protected boolean getModifyNarrativePermission(
ProposalDevelopmentDocument document, Person user) {
DocumentRequestAuthorizationCache documentRequestAuthorizationCache =
getDocumentRequestAuthorizationCache(document);
boolean hasModifyNarrativePermission;
String modifyNarrativeCacheKey =
"ModifyNarrative|" + document.getDocumentNumber() + "|" + user.getPrincipalId();
if (documentRequestAuthorizationCache.hasPermissionResult(modifyNarrativeCacheKey)) {
hasModifyNarrativePermission =
documentRequestAuthorizationCache.getPermissionResult(modifyNarrativeCacheKey);
} else {
hasModifyNarrativePermission =
getKcAuthorizationService()
.hasPermission(user.getPrincipalId(), document, PermissionConstants.MODIFY_NARRATIVE);
documentRequestAuthorizationCache.addPermissionResult(
modifyNarrativeCacheKey, hasModifyNarrativePermission);
}
if (!hasModifyNarrativePermission) {
hasModifyNarrativePermission =
!document.getDevelopmentProposal().getSubmitFlag()
&& document.getDocumentHeader().getWorkflowDocument().isEnroute()
&& getKcAuthorizationService()
.hasPermission(
user.getPrincipalId(), document, PermissionConstants.ALTER_PROPOSAL_DATA);
documentRequestAuthorizationCache.addPermissionResult(
modifyNarrativeCacheKey, hasModifyNarrativePermission);
}
return hasModifyNarrativePermission;
}
protected boolean requiresCertification(final TravelerDetail traveler) {
final Person user = GlobalVariables.getUserSession().getPerson();
if (user.getPrincipalId().equals(traveler.getPrincipalId()) && isEmployee(traveler)) {
return true;
}
return false;
}
/** @see org.kuali.rice.krad.service.DocumentService */
@Override
public void sendNoteRouteNotification(Document document, Note note, Person sender)
throws WorkflowException {
AdHocRouteRecipient routeRecipient = note.getAdHocRouteRecipient();
// build notification request
Person requestedUser = this.getPersonService().getPersonByPrincipalName(routeRecipient.getId());
String senderName = sender.getFirstName() + " " + sender.getLastName();
String requestedName = requestedUser.getFirstName() + " " + requestedUser.getLastName();
String notificationText =
kualiConfigurationService.getPropertyValueAsString(
RiceKeyConstants.MESSAGE_NOTE_NOTIFICATION_ANNOTATION);
if (StringUtils.isBlank(notificationText)) {
throw new RuntimeException(
"No annotation message found for note notification. Message needs added to application resources with key:"
+ RiceKeyConstants.MESSAGE_NOTE_NOTIFICATION_ANNOTATION);
}
notificationText =
MessageFormat.format(
notificationText, new Object[] {senderName, requestedName, note.getNoteText()});
List<AdHocRouteRecipient> routeRecipients = new ArrayList<AdHocRouteRecipient>();
routeRecipients.add(routeRecipient);
workflowDocumentService.sendWorkflowNotification(
document.getDocumentHeader().getWorkflowDocument(),
notificationText,
routeRecipients,
KRADConstants.NOTE_WORKFLOW_NOTIFICATION_REQUEST_LABEL);
// clear recipient allowing an notification to be sent to another person
note.setAdHocRouteRecipient(new AdHocRoutePerson());
}
/**
* This method check to see if the user can create the account maintenance document and set the
* user session
*
* @param String principalId
* @return boolean
*/
protected boolean isValidUser(String principalId) {
PersonService personService = SpringContext.getBean(PersonService.class);
if (principalId == null) {
return false;
}
Person user = personService.getPerson(principalId);
if (user == null) {
return false;
}
DocumentAuthorizer documentAuthorizer = new MaintenanceDocumentAuthorizerBase();
if (documentAuthorizer.canInitiate(
SpringContext.getBean(MaintenanceDocumentDictionaryService.class)
.getDocumentTypeName(Account.class),
user)) {
// set the user session so that the user name can be displayed in the saved document
GlobalVariables.setUserSession(new UserSession(user.getPrincipalName()));
return true;
}
LOG.error(
KcUtils.getErrorMessage(
KcConstants.AccountCreationService.ERROR_KC_DOCUMENT_INVALID_USER,
new String[] {principalId}));
return false;
}
/**
* @see org.kuali.rice.kns.lookup.KualiLookupableHelperServiceImpl#getSearchResults(java.util.Map)
*/
@Override
public List<? extends BusinessObject> getSearchResults(Map<String, String> fieldValues) {
List<TemProfileFromKimPerson> searchResults = new ArrayList<TemProfileFromKimPerson>();
// final Map<String, String> kimFieldsForLookup = fieldValues;
final Map<String, String> kimFieldsForLookup = getPersonFieldValues(fieldValues);
LOG.debug("Looking up people with criteria " + kimFieldsForLookup);
final List<? extends Person> persons = personService.findPeople(kimFieldsForLookup);
for (Person personDetail : persons) {
if (!StringUtils.isBlank(personDetail.getPrincipalId())) {
searchResults.add(travelerService.convertToTemProfileFromKim(personDetail));
}
}
CollectionIncomplete results =
new CollectionIncomplete(searchResults, Long.valueOf(searchResults.size()));
// sort list if default sort column given
List<String> defaultSortColumns = getDefaultSortColumns();
if (defaultSortColumns.size() > 0) {
Collections.sort(results, new BeanPropertyComparator(defaultSortColumns, true));
}
return results;
}
/**
* Gets the payee's email address from KIM data if the payee type is Employee or Entity;
* otherwise, returns the stored field value.
*
* @return Returns the payeeEmailAddress
*/
public String getPayeeEmailAddress() {
// for Employee, retrieve from Person table by employee ID
if (StringUtils.equalsIgnoreCase(payeeIdentifierTypeCode, PayeeIdTypeCodes.EMPLOYEE)) {
Person person =
SpringContext.getBean(PersonService.class).getPersonByEmployeeId(payeeIdNumber);
if (ObjectUtils.isNotNull(person)) {
return person.getEmailAddress();
}
}
// for Entity, retrieve from Entity table by entity ID then from Person table
else if (StringUtils.equalsIgnoreCase(payeeIdentifierTypeCode, PayeeIdTypeCodes.ENTITY)) {
if (ObjectUtils.isNotNull(payeeIdNumber)) {
EntityDefault entity =
KimApiServiceLocator.getIdentityService().getEntityDefault(payeeIdNumber);
if (ObjectUtils.isNotNull(entity)) {
List<Principal> principals = entity.getPrincipals();
if (principals.size() > 0 && ObjectUtils.isNotNull(principals.get(0))) {
String principalId = principals.get(0).getPrincipalId();
Person person = SpringContext.getBean(PersonService.class).getPerson(principalId);
if (ObjectUtils.isNotNull(person)) {
return person.getEmailAddress();
}
}
}
}
}
// otherwise returns the field value
return payeeEmailAddress;
}
protected boolean isAuthorizedToViewNarrative(Narrative narrative, Person user) {
final ProposalDevelopmentDocument pdDocument =
(ProposalDevelopmentDocument) narrative.getDevelopmentProposal().getDocument();
// First, the user must have the VIEW_NARRATIVE permission. This is really
// a sanity check. If they have the VIEW or MODIFY_NARRATIVE_RIGHT, then they are
// required to have the VIEW_NARRATIVE permission.
boolean hasPermission = false;
if (getKcAuthorizationService()
.hasPermission(user.getPrincipalId(), pdDocument, PermissionConstants.VIEW_NARRATIVE)) {
hasPermission =
hasNarrativeRight(user.getPrincipalId(), narrative, NarrativeRight.VIEW_NARRATIVE_RIGHT)
|| hasNarrativeRight(
user.getPrincipalId(), narrative, NarrativeRight.MODIFY_NARRATIVE_RIGHT);
}
if (!hasPermission) {
hasPermission =
getUnitAuthorizationService()
.hasPermission(
user.getPrincipalId(),
pdDocument.getDevelopmentProposal().getOwnedByUnitNumber(),
Constants.MODULE_NAMESPACE_PROPOSAL_DEVELOPMENT,
PermissionConstants.VIEW_NARRATIVE)
|| getKcWorkflowService().hasWorkflowPermission(user.getPrincipalId(), pdDocument);
}
return hasPermission;
}
protected boolean isAuthorizedToOpenBudget(Document document, Person user) {
final ProposalDevelopmentDocument pdDocument = ((ProposalDevelopmentDocument) document);
return getKcAuthorizationService()
.hasPermission(user.getPrincipalId(), pdDocument, PermissionConstants.VIEW_BUDGET)
|| getKcWorkflowService().hasWorkflowPermission(user.getPrincipalId(), pdDocument);
}
protected String checkMemberFullName(String principalId) {
Principal principal = getIdentityService().getPrincipal(principalId);
if (principal != null) {
Person psn =
KimApiServiceLocator.getPersonService()
.getPersonByPrincipalName(principal.getPrincipalName());
if (psn != null) {
return psn.getFirstName() + " " + psn.getLastName();
}
}
return null;
}
public SimpleResult process(RouteContext context, RouteHelper helper) throws Exception {
LOG.debug("processing FYIByUniversityId node");
Element rootElement =
getRootElement(new StandardDocumentContent(context.getDocument().getDocContent()));
Collection<Element> fieldElements = XmlHelper.findElements(rootElement, "field");
Iterator<Element> elementIter = fieldElements.iterator();
while (elementIter.hasNext()) {
Element field = (Element) elementIter.next();
Element version = field.getParentElement();
if (version.getAttribute("current").getValue().equals("true")) {
LOG.debug("Looking for studentUid field: " + field.getAttributeValue("name"));
if (field.getAttribute("name") != null
&& field.getAttributeValue("name").equals("studentUid")) {
String employeeId = field.getChildText("value");
LOG.debug("Should send an FYI to employee ID: " + employeeId);
if (!StringUtils.isBlank(employeeId)) {
Person person = KimApiServiceLocator.getPersonService().getPerson(employeeId);
if (person == null) {
throw new WorkflowRuntimeException(
"Failed to locate a Person with the given employee ID: " + employeeId);
}
if (!context.isSimulation()) {
KEWServiceLocator.getWorkflowDocumentService()
.adHocRouteDocumentToPrincipal(
person.getPrincipalId(),
context.getDocument(),
KewApiConstants.ACTION_REQUEST_FYI_REQ,
null,
null,
"Notification Request",
person.getPrincipalId(),
"Notification Request",
true,
null);
}
// wfDoc.adHocRouteDocumentToPrincipal(KewApiConstants.ACTION_REQUEST_FYI_REQ,
// "Notification Request", new EmplIdVO(field.getChildText("value")), "Notification
// Request", true);
LOG.debug(
"Sent FYI using the adHocRouteDocumentToPrincipal function to UniversityID: "
+ person.getEmployeeId());
break;
}
}
}
}
return super.process(context, helper);
}
@Test
public void testViewSubAuthorizer() throws WorkflowException {
SubAwardDocument subAwardDoc = getSubAwardDocument();
SubAwardTask task = new SubAwardTask(TaskName.VIEW_SUBAWARD, subAwardDoc);
boolean retVal = taskAuthorizationService.isAuthorized(quickstart.getPrincipalId(), task);
assertTrue(retVal);
retVal = taskAuthorizationService.isAuthorized(jtester.getPrincipalId(), task);
assertFalse(retVal);
retVal = taskAuthorizationService.isAuthorized(woods.getPrincipalId(), task);
assertFalse(retVal);
retVal = taskAuthorizationService.isAuthorized(ospAdmin.getPrincipalId(), task);
assertFalse(retVal);
}
protected boolean hasModifyS2sEnroutePermission(Document document, Person user) {
DocumentRequestAuthorizationCache documentRequestAuthorizationCache =
getDocumentRequestAuthorizationCache(document);
final String cacheKey =
buildPermissionCacheKey(document, user, PermissionConstants.MODIFY_S2S_ENROUTE);
Boolean cachedResult = getCachedPermissionResult(document, cacheKey);
boolean hasS2sPermission;
if (cachedResult != null) {
hasS2sPermission = cachedResult;
} else {
ProposalDevelopmentDocument pdDocument = (ProposalDevelopmentDocument) document;
hasS2sPermission =
getKcAuthorizationService()
.hasPermission(
user.getPrincipalId(), pdDocument, PermissionConstants.MODIFY_S2S_ENROUTE);
}
final ProposalDevelopmentDocument pdDocument = ((ProposalDevelopmentDocument) document);
final DevelopmentProposal proposal = pdDocument.getDevelopmentProposal();
if (proposal.isChild() && hasS2sPermission) {
final Document parent = proposal.getParent().getDocument();
final String parentResultCacheKey =
buildPermissionCacheKey(parent, user, PermissionConstants.MODIFY_S2S_ENROUTE);
documentRequestAuthorizationCache.getPermissionResultCache().remove(parentResultCacheKey);
hasS2sPermission = isAuthorizedToModifyBudget(parent, user);
}
addCachedPermissionResult(document, cacheKey, hasS2sPermission);
return hasS2sPermission;
}
public boolean isAuthorizedToDeleteNarrative(Narrative narrative, Person user) {
final ProposalDevelopmentDocument pdDocument =
(ProposalDevelopmentDocument) narrative.getDevelopmentProposal().getDocument();
// First, the user must have the MODIFY_NARRATIVE permission. This is really
// a sanity check. If they have the MODIFY_NARRATIVE_RIGHT, then they are
// required to have the MODIFY_NARRATIVE permission.
KcDocumentRejectionService documentRejectionService = getKcDocumentRejectionService();
boolean rejectedDocument =
documentRejectionService.isDocumentOnInitialNode(
pdDocument.getDocumentHeader().getWorkflowDocument());
boolean hasPermission = false;
boolean inWorkflow = getKcWorkflowService().isInWorkflow(pdDocument);
if ((!inWorkflow || rejectedDocument) && !pdDocument.getDevelopmentProposal().getSubmitFlag()) {
if (getModifyNarrativePermission(pdDocument, user)) {
hasPermission =
hasNarrativeRight(
user.getPrincipalId(), narrative, NarrativeRight.MODIFY_NARRATIVE_RIGHT);
}
}
return hasPermission;
}
public boolean canNotifyProposalPerson(Document document, Person user) {
return getKcAuthorizationService()
.hasPermission(
user.getPrincipalId(),
(Permissionable) document,
PermissionConstants.NOTIFY_PROPOSAL_PERSONS);
}
protected boolean isAuthorizedToCopyProposal(Document document, Person user) {
return getUnitAuthorizationService()
.hasPermission(
user.getPrincipalId(),
Constants.MODULE_NAMESPACE_PROPOSAL_DEVELOPMENT,
PermissionConstants.CREATE_PROPOSAL);
}
protected boolean isAuthorizedToSubmitToWorkflow(Document document, Person user) {
final ProposalDevelopmentDocument pdDocument = ((ProposalDevelopmentDocument) document);
return !getKcWorkflowService().isInWorkflow(pdDocument)
&& getKcAuthorizationService()
.hasPermission(user.getPrincipalId(), pdDocument, PermissionConstants.SUBMIT_PROPOSAL)
&& !pdDocument.getDevelopmentProposal().isChild();
}
protected boolean isAuthorizedToAddAddressBook(Document doc, Person user) {
return getPermissionService()
.hasPermission(
user.getPrincipalId(),
Constants.MODULE_NAMESPACE_UNIT,
PermissionConstants.ADD_ADDRESS_BOOK);
}
protected boolean isAuthorizedToAlterProposalData(Document document, Person user) {
final ProposalDevelopmentDocument pdDocument = ((ProposalDevelopmentDocument) document);
// standard is authorized calculation without taking child status into account.
boolean ret =
getKcWorkflowService().isEnRoute(pdDocument)
&& !pdDocument.getDevelopmentProposal().getSubmitFlag()
&& getKcAuthorizationService()
.hasPermission(
user.getPrincipalId(), pdDocument, PermissionConstants.ALTER_PROPOSAL_DATA);
// check to see if the parent is enroute, if so deny the edit attempt.
if (pdDocument.getDevelopmentProposal().isChild()) {
try {
if (getProposalHierarchyService().getParentWorkflowDocument(pdDocument).isEnroute()) {
ret = false;
}
} catch (ProposalHierarchyException e) {
LOG.error(
String.format(
"Exception looking up parent of DevelopmentProposal %s, authorizer is going to deny edit access to this child.",
pdDocument.getDevelopmentProposal().getProposalNumber()),
e);
ret = false;
}
}
return ret;
}
public Principal getPrincipal(UserId userId) {
if (userId == null) {
return null;
} else if (userId instanceof PrincipalId) {
String principalId = ((PrincipalId) userId).getPrincipalId();
return KimApiServiceLocator.getIdentityService().getPrincipal(principalId);
} else if (userId instanceof PrincipalName) {
String principalName = ((PrincipalName) userId).getId();
return KimApiServiceLocator.getIdentityService().getPrincipalByPrincipalName(principalName);
} else if (userId instanceof EmployeeId) {
String employeeId = ((EmployeeId) userId).getEmployeeId();
Person person = getPersonByEmployeeId(employeeId);
return getPrincipal(person.getPrincipalId());
}
throw new RiceIllegalArgumentException("Invalid UserIdDTO type was passed: " + userId);
}
/**
* @see
* org.kuali.rice.krad.service.DocumentService#createNoteFromDocument(org.kuali.rice.krad.document.Document,
* java.lang.String)
*/
@Override
public Note createNoteFromDocument(Document document, String text) {
Note note = new Note();
note.setNotePostedTimestamp(getDateTimeService().getCurrentTimestamp());
note.setNoteText(text);
note.setNoteTypeCode(document.getNoteType().getCode());
PersistableBusinessObject bo = document.getNoteTarget();
// TODO gah! this is awful
Person kualiUser = GlobalVariables.getUserSession().getPerson();
if (kualiUser == null) {
throw new IllegalStateException("Current UserSession has a null Person.");
}
return bo == null ? null : getNoteService().createNote(note, bo, kualiUser.getPrincipalId());
}
protected boolean canReject(Person user) {
return getPermissionService()
.hasPermission(
user.getPrincipalId(),
Constants.MODULE_NAMESPACE_PROPOSAL_DEVELOPMENT,
PermissionConstants.REJECT_PROPOSAL_DEVELOPMENT_DOCUMENT);
}
@Override
public boolean canEditDocumentOverview(Document document, Person user) {
return isAuthorizedByTemplate(
document,
KRADConstants.KNS_NAMESPACE,
KimConstants.PermissionTemplateNames.EDIT_DOCUMENT,
user.getPrincipalId());
}
protected void checkIsLookupForProposalCreation() {
if (isLookupToCreateProposal()) {
Person user = GlobalVariables.getUserSession().getPerson();
// get the authorization
DocumentAuthorizer documentAuthorizer =
getDocumentDictionaryService().getDocumentAuthorizer(INST_PROP_DOC_NAME);
DocumentPresentationController documentPresentationController =
getDocumentDictionaryService().getDocumentPresentationController(INST_PROP_DOC_NAME);
// make sure this person is authorized to initiate
LOG.debug("calling canInitiate from getNewDocument()");
if (!documentPresentationController.canInitiate(INST_PROP_DOC_NAME)
|| !documentAuthorizer.canInitiate(INST_PROP_DOC_NAME, user)) {
throw new DocumentAuthorizationException(
user.getPrincipalName(), INITIATE, INST_PROP_DOC_NAME);
}
}
}
public boolean canCreateInstitutionalProposal(Document document, Person user) {
boolean hasPermission =
getPermissionService()
.hasPermission(
user.getPrincipalId(),
InstitutionalProposalConstants.INSTITUTIONAL_PROPOSAL_NAMESPACE,
PermissionConstants.CREATE_INSTITUTIONAL_PROPOSAL);
if (hasPermission) {
hasPermission =
getPermissionService()
.hasPermission(
user.getPrincipalId(),
InstitutionalProposalConstants.INSTITUTIONAL_PROPOSAL_NAMESPACE,
PermissionConstants.SUBMIT_INSTITUTIONAL_PROPOSAL);
}
return hasPermission;
}
protected boolean isAuthorizedToRecallProposal(Document document, Person user) {
final ProposalDevelopmentDocument pdDocument = ((ProposalDevelopmentDocument) document);
return pdDocument.getDocumentHeader().hasWorkflowDocument()
&& pdDocument.getDocumentHeader().getWorkflowDocument().isEnroute()
&& getKcAuthorizationService()
.hasPermission(user.getPrincipalId(), pdDocument, PermissionConstants.RECALL_DOCUMENT)
&& !isRevisionRequested(pdDocument.getDevelopmentProposal().getProposalStateTypeCode());
}
/**
* Gets the Person
*
* @return Returns the Person
*/
@Override
public Person getLedgerPerson() {
if ((ledgerPerson == null || !StringUtils.equals(ledgerPerson.getEmployeeId(), emplid))
&& StringUtils.isNotBlank(emplid)) {
ledgerPerson = SpringContext.getBean(PersonService.class).getPersonByEmployeeId(emplid);
}
return ledgerPerson;
}
public String getDisplayName() {
if (isUserRequest()) {
Person person = getPerson();
if (person != null) {
return person.getName();
}
} else if (isGroupRequest()) {
Group group = getGroup();
if (group != null) {
return group.getName();
} else {
return getGroupId();
}
} else if (isRoleRequest()) {
return getRoleName();
}
return "";
}
/**
* This method checks if the user has full (pre-workflow/pre-submission) proposal access
* maintenance rights
*
* @param user the user requesting access
* @param document the document object
* @return true if the user has full (pre-workflow/pre-submission) proposal access maintenance
* rights
*/
protected boolean hasFullAuthorization(Document document, Person user) {
final ProposalDevelopmentDocument pdDocument = ((ProposalDevelopmentDocument) document);
return !pdDocument.isViewOnly()
&& getKcAuthorizationService()
.hasPermission(
user.getPrincipalId(), pdDocument, PermissionConstants.MAINTAIN_PROPOSAL_ACCESS)
&& !getKcWorkflowService().isInWorkflow(pdDocument)
&& !pdDocument.getDevelopmentProposal().getSubmitFlag();
}
/**
* This method checks if the user has rights to add proposal viewers.
*
* @param user the user requesting access
* @param document the document object
*/
protected boolean hasAddViewerAuthorization(Document document, Person user) {
boolean hasPermission = false;
final ProposalDevelopmentDocument pdDocument = ((ProposalDevelopmentDocument) document);
if (getKcAuthorizationService()
.hasPermission(
user.getPrincipalId(), pdDocument, PermissionConstants.ADD_PROPOSAL_VIEWER)
&& getKcWorkflowService().isInWorkflow(pdDocument)) {
// once workflowed (OSP Administrator and Aggregator have ADD_PROPOSAL_VIEWER permission)
hasPermission = true;
} else if (getKcWorkflowService().hasWorkflowPermission(user.getPrincipalId(), pdDocument)
&& getKcWorkflowService().isEnRoute(pdDocument)) {
// Approvers (users in workflow) have permission while EnRoute
hasPermission = true;
}
return hasPermission;
}
protected void initializeNotePaseUserNames(List<CoiDisclosureNotepad> notepads) {
for (CoiDisclosureNotepad notePad : notepads) {
Person person = this.getPersonService().getPersonByPrincipalName(notePad.getUpdateUser());
notePad.setUpdateUserFullName(
person == null
? String.format(PERSON_NOT_FOUND_FORMAT_STRING, notePad.getUpdateUser())
: person.getName());
if (StringUtils.isNotBlank(notePad.getCreateUser())) {
Person creator = this.getPersonService().getPersonByPrincipalName(notePad.getCreateUser());
notePad.setCreateUserFullName(
creator == null
? String.format(PERSON_NOT_FOUND_FORMAT_STRING, notePad.getCreateUser())
: creator.getName());
} else {
notePad.setCreateUserFullName("");
}
}
}
