/*
 * The Kuali Financial System, a comprehensive financial management system for higher education.
 * 
 * Copyright 2005-2014 The Kuali Foundation
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 * 
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
package org.kuali.kfs.module.tem.document.authorization;

import java.util.Map;
import java.util.Set;

import org.apache.commons.lang.StringUtils;
import org.kuali.kfs.module.tem.TemPropertyConstants;
import org.kuali.kfs.module.tem.businessobject.TemProfile;
import org.kuali.kfs.module.tem.businessobject.TemProfileAccount;
import org.kuali.kfs.module.tem.businessobject.TemProfileArranger;
import org.kuali.kfs.module.tem.businessobject.TemProfileEmergencyContact;
import org.kuali.kfs.sys.document.FinancialSystemMaintenanceDocument;
import org.kuali.kfs.sys.document.authorization.FinancialSystemMaintenanceDocumentAuthorizerBase;
import org.kuali.kfs.sys.identity.KfsKimAttributes;
import org.kuali.rice.kim.api.identity.Person;
import org.kuali.rice.krad.document.Document;
import org.kuali.rice.krad.util.KRADConstants;
import org.kuali.rice.krad.util.ObjectUtils;

/**
 * Why does this class exist?  That's...kind of a long story.
 * TemProfileAuthorizer needs to override canCreate and canMaintain.  Sadly, those methods are final on the base class, so it has to implement
 * the interface for MaintenanceDocuemntAuthorizers.
 * But when it does that, it looses lots of cool extended functionality like the addRoleQualifiers getting passed everywhere, etc etc
 * when really, we're only overriding a couple methods.
 * Given that, this extends the normal maint doc authorizer for maint docs in KFS.  And when TemProfileAuthorizer is just deferring calls instead
 * of overriding the method completely, it will call to this
 */
public class TemProfileAuthorizerAssistant extends FinancialSystemMaintenanceDocumentAuthorizerBase {
    /**
     * @see org.kuali.rice.kns.document.authorization.MaintenanceDocumentAuthorizerBase#addRoleQualification(java.lang.Object, java.util.Map)
     */
    @Override
    protected void addRoleQualification(Object dataObject, Map<String, String> attributes) {
        super.addRoleQualification(dataObject, attributes);
        if (dataObject instanceof FinancialSystemMaintenanceDocument) {
            FinancialSystemMaintenanceDocument maintDoc = (FinancialSystemMaintenanceDocument) dataObject;
            if (maintDoc.getNewMaintainableObject().getBusinessObject() instanceof TemProfile) {
                final TemProfile profile = (TemProfile) maintDoc.getNewMaintainableObject().getBusinessObject();
                addRoleQualificationsFromProfile(profile, attributes);
                if (!StringUtils.isBlank(maintDoc.getNewMaintainableObject().getMaintenanceAction())) {
                    attributes.put(KRADConstants.MAINTENANCE_ACTN, maintDoc.getNewMaintainableObject().getMaintenanceAction());
                }
            }
        } else if (dataObject instanceof TemProfile) {
            final TemProfile profile = (TemProfile)dataObject;
            addRoleQualificationsFromProfile(profile, attributes);
        } else if (dataObject instanceof TemProfileEmergencyContact) {
            final TemProfileEmergencyContact emergencyContact = (TemProfileEmergencyContact)dataObject;
            if (ObjectUtils.isNull(emergencyContact.getProfile())) {
                emergencyContact.refreshReferenceObject(TemPropertyConstants.PROFILE);
            }
            if (!ObjectUtils.isNull(emergencyContact.getProfile())) {
                addRoleQualificationsFromProfile(emergencyContact.getProfile(), attributes);
            }
        } else if (dataObject instanceof TemProfileArranger) {
            final TemProfileArranger arranger = (TemProfileArranger)dataObject;
            if (ObjectUtils.isNull(arranger.getProfile())) {
                arranger.refreshReferenceObject(TemPropertyConstants.PROFILE);
            }
            if (!ObjectUtils.isNull(arranger.getProfile())) {
                addRoleQualificationsFromProfile(arranger.getProfile(), attributes);
            }
        } else if (dataObject instanceof TemProfileAccount) {
            final TemProfileAccount profileAccount = (TemProