@Override
  public List<Long> getWorkAreasForPrincipalInRoles(
      String principalId, List<String> roleIds, DateTime asOfDate, boolean isActiveOnly) {
    Set<Long> workAreas = new HashSet<Long>();

    // iterate through the role ids getting the work areas for each one
    for (String roleId : roleIds) {
      // get the role for the role id from the role service
      Role role = getRoleService().getRole(roleId);
      if (role != null) {
        String roleName = role.getName();
        String namespaceCode = role.getNamespaceCode();

        Map<String, String> qualifiers = new HashMap<String, String>();
        // empty qualifier map will match any attribute in the predicate query, i.e. will work like
        // wildcarded entries
        List<Map<String, String>> roleQualifiers = new ArrayList<Map<String, String>>();
        List<RoleMember> principalAndGroupRoleMembers =
            getRoleMembers(namespaceCode, roleName, qualifiers, asOfDate, isActiveOnly);
        for (RoleMember roleMember : principalAndGroupRoleMembers) {
          // check for principals or groups
          if (MemberType.PRINCIPAL.equals(roleMember.getType())) {
            if (roleMember.getMemberId().equals(principalId)) {
              roleQualifiers.add(roleMember.getAttributes());
            }
          } else if (MemberType.GROUP.equals(roleMember.getType())) {
            // query the helper to see if the principal is a member of this nested member group
            Group nestedGroup = getGroupService().getGroup(roleMember.getMemberId());
            if (getRoleServiceHelper()
                .isMemberOfGroup(principalId, nestedGroup, asOfDate, isActiveOnly)) {
              roleQualifiers.add(roleMember.getAttributes());
            }
          }
        }

        for (Map<String, String> roleQualifier : roleQualifiers) {
          Long workArea =
              MapUtils.getLong(
                  roleQualifier, KPMERoleMemberAttribute.WORK_AREA.getRoleMemberAttributeName());
          if (workArea != null) {
            workAreas.add(workArea);
          }
        }
      }
    }

    List<String> departments =
        getDepartmentsForPrincipalInRoles(principalId, roleIds, asOfDate, isActiveOnly);
    workAreas.addAll(
        getWorkAreaService().getWorkAreasForDepartments(departments, asOfDate.toLocalDate()));

    return new ArrayList<Long>(workAreas);
  }
 protected boolean checkDelegationMember(RoleDocumentDelegationMember newMember) {
   if (StringUtils.isBlank(newMember.getMemberTypeCode())
       || StringUtils.isBlank(newMember.getMemberId())) {
     GlobalVariables.getMessageMap()
         .putError(
             "document.delegationMember.memberId",
             RiceKeyConstants.ERROR_EMPTY_ENTRY,
             new String[] {"Member Type Code and Member ID"});
     return false;
   }
   if (MemberType.PRINCIPAL.getCode().equals(newMember.getMemberTypeCode())) {
     Principal principalInfo = getIdentityService().getPrincipal(newMember.getMemberId());
     if (principalInfo == null) {
       GlobalVariables.getMessageMap()
           .putError(
               "document.delegationMember.memberId",
               RiceKeyConstants.ERROR_MEMBERID_MEMBERTYPE_MISMATCH,
               new String[] {newMember.getMemberId()});
       return false;
     } else {
       newMember.setMemberName(principalInfo.getPrincipalName());
     }
   } else if (MemberType.GROUP.getCode().equals(newMember.getMemberTypeCode())) {
     Group groupInfo = null;
     groupInfo = getGroupService().getGroup(newMember.getMemberId());
     if (groupInfo == null) {
       GlobalVariables.getMessageMap()
           .putError(
               "document.delegationMember.memberId",
               RiceKeyConstants.ERROR_MEMBERID_MEMBERTYPE_MISMATCH,
               new String[] {newMember.getMemberId()});
       return false;
     } else {
       newMember.setMemberName(groupInfo.getName());
       newMember.setMemberNamespaceCode(groupInfo.getNamespaceCode());
     }
   } else if (MemberType.ROLE.getCode().equals(newMember.getMemberTypeCode())) {
     Role roleInfo = KimApiServiceLocator.getRoleService().getRole(newMember.getMemberId());
     if (roleInfo == null) {
       GlobalVariables.getMessageMap()
           .putError(
               "document.delegationMember.memberId",
               RiceKeyConstants.ERROR_MEMBERID_MEMBERTYPE_MISMATCH,
               new String[] {newMember.getMemberId()});
       return false;
     } else {
       newMember.setMemberName(roleInfo.getName());
       newMember.setMemberNamespaceCode(roleInfo.getNamespaceCode());
     }
   }
   return true;
 }
  protected boolean checkKimDocumentRoleMember(KimDocumentRoleMember newMember) {
    boolean memberExists = false;
    String memberName = null;
    String memberNamespace = null;

    if (StringUtils.isBlank(newMember.getMemberId())) {
      GlobalVariables.getMessageMap()
          .putError(
              "document.member.memberId",
              RiceKeyConstants.ERROR_EMPTY_ENTRY,
              new String[] {"Member ID"});
      return false;
    }

    if (MemberType.PRINCIPAL.getCode().equals(newMember.getMemberTypeCode())) {
      Principal pi = this.getIdentityService().getPrincipal(newMember.getMemberId());
      if (pi != null) {
        memberExists = true;
        memberName = pi.getPrincipalName();
        memberNamespace = "";
      }
    } else if (MemberType.GROUP.getCode().equals(newMember.getMemberTypeCode())) {
      Group gi = KimApiServiceLocator.getGroupService().getGroup(newMember.getMemberId());
      if (gi != null) {
        memberExists = true;
        memberName = gi.getName();
        memberNamespace = gi.getNamespaceCode();
      }
    } else if (MemberType.ROLE.getCode().equals(newMember.getMemberTypeCode())) {
      Role ri = KimApiServiceLocator.getRoleService().getRole(newMember.getMemberId());
      if (!validateRole(newMember.getMemberId(), ri, "document.member.memberId", "Role")) {
        return false;
      } else {
        memberExists = true;
        memberName = ri.getName();
        memberNamespace = ri.getNamespaceCode();
      }
    }

    if (!memberExists) {
      GlobalVariables.getMessageMap()
          .putError(
              "document.member.memberId",
              RiceKeyConstants.ERROR_MEMBERID_MEMBERTYPE_MISMATCH,
              new String[] {newMember.getMemberId()});
      return false;
    }
    newMember.setMemberName(memberName);
    newMember.setMemberNamespaceCode(memberNamespace);
    return true;
  }
 public List<String> getLocationsForPrincipalInRole(
     String principalId,
     String namespaceCode,
     String roleName,
     DateTime asOfDate,
     boolean isActiveOnly) {
   List<String> locations = new ArrayList<String>();
   Role role = getRoleService().getRoleByNamespaceCodeAndName(namespaceCode, roleName);
   if (role != null) {
     locations =
         getLocationsForPrincipalInRoles(
             principalId, Collections.singletonList(role.getId()), asOfDate, isActiveOnly);
   }
   return locations;
 }
 private RoleMember assignPrincipal2Role(String principalId, Role role, String subjArea) {
   Map<String, String> qualifiers = new LinkedHashMap<String, String>();
   if (subjArea != null) {
     qualifiers.put(KimPermissionConstants.SUBJECT_AREA_ATTR_DEFINITION, subjArea);
   }
   RoleMember roleMember =
       this.roleService.assignPrincipalToRole(
           principalId, role.getNamespaceCode(), role.getName(), qualifiers);
   assertEquals(principalId, roleMember.getMemberId());
   assertEquals(role.getId(), roleMember.getRoleId());
   assertEquals(KimConstants.KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE, roleMember.getType());
   assertEquals(qualifiers, roleMember.getAttributes());
   List<String> roleIds =
       this.roleService.getMemberParentRoleIds(
           KimConstants.KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE.getCode(), principalId);
   //        assertEquals(1, roleIds.size());
   assertTrue(roleIds.contains(role.getId()));
   return roleMember;
 }
  public List<String> getDepartmentsForPrincipalInRole(
      String principalId,
      String namespaceCode,
      String roleName,
      DateTime asOfDate,
      boolean isActiveOnly) {
    List<String> departments = new ArrayList<String>();
    Role role = getRoleService().getRoleByNamespaceCodeAndName(namespaceCode, roleName);
    if (role != null) {
      departments =
          getDepartmentsForPrincipalInRoles(
              principalId, Collections.singletonList(role.getId()), asOfDate, isActiveOnly);
    }

    // TODO:
    // Do we want to pass groupKeyCode instead of location to speed up the performance?
    List<String> locations =
        getLocationsForPrincipalInRole(
            principalId, namespaceCode, roleName, asOfDate, isActiveOnly);
    departments.addAll(
        getDepartmentService().getDepartmentValuesWithLocations(locations, asOfDate.toLocalDate()));

    return new ArrayList<String>(departments);
  }
  /**
   * Gets the derived role service for {@code role}.
   *
   * @param role the role
   * @return the derived role service name for {@code role}.
   */
  protected RoleTypeService getRoleTypeService(Role role) {
    RoleTypeService roleTypeService = null;

    if (role != null) {
      String serviceName = getDerivedRoleServiceName(role.getKimTypeId());

      if (serviceName != null) {
        try {
          KimTypeService service =
              (KimTypeService) GlobalResourceLoader.getService(QName.valueOf(serviceName));
          if (service != null && service instanceof RoleTypeService) {
            return (RoleTypeService) service;
          }
        } catch (Exception ex) {
          LOG.error("Unable to find role type service with name: " + serviceName, ex);
        }
      }
    }

    return roleTypeService;
  }
  public boolean principalHasRole(
      String principalId,
      String namespaceCode,
      String roleName,
      Map<String, String> qualification,
      DateTime asOfDate) {
    boolean principalHasRole = false;

