		KNSConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
94		KimConstants.PermissionTemplateNames.CANCEL_DOCUMENT,
95		user.getPrincipalId())) {
96	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_CANCEL);
97		}
98	0	if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_SAVE)
99		&& !isAuthorizedByTemplate(document,
100		KNSConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
101		KimConstants.PermissionTemplateNames.SAVE_DOCUMENT,
102		user.getPrincipalId())) {
103	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_SAVE);
104		}
105	0	if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_ROUTE)
106		&& !isAuthorizedByTemplate(document,
107		KNSConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
108		KimConstants.PermissionTemplateNames.ROUTE_DOCUMENT,
109		user.getPrincipalId())) {
110	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_ROUTE);
111		}
112	0	if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_ACKNOWLEDGE)
113		&& !canTakeRequestedAction(document,
114		KEWConstants.ACTION_REQUEST_ACKNOWLEDGE_REQ, user)) {
115	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_ACKNOWLEDGE);
116		}
117	0	if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_FYI) &&
118		!canTakeRequestedAction(document, KEWConstants.ACTION_REQUEST_FYI_REQ, user)) {
119	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_FYI);
120		}
121	0	if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_APPROVE)
122		\|\| documentActions
123		.contains(KNSConstants.KUALI_ACTION_CAN_DISAPPROVE)) {
124	0	if (!canTakeRequestedAction(document,
125		KEWConstants.ACTION_REQUEST_APPROVE_REQ, user)) {
126	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_APPROVE);
127	0	documentActions
128		.remove(KNSConstants.KUALI_ACTION_CAN_DISAPPROVE);
129		}
130		}
131
132	0	if ( !canSendAnyTypeAdHocRequests(document, user) ) {
133	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_ADD_ADHOC_REQUESTS);
134	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_SEND_ADHOC_REQUESTS);
135	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
136		}
137
138	0	if(documentActions
139		.contains(KNSConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI)
140		&& !canSendAdHocRequests(document, KEWConstants.ACTION_REQUEST_FYI_REQ, user)){
141	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
142		}
143
144	0	if (documentActions.contains(KNSConstants.KUALI_ACTION_CAN_ANNOTATE)
145		&& !documentActions
146		.contains(KNSConstants.KUALI_ACTION_CAN_EDIT)) {
147	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_ANNOTATE);
148		}
149	0	if(documentActions.contains(KNSConstants.KUALI_ACTION_CAN_EDIT__DOCUMENT_OVERVIEW)
150		&&!canEditDocumentOverview(document, user)){
151	0	documentActions.remove(KNSConstants.KUALI_ACTION_CAN_EDIT__DOCUMENT_OVERVIEW);
152		}
153	0	return documentActions;
154		}
155
156		public final boolean canInitiate(String documentTypeName, Person user) {
157	0	String nameSpaceCode = KNSConstants.KUALI_RICE_SYSTEM_NAMESPACE;
158	0	AttributeSet permissionDetails = new AttributeSet();
159	0	permissionDetails.put(KimConstants.AttributeConstants.DOCUMENT_TYPE_NAME,
160		documentTypeName);
161	0	return getIdentityManagementService().isAuthorizedByTemplateName(
162		user.getPrincipalId(), nameSpaceCode,
163		KimConstants.PermissionTemplateNames.INITIATE_DOCUMENT,
164		permissionDetails, null);
165		}
166
167		public final boolean canReceiveAdHoc(Document document, Person user,
168		String actionRequestCode) {
169	0	Map<String,String> additionalPermissionDetails = new HashMap<String, String>();
170	0	additionalPermissionDetails.put(KimConstants.AttributeConstants.ACTION_REQUEST_CD, actionRequestCode);
171	0	return isAuthorizedByTemplate(document,
172		KNSConstants.KUALI_RICE_WORKFLOW_NAMESPACE,
173		KimConstants.PermissionTemplateNames.AD_HOC_REVIEW_DOCUMENT,
174		user.getPrincipalId(), additionalPermissionDetails, null );
175		}
176
177		public final boolean canOpen(Document document, Person user) {
178	0	return isAuthorizedByTemplate(document, KNSConstants.KNS_NAMESPACE,
179		KimConstants.PermissionTemplateNames.OPEN_DOCUMENT, user
180		.getPrincipalId());
181		}
182
183		public final boolean canAddNoteAttachment(Document document,
184		String attachmentTypeCode, Person user) {
185	0	Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
186	0	if (attachmentTypeCode != null) {
187	0	additionalPermissionDetails.put(KimConstants.AttributeConstants.ATTACHMENT_TYPE_CODE,
188		attachmentTypeCode);
189		}
190	0	return isAuthorizedByTemplate(document, KNSConstants.KNS_NAMESPACE,
191		KimConstants.PermissionTemplateNames.ADD_NOTE_ATTACHMENT, user
192		.getPrincipalId(), additionalPermissionDetails, null);
193		}
194
195		public final boolean canDeleteNoteAttachment(Document document,
196		String attachmentTypeCode, String createdBySelfOnly, Person user) {
197	0	Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
198	0	if (attachmentTypeCode != null) {
199	0	additionalPermissionDetails.put(KimConstants.AttributeConstants.ATTACHMENT_TYPE_CODE,
200		attachmentTypeCode);
201		}
202	0	additionalPermissionDetails.put(KimConstants.AttributeConstants.CREATED_BY_SELF,
203		createdBySelfOnly);
204	0	return isAuthorizedByTemplate(document, KNSConstants.KNS_NAMESPACE,
205		KimConstants.PermissionTemplateNames.DELETE_NOTE_ATTACHMENT,
206		user.getPrincipalId(), additionalPermissionDetails, null);
207		}
208
209		public final boolean canViewNoteAttachment(Document document,
210		String attachmentTypeCode, Person user) {
211	0	Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
212	0	if (attachmentTypeCode != null) {
213	0	additionalPermissionDetails.put(KimConstants.AttributeConstants.ATTACHMENT_TYPE_CODE,
214		attachmentTypeCode);
215		}
216	0	return isAuthorizedByTemplate(document, KNSConstants.KNS_NAMESPACE,
217		KimConstants.PermissionTemplateNames.VIEW_NOTE_ATTACHMENT, user
218		.getPrincipalId(), additionalPermissionDetails, null);
219		}
220
221		public final boolean canSendAdHocRequests(Document document,
222		String actionRequestCd, Person user) {
223	0	Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
224	0	if (actionRequestCd != null) {
225	0	additionalPermissionDetails.put(KimConstants.AttributeConstants.ACTION_REQUEST_CD,
226		actionRequestCd);
227		}
228	0	return isAuthorizedByTemplate(document, KNSConstants.KNS_NAMESPACE,
229		KimConstants.PermissionTemplateNames.SEND_AD_HOC_REQUEST, user
230		.getPrincipalId(), additionalPermissionDetails, null);
231		}
232
233		public boolean canEditDocumentOverview(Document document, Person user){
234	0	return isAuthorizedByTemplate(document,
235		KNSConstants.KNS_NAMESPACE,
236		KimConstants.PermissionTemplateNames.EDIT_DOCUMENT,
237		user.getPrincipalId()) && this.isDocumentInitiator(document, user);
238		}
239
240		protected final boolean canSendAnyTypeAdHocRequests(Document document, Person user) {
241	0	if(canSendAdHocRequests(document, KEWConstants.ACTION_REQUEST_FYI_REQ, user)) {
242		try {
243	0	DocumentTypeDTO docType = KNSServiceLocatorWeb.getWorkflowInfoService().getDocType(document.getDocumentHeader().getWorkflowDocument().getDocumentType());
244	0	ProcessDTO process = docType.getRoutePath().getPrimaryProcess();
245	0	if (process != null) {
246	0	if (process.getInitialRouteNode() == null) {
247	0	return false;
248		}
249		} else {
250	0	return false;
251		}
252	0	} catch (WorkflowException e) {
253	0	return false;
254	0	}
255	0	return true;
256	0	}else if(canSendAdHocRequests(document, KEWConstants.ACTION_REQUEST_ACKNOWLEDGE_REQ, user)){
257	0	return true;
258		}
259	0	return canSendAdHocRequests(document, KEWConstants.ACTION_REQUEST_APPROVE_REQ, user);
260		}
261
262		protected boolean canTakeRequestedAction(Document document,
263		String actionRequestCode, Person user) {
264	0	Map<String, String> additionalPermissionDetails = new HashMap<String, String>();
265	0	additionalPermissionDetails.put(KimConstants.AttributeConstants.ACTION_REQUEST_CD,
266		actionRequestCode);
267	0	return isAuthorizedByTemplate(document, KNSConstants.KNS_NAMESPACE,
268		KimConstants.PermissionTemplateNames.TAKE_REQUESTED_ACTION,
269		user.getPrincipalId(), additionalPermissionDetails, null);
270		}
271
272		@Override
273		protected void addPermissionDetails(BusinessObject businessObject,
274		Map<String, String> attributes) {
275	0	super.addPermissionDetails(businessObject, attributes);
276	0	if (businessObject instanceof Document) {
277	0	addStandardAttributes((Document) businessObject, attributes);
278		}
279	0	}
280
281		@Override
282		protected void addRoleQualification(BusinessObject businessObject,
283		Map<String, String> attributes) {
284	0	super.addRoleQualification(businessObject, attributes);
285	0	if (businessObject instanceof Document) {
286	0	addStandardAttributes((Document) businessObject, attributes);
287		}
288	0	}
289
290		protected void addStandardAttributes(Document document,
291		Map<String, String> attributes) {
292	0	KualiWorkflowDocument wd = document.getDocumentHeader()
293		.getWorkflowDocument();
294	0	attributes.put(KimConstants.AttributeConstants.DOCUMENT_NUMBER, document
295		.getDocumentNumber());
296	0	attributes.put(KimConstants.AttributeConstants.DOCUMENT_TYPE_NAME, wd.getDocumentType());
297	0	if (wd.stateIsInitiated() \|\| wd.stateIsSaved()) {
298	0	attributes.put(KimConstants.AttributeConstants.ROUTE_NODE_NAME,
299		PRE_ROUTING_ROUTE_NAME);
300		} else {
301	0	attributes.put(KimConstants.AttributeConstants.ROUTE_NODE_NAME, wd
302		.getCurrentRouteNodeNames());
303		}
304	0	attributes.put(KimConstants.AttributeConstants.ROUTE_STATUS_CODE, wd.getRouteHeader()
305		.getDocRouteStatus());
306	0	}
307
308		protected boolean isDocumentInitiator(Document document, Person user) {
309	0	KualiWorkflowDocument workflowDocument = document.getDocumentHeader().getWorkflowDocument();
310	0	return workflowDocument.getInitiatorPrincipalId().equalsIgnoreCase(user.getPrincipalId());
311		}
312		}