    String roleId = getRoleService().getRoleIdByNamespaceCodeAndName(namespaceCode, roleName);

    if (roleId == null) {
      return false;
    }
    if (asOfDate.compareTo(LocalDate.now().toDateTimeAtStartOfDay()) == 0) {
      principalHasRole =
          getRoleService()
              .principalHasRole(principalId, Collections.singletonList(roleId), qualification);
    } else {
      List<RoleMember> roleMembers =
          getRoleMembers(namespaceCode, roleName, qualification, asOfDate, true);

      for (RoleMember roleMember : roleMembers) {
        if (MemberType.PRINCIPAL.equals(roleMember.getType())) {
          if (StringUtils.equals(roleMember.getMemberId(), principalId)) {
            principalHasRole = true;
            break;
          }
        } else if (MemberType.GROUP.equals(roleMember.getType())) {
          if (HrServiceLocator.getKPMEGroupService()
              .isMemberOfGroupWithId(principalId, roleMember.getMemberId(), asOfDate)) {
            // if (getGroupService().isMemberOfGroup(principalId, roleMember.getMemberId())) {
            principalHasRole = true;
            break;
          }
        } else if (MemberType.ROLE.equals(roleMember.getType())) {
          Role derivedRole =
              getRoleService()
                  .getRoleByNamespaceCodeAndName(
                      KPMENamespace.KPME_HR.getNamespaceCode(),
                      KPMERole.DERIVED_ROLE_POSITION.getRoleName());
          // check if the member represents the (nested) derived role 'position'
          if (derivedRole != null && roleMember.getMemberId().equals(derivedRole.getId())) {
            // add custom attributes
            Map<String, String> qual = new HashMap<String, String>();
            qual.putAll(roleMember.getAttributes());
            qual.put("asOfDate", asOfDate.toString());
            // return true if the principal id is a member of the (nested) derived role 'position'
            RoleTypeService roleTypeService = getRoleTypeService(derivedRole);
            if (roleTypeService.hasDerivedRole(
                principalId,
                new ArrayList<String>(),
                derivedRole.getNamespaceCode(),
                derivedRole.getName(),
                qual)) {
              principalHasRole = true;
              break;
            }
          }
        }
      }
    }

    return principalHasRole;
  }
  protected List<RoleMember> getPrimaryRoleMembers(
      Role role, Map<String, String> qualification, DateTime asOfDate, boolean isActiveOnly) {
    // define the return value
    List<RoleMember> primaryRoleMembers = new ArrayList<RoleMember>();

    if (role != null) {
      RoleTypeService roleTypeService = getRoleTypeService(role);
      // use predicate based filtering only on non-derived role.
      if (roleTypeService == null || !roleTypeService.isDerivedRoleType()) {
        List<Predicate> predicates = new ArrayList<Predicate>();
        predicates.add(equal(KimConstants.PrimaryKeyConstants.SUB_ROLE_ID, role.getId()));
        if (isActiveOnly) {
          predicates.add(
              or(isNull("activeFromDateValue"), lessThanOrEqual("activeFromDateValue", asOfDate)));
          predicates.add(
              or(isNull("activeToDateValue"), greaterThan("activeToDateValue", asOfDate)));
        }

        // LookupCustomizer<RoleMemberBo> lookupCustomizer = builder.build();
        // guard for default type roles
        if (roleTypeService != null) {
          if (MapUtils.isEmpty(qualification)) {
            primaryRoleMembers =
                getRoleService()
                    .findRoleMembers(
                        QueryByCriteria.Builder.fromPredicates(
                            predicates.toArray(new Predicate[predicates.size()])))
                    .getResults();
          } else {
            // get the keys (name) of the qualifiers needed for membership in this role
            List<String> attributesForExactMatch = roleTypeService.getQualifiersForExactMatch();
            if (CollectionUtils.isNotEmpty(attributesForExactMatch)) {
              if (attributesForExactMatch.size() <= 1) {
                for (Map.Entry<String, String> qualificationEntry : qualification.entrySet()) {
                  // do not add a qualification predicate for an attribute unless it is required for
                  // matching

                  if (attributesForExactMatch.contains(qualificationEntry.getKey())) {
                    predicates.add(
                        equal(
                            "attributes[" + qualificationEntry.getKey() + "]",
                            qualificationEntry.getValue()));
                  }
                }
                primaryRoleMembers =
                    getRoleService()
                        .findRoleMembers(
                            QueryByCriteria.Builder.fromPredicates(
                                predicates.toArray(new Predicate[predicates.size()])))
                        .getResults();

              } else {
                // rice's transformation doesn't work with more than one attribute.
                // here is a terrible hack
                List<RoleMember> intersectedMembers = null;
                for (Map.Entry<String, String> qualificationEntry : qualification.entrySet()) {
                  // do not add a qualification predicate for an attribute unless it is required for
                  // matching

                  if (attributesForExactMatch.contains(qualificationEntry.getKey())) {
                    Predicate attrPredicates =
                        equal(
                            "attributes[" + qualificationEntry.getKey() + "]",
                            qualificationEntry.getValue());
                    Predicate[] tempPredicates =
                        predicates.toArray(new Predicate[predicates.size() + 1]);
                    tempPredicates[predicates.size()] = attrPredicates;
                    List<RoleMember> tempMembers =
                        new ArrayList<RoleMember>(
                            getRoleService()
                                .findRoleMembers(
                                    QueryByCriteria.Builder.fromPredicates(tempPredicates))
                                .getResults());
                    if (intersectedMembers == null) {
                      intersectedMembers = new ArrayList<>();
                      intersectedMembers.addAll(tempMembers);
                    } else {
                      intersectedMembers = intersect(intersectedMembers, tempMembers);
                    }
                  }
                }
                primaryRoleMembers = intersectedMembers;
              }
            }
          }
        }
      } else {
        // for derived roles just add the as-of date and active only flag to a copy of the
        // qualification
        Map<String, String> derivedRoleQualification = new HashMap<String, String>(qualification);
        derivedRoleQualification.put("asOfDate", asOfDate.toString());
        derivedRoleQualification.put("activeOnly", String.valueOf(isActiveOnly));
        List<RoleMembership> derivedRoleMembers =
            roleTypeService.getRoleMembersFromDerivedRole(
                role.getNamespaceCode(), role.getName(), derivedRoleQualification);
        // convert the role memberships into role members
        for (RoleMembership derivedRoleMember : derivedRoleMembers) {
          RoleMember roleMember =
              RoleMember.Builder.create(
                      derivedRoleMember.getRoleId(),
                      derivedRoleMember.getId(),
                      derivedRoleMember.getMemberId(),
                      derivedRoleMember.getType(),
                      null,
                      null,
                      derivedRoleMember.getQualifier(),
                      role.getName(),
                      role.getNamespaceCode())
                  .build();

          primaryRoleMembers.add(roleMember);
        }
      }
    }

    return primaryRoleMembers;
  }
  /**
   * Helper method to recursively search for role members.
   *
   * @param role The role
   * @param qualification The map of role qualifiers
   * @param asOfDate The effective date of the role
   * @param activeOnly or not to get only active role members
   * @return the list of role members in {@code role}.
   */
  private List<RoleMember> getRoleMembers(
      Role role, Map<String, String> qualification, DateTime asOfDate, boolean activeOnly) {
    List<RoleMember> roleMembers = new ArrayList<RoleMember>();

    if (asOfDate == null) {
      asOfDate = LocalDate.now().toDateTimeAtStartOfDay();
    }
    if (role != null) {
      RoleTypeService roleTypeService = getRoleTypeService(role);

      if (roleTypeService == null || !roleTypeService.isDerivedRoleType()) {
        List<RoleMember> primaryRoleMembers =
            getPrimaryRoleMembers(role, qualification, asOfDate, activeOnly);

        if (CollectionUtils.isNotEmpty(primaryRoleMembers)) {
          // flatten into constituent group and principal role members
          for (RoleMember primaryRoleMember : primaryRoleMembers) {
            if (MemberType.PRINCIPAL.equals(primaryRoleMember.getType())) {
              roleMembers.add(primaryRoleMember);
            } else if (MemberType.GROUP.equals(primaryRoleMember.getType())) {
              roleMembers.add(primaryRoleMember);
            } else if (MemberType.ROLE.equals(primaryRoleMember.getType())) {
              // recursive call to get role members
              Map<String, String> copiedQualification =
                  addCustomDerivedQualifications(
                      primaryRoleMember.getAttributes(), asOfDate, activeOnly);
              List<RoleMembership> memberships =
                  getRoleService()
                      .getRoleMembers(
                          Collections.singletonList(primaryRoleMember.getMemberId()),
                          copiedQualification);
              for (RoleMembership membership : memberships) {
                RoleMember roleMember =
                    RoleMember.Builder.create(
                            membership.getRoleId(),
                            membership.getId(),
                            membership.getMemberId(),
                            membership.getType(),
                            null,
                            null,
                            membership.getQualifier(),
                            "",
                            "")
                        .build();

                roleMembers.add(roleMember);
              }
            }
          }
        }
      } else {
        Map<String, String> qual =
            addCustomDerivedQualifications(qualification, asOfDate, activeOnly);
        List<RoleMembership> derivedRoleMembers =
            roleTypeService.getRoleMembersFromDerivedRole(
                role.getNamespaceCode(), role.getName(), qual);

        if (CollectionUtils.isNotEmpty(derivedRoleMembers)) {
          for (RoleMembership derivedRoleMember : derivedRoleMembers) {
            RoleMember roleMember =
                RoleMember.Builder.create(
                        derivedRoleMember.getRoleId(),
                        derivedRoleMember.getId(),
                        derivedRoleMember.getMemberId(),
                        derivedRoleMember.getType(),
                        null,
                        null,
                        derivedRoleMember.getQualifier(),
                        role.getName(),
                        role.getNamespaceCode())
                    .build();

            roleMembers.add(roleMember);
          }
        }
      }
    }

    return roleMembers;
  }
  /** Test of clear method, of class RoleAndPermissionServiceMockImpl. */
  @Test
  public void testBasicOperations() {
    System.out.println("test basic operations");
    // Make sure we have a handle on all the templates we need
    Template CAN_INVOKE_SERVICE_METHOD_TEMPLATE =
        this.permissionService.findPermTemplateByNamespaceCodeAndName(
            KimPermissionConstants.KS_ENRL_NAMESPACE,
            KimPermissionConstants.CAN_INVOKE_SERVICE_METHOD_TEMPLATE_NAME);
    assertNotNull(CAN_INVOKE_SERVICE_METHOD_TEMPLATE);

    Template OPEN_VIEW_TEMPLATE =
        this.permissionService.findPermTemplateByNamespaceCodeAndName(
            KimPermissionConstants.KR_KRAD_NAMESPACE,
            KimPermissionConstants.OPEN_VIEW_TEMPLATE_NAME);
    assertNotNull(OPEN_VIEW_TEMPLATE);

    Template EDIT_VIEW_TEMPLATE =
        this.permissionService.findPermTemplateByNamespaceCodeAndName(
            KimPermissionConstants.KR_KRAD_NAMESPACE,
            KimPermissionConstants.EDIT_VIEW_TEMPLATE_NAME);
    assertNotNull(EDIT_VIEW_TEMPLATE);

    // create permissions
    Permission CREATE_ACTIVITY_OFFERING_PERMISSION =
        this.createPermission(
            KimPermissionConstants.CREATE_ACTIVITYOFFERING_PERMISSION,
            CAN_INVOKE_SERVICE_METHOD_TEMPLATE,
            null);

    Permission CREATE_SOC_PERMISSION =
        this.createPermission(
            KimPermissionConstants.CREATE_SOC_PERMISSION, CAN_INVOKE_SERVICE_METHOD_TEMPLATE, null);

    Permission OPEN_VIEWS_FOR_COURSE_OFFERING_PERMISSION =
        this.createPermission(
            KimPermissionConstants.OPEN_VIEWS_FOR_COURSE_OFFERING_PERMISSION,
            OPEN_VIEW_TEMPLATE,
            CO_CREATE_MAINTENANCE_VIEW);

    Permission EDIT_VIEWS_FOR_COURSE_OFFERING_PERMISSION =
        this.createPermission(
            KimPermissionConstants.EDIT_VIEWS_FOR_COURSE_OFFERING_PERMISSION,
            EDIT_VIEW_TEMPLATE,
            CO_CREATE_MAINTENANCE_VIEW);

    Permission OPEN_VIEWS_FOR_SOC_PERMISSION =
        this.createPermission(
            KimPermissionConstants.OPEN_VIEWS_FOR_SOC_PERMISSION,
            OPEN_VIEW_TEMPLATE,
            ROLLOVER_MANAGEMENT_VIEW);

    Permission EDIT_VIEWS_FOR_SOC_PERMISSION =
        this.createPermission(
            KimPermissionConstants.EDIT_VIEWS_FOR_SOC_PERMISSION,
            EDIT_VIEW_TEMPLATE,
            ROLLOVER_MANAGEMENT_VIEW);

    // create some roles
    Role CENTRAL_ADMIN_ROLE =
        createRole(
            KimPermissionConstants.KS_ENRL_NAMESPACE,
            KimPermissionConstants.KUALI_STUDENT_COURSE_OFFERING_CENTRAL_ADMIN_ROLE_NAME,
            KimPermissionConstants.DEFAULT_KIM_TYPE_ID);
    Role DEPT_ADMIN_ROLE =
        createRole(
            KimPermissionConstants.KS_ENRL_NAMESPACE,
            KimPermissionConstants.KUALI_STUDENT_COURSE_OFFERING_DEPARTMENTAL_ADMIN_ROLE_NAME,
            KimPermissionConstants.DEFAULT_KIM_TYPE_ID);

    // Assign some permissions to some roles
    this.roleService.assignPermissionToRole(
        CREATE_ACTIVITY_OFFERING_PERMISSION.getId(), CENTRAL_ADMIN_ROLE.getId());
    this.roleService.assignPermissionToRole(
        CREATE_SOC_PERMISSION.getId(), CENTRAL_ADMIN_ROLE.getId());
    this.roleService.assignPermissionToRole(
        CREATE_ACTIVITY_OFFERING_PERMISSION.getId(), DEPT_ADMIN_ROLE.getId());

    this.roleService.assignPermissionToRole(
        OPEN_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getId(), CENTRAL_ADMIN_ROLE.getId());
    this.roleService.assignPermissionToRole(
        EDIT_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getId(), CENTRAL_ADMIN_ROLE.getId());
    this.roleService.assignPermissionToRole(
        OPEN_VIEWS_FOR_SOC_PERMISSION.getId(), CENTRAL_ADMIN_ROLE.getId());
    this.roleService.assignPermissionToRole(
        EDIT_VIEWS_FOR_SOC_PERMISSION.getId(), CENTRAL_ADMIN_ROLE.getId());

    this.roleService.assignPermissionToRole(
        OPEN_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getId(), DEPT_ADMIN_ROLE.getId());
    this.roleService.assignPermissionToRole(
        EDIT_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getId(), DEPT_ADMIN_ROLE.getId());
    this.roleService.assignPermissionToRole(
        OPEN_VIEWS_FOR_SOC_PERMISSION.getId(), DEPT_ADMIN_ROLE.getId());

    List<String> roleIds =
        this.permissionService.getRoleIdsForPermission(
            CREATE_ACTIVITY_OFFERING_PERMISSION.getNamespaceCode(),
            CREATE_ACTIVITY_OFFERING_PERMISSION.getName());
    assertEquals(2, roleIds.size());
    assertTrue(roleIds.contains(CENTRAL_ADMIN_ROLE.getId()));
    assertTrue(roleIds.contains(DEPT_ADMIN_ROLE.getId()));

    roleIds =
        this.permissionService.getRoleIdsForPermission(
            CREATE_SOC_PERMISSION.getNamespaceCode(), CREATE_SOC_PERMISSION.getName());
    assertEquals(1, roleIds.size());
    assertTrue(roleIds.contains(CENTRAL_ADMIN_ROLE.getId()));

    roleIds =
        this.permissionService.getRoleIdsForPermission(
            OPEN_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getNamespaceCode(),
            OPEN_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getName());
    assertEquals(2, roleIds.size());
    assertTrue(roleIds.contains(CENTRAL_ADMIN_ROLE.getId()));
    assertTrue(roleIds.contains(DEPT_ADMIN_ROLE.getId()));

    roleIds =
        this.permissionService.getRoleIdsForPermission(
            EDIT_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getNamespaceCode(),
            EDIT_VIEWS_FOR_COURSE_OFFERING_PERMISSION.getName());
    assertEquals(2, roleIds.size());
    assertTrue(roleIds.contains(CENTRAL_ADMIN_ROLE.getId()));
    assertTrue(roleIds.contains(DEPT_ADMIN_ROLE.getId()));

    roleIds =
        this.permissionService.getRoleIdsForPermission(
            OPEN_VIEWS_FOR_SOC_PERMISSION.getNamespaceCode(),
            OPEN_VIEWS_FOR_SOC_PERMISSION.getName());
    assertEquals(2, roleIds.size());
    assertTrue(roleIds.contains(CENTRAL_ADMIN_ROLE.getId()));
    assertTrue(roleIds.contains(DEPT_ADMIN_ROLE.getId()));

    roleIds =
        this.permissionService.getRoleIdsForPermission(
            EDIT_VIEWS_FOR_SOC_PERMISSION.getNamespaceCode(),
            EDIT_VIEWS_FOR_SOC_PERMISSION.getName());
    assertEquals(1, roleIds.size());
    assertTrue(roleIds.contains(CENTRAL_ADMIN_ROLE.getId()));
    //        assertTrue(roleIds.contains(DEPT_ADMIN_ROLE.getId()));

    this.assignPrincipal2Role(CENTRAL_ADMIN1, CENTRAL_ADMIN_ROLE, null);
    this.assignPrincipal2Role(DEPT_ADMIN1, DEPT_ADMIN_ROLE, "ENGL");
    this.assignPrincipal2Role(DEPT_ADMIN2, DEPT_ADMIN_ROLE, "PHYS");
    this.assignPrincipal2Role(DEPT_ADMIN3, DEPT_ADMIN_ROLE, "ENGL");
    this.assignPrincipal2Role(DEPT_ADMIN3, DEPT_ADMIN_ROLE, "PHYS");

    // check is auth by template
    assertTrue(
        isAuthorizedByTemplate(
            CENTRAL_ADMIN1,
            KimPermissionConstants.OPEN_VIEW_TEMPLATE_NAME,
            CO_CREATE_MAINTENANCE_VIEW));
    assertTrue(
        isAuthorizedByTemplate(
            CENTRAL_ADMIN1,
            KimPermissionConstants.EDIT_VIEW_TEMPLATE_NAME,
            CO_CREATE_MAINTENANCE_VIEW));
    assertTrue(
        isAuthorizedByTemplate(
            CENTRAL_ADMIN1,
            KimPermissionConstants.OPEN_VIEW_TEMPLATE_NAME,
            ROLLOVER_MANAGEMENT_VIEW));
    assertTrue(
        isAuthorizedByTemplate(
            CENTRAL_ADMIN1,
            KimPermissionConstants.EDIT_VIEW_TEMPLATE_NAME,
            ROLLOVER_MANAGEMENT_VIEW));

    assertTrue(
        isAuthorizedByTemplate(
            DEPT_ADMIN1,
            KimPermissionConstants.OPEN_VIEW_TEMPLATE_NAME,
            CO_CREATE_MAINTENANCE_VIEW));
    assertTrue(
        isAuthorizedByTemplate(
            DEPT_ADMIN1,
            KimPermissionConstants.EDIT_VIEW_TEMPLATE_NAME,
            CO_CREATE_MAINTENANCE_VIEW));
    assertTrue(
        isAuthorizedByTemplate(
            DEPT_ADMIN1, KimPermissionConstants.OPEN_VIEW_TEMPLATE_NAME, ROLLOVER_MANAGEMENT_VIEW));
    assertFalse(
        isAuthorizedByTemplate(
            DEPT_ADMIN1, KimPermissionConstants.EDIT_VIEW_TEMPLATE_NAME, ROLLOVER_MANAGEMENT_VIEW));

    assertTrue(isAuthorized(CENTRAL_ADMIN1, CREATE_ACTIVITY_OFFERING_PERMISSION, "ENGL"));
    assertTrue(isAuthorized(CENTRAL_ADMIN1, CREATE_ACTIVITY_OFFERING_PERMISSION, "PHYS"));
    assertTrue(isAuthorized(CENTRAL_ADMIN1, CREATE_ACTIVITY_OFFERING_PERMISSION, "MATH"));

    assertTrue(isAuthorized(DEPT_ADMIN1, CREATE_ACTIVITY_OFFERING_PERMISSION, "ENGL"));
    assertFalse(isAuthorized(DEPT_ADMIN1, CREATE_ACTIVITY_OFFERING_PERMISSION, "PHYS"));
    assertFalse(isAuthorized(DEPT_ADMIN1, CREATE_ACTIVITY_OFFERING_PERMISSION, "MATH"));

    assertFalse(isAuthorized(DEPT_ADMIN2, CREATE_ACTIVITY_OFFERING_PERMISSION, "ENGL"));
    assertTrue(isAuthorized(DEPT_ADMIN2, CREATE_ACTIVITY_OFFERING_PERMISSION, "PHYS"));
    assertFalse(isAuthorized(DEPT_ADMIN2, CREATE_ACTIVITY_OFFERING_PERMISSION, "MATH"));

    assertTrue(isAuthorized(DEPT_ADMIN3, CREATE_ACTIVITY_OFFERING_PERMISSION, "ENGL"));
    assertTrue(isAuthorized(DEPT_ADMIN3, CREATE_ACTIVITY_OFFERING_PERMISSION, "PHYS"));
    assertFalse(isAuthorized(DEPT_ADMIN3, CREATE_ACTIVITY_OFFERING_PERMISSION, "MATH"));
  }
  private Role createRole(String namespaceCode, String name, String kimTypeId) {
    Role.Builder bldr = Role.Builder.create();
    bldr.setNamespaceCode(namespaceCode);
    bldr.setName(name);
    bldr.setKimTypeId(kimTypeId);
    bldr.setActive(true);

    Role fromCreate = this.roleService.createRole(bldr.build());
    assertEquals(namespaceCode, fromCreate.getNamespaceCode());
    assertEquals(name, fromCreate.getName());
    assertEquals(kimTypeId, fromCreate.getKimTypeId());
    assertNotNull(fromCreate.getId());
    assertNotNull(fromCreate.getVersionNumber());
    assertTrue(fromCreate.isActive());
    assertNull(fromCreate.getDescription());

    bldr = Role.Builder.create(fromCreate);
    bldr.setDescription(namespaceCode + " " + name);
    Role fromUpdate = this.roleService.updateRole(bldr.build());
    assertEquals(fromCreate.getNamespaceCode(), fromUpdate.getNamespaceCode());
    assertEquals(fromCreate.getName(), fromUpdate.getName());
    assertEquals(fromCreate.getId(), fromUpdate.getId());
    assertNotSame(fromCreate.getVersionNumber(), fromUpdate.getVersionNumber());
    assertEquals(fromCreate.isActive(), fromUpdate.isActive());
    assertEquals(bldr.getDescription(), fromUpdate.getDescription());

    Role fromGet = this.roleService.getRole(fromUpdate.getId());
    assertEquals(fromUpdate.getNamespaceCode(), fromGet.getNamespaceCode());
    assertEquals(fromUpdate.getName(), fromGet.getName());
    assertEquals(fromUpdate.getKimTypeId(), fromGet.getKimTypeId());
    assertEquals(fromUpdate.getId(), fromGet.getId());
    assertEquals(fromUpdate.getVersionNumber(), fromGet.getVersionNumber());
    assertEquals(fromUpdate.isActive(), fromGet.isActive());
    assertEquals(fromUpdate.getDescription(), fromGet.getDescription());

    Role fromFind = this.roleService.getRoleByNamespaceCodeAndName(namespaceCode, name);
    assertEquals(fromUpdate.getNamespaceCode(), fromFind.getNamespaceCode());
    assertEquals(fromUpdate.getName(), fromFind.getName());
    assertEquals(fromUpdate.getKimTypeId(), fromFind.getKimTypeId());
    assertEquals(fromUpdate.getId(), fromFind.getId());
    assertEquals(fromUpdate.getVersionNumber(), fromFind.getVersionNumber());
    assertEquals(fromUpdate.isActive(), fromFind.isActive());
    assertEquals(fromUpdate.getDescription(), fromFind.getDescription());

    // TODO: test update

    return fromFind;
  }
  @RequestMapping(method = RequestMethod.POST, params = "methodToCall=addAlertLine")
  public ModelAndView addAlertLine(
      @ModelAttribute("KualiForm") DocumentFormBase formBase,
      BindingResult result,
      HttpServletRequest request,
      HttpServletResponse response) {
    String selectedCollectionPath =
        formBase.getActionParamaterValue(UifParameters.SELLECTED_COLLECTION_PATH);
    if (StringUtils.isBlank(selectedCollectionPath)) {
      throw new RuntimeException(
          "Selected collection was not set for add line action, cannot add new line");
    }
    CollectionGroup collectionGroup =
        formBase.getPostedView().getViewIndex().getCollectionGroupByPath(selectedCollectionPath);
    String addLinePath = collectionGroup.getAddLineBindingInfo().getBindingPath();
    Object addLine = ObjectPropertyUtils.getPropertyValue(formBase, addLinePath);
    ModelAndView modelAndView = super.addLine(formBase, result, request, response);
    List<String> principalIds = new ArrayList<String>();
    MaintenanceDocumentForm maintenanceDocumentForm =
        (MaintenanceDocumentForm) modelAndView.getModel().get("KualiForm");
    OlePersistableBusinessObjectBase olePersistableBusinessObjectBase =
        (OlePersistableBusinessObjectBase)
            maintenanceDocumentForm.getDocument().getNewMaintainableObject().getDataObject();
    AlertBo alertBo = olePersistableBusinessObjectBase.getAlertBoList().get(0);
    olePersistableBusinessObjectBase.getAlertBoList().remove(0);
    if (StringUtils.isBlank(alertBo.getReceivingGroupId())
        && StringUtils.isBlank(alertBo.getReceivingUserId())
        && StringUtils.isBlank(alertBo.getReceivingRoleId())
        && StringUtils.isBlank(alertBo.getReceivingGroupId())
        && StringUtils.isEmpty(alertBo.getReceivingUserName())
        && StringUtils.isEmpty(alertBo.getReceivingRoleName())
        && StringUtils.isEmpty(alertBo.getReceivingGroupName())) {
      GlobalVariables.getMessageMap()
          .putErrorForSectionId("OLE-AlertSection", OLEConstants.SELECT_USER);
      return modelAndView;
    }
    alertBo.setAlertCreateDate(new Date(System.currentTimeMillis()));
    alertBo.setAlertInitiatorId(GlobalVariables.getUserSession().getPrincipalId());
    alertBo.setAlertInitiatorName(
        alertService.getName(GlobalVariables.getUserSession().getPrincipalId()));

    String status = null;
    if (alertBo.getAlertDate() != null) {
      Date alertDate = alertBo.getAlertDate();
      if (alertDate.toString().equals(new Date(System.currentTimeMillis()).toString())) {
        status = "Active";
      } else {
        int dateCompare = alertBo.getAlertDate().compareTo(new Date(System.currentTimeMillis()));
        if (dateCompare > 0) {
          status = "Future";
        } else if (dateCompare < 0) {
          status = "Complete";
        }
      }
    }
    alertBo.setStatus(status);
    alertBo.setAlertStatus(true);
    List<AlertBo> alerts = new ArrayList<AlertBo>();
    if (StringUtils.isNotBlank(alertBo.getReceivingUserId())
        && (alertBo.getReceivingUserName() == null
            || (alertBo.getReceivingUserName() != null
                && alertBo.getReceivingUserName().trim().isEmpty()))) {
      alertBo.setReceivingUserName(alertService.getName(alertBo.getReceivingUserId()));
    }
    if (StringUtils.isBlank(alertBo.getReceivingUserId())
        && (alertBo.getReceivingUserName() != null
            && !alertBo.getReceivingUserName().trim().isEmpty())) {
      alertBo.setReceivingUserId(alertService.getPersonId(alertBo.getReceivingUserName()));
    }
    if (StringUtils.isNotBlank(alertBo.getReceivingUserId())) {
      principalIds.add(alertBo.getReceivingUserId());
    }
    alerts.addAll(alertService.getAlertBo(alertBo, principalIds, false, false));
    principalIds = new ArrayList<String>();

    if (StringUtils.isNotBlank(alertBo.getReceivingGroupId())
        && (alertBo.getReceivingGroupName() == null
            || (alertBo.getReceivingGroupName() != null
                && alertBo.getReceivingGroupName().trim().isEmpty()))) {
      alertBo.setReceivingGroupName(alertService.getGroupName(alertBo.getReceivingGroupId()));
    }
    if (StringUtils.isBlank(alertBo.getReceivingGroupId())
        && (alertBo.getReceivingGroupName() != null
            && !alertBo.getReceivingGroupName().trim().isEmpty())) {
      alertBo.setReceivingGroupId(alertService.getGroupId((alertBo.getReceivingUserName())));
    }

    if (StringUtils.isNotBlank(alertBo.getReceivingGroupId())) {
      List<String> memberIds = groupService.getMemberPrincipalIds(alertBo.getReceivingGroupId());
      principalIds.addAll(memberIds);
    }
    alerts.addAll(alertService.getAlertBo(alertBo, principalIds, false, true));

    principalIds = new ArrayList<String>();

    if (StringUtils.isNotBlank(alertBo.getReceivingRoleId())
        && (alertBo.getReceivingRoleName() == null
            || (alertBo.getReceivingRoleName() != null
                && alertBo.getReceivingRoleName().trim().isEmpty()))) {
      alertBo.setReceivingRoleName(alertService.getRoleName(alertBo.getReceivingRoleId()));
    }
    if (StringUtils.isBlank(alertBo.getReceivingRoleId())
        && (alertBo.getReceivingRoleName() != null
            && !alertBo.getReceivingRoleName().trim().isEmpty())) {
      alertBo.setReceivingRoleId(alertService.getRoleId((alertBo.getReceivingRoleName())));
    }

    if (StringUtils.isNotBlank(alertBo.getReceivingRoleId())) {
      List<String> roleIds = new ArrayList<String>();
      roleIds.add(alertBo.getReceivingRoleId());
      Role role = roleService.getRole(alertBo.getReceivingRoleId());
      Collection collection =
          (Collection)
              roleService.getRoleMemberPrincipalIds(
                  role.getNamespaceCode(), role.getName(), new HashMap<String, String>());
      List<String> memberIds = new ArrayList<String>();
      memberIds.addAll(collection);
      principalIds.addAll(memberIds);
    }

    alerts.addAll(alertService.getAlertBo(alertBo, principalIds, true, false));

    olePersistableBusinessObjectBase.getAlertBoList().addAll(alerts);
    if (StringUtils.isBlank(alertBo.getReceivingUserId())
        && StringUtils.isNotBlank(alertBo.getReceivingGroupId())) {
      olePersistableBusinessObjectBase.getAlertBoList().remove(0);
    }
    if (StringUtils.isNotBlank(alertBo.getReceivingUserId())
        && StringUtils.isNotBlank(alertBo.getReceivingGroupId())) {
      alertBo.setReceivingGroupName(null);
      alertBo.setReceivingGroupId(null);
    }

    return modelAndView;
  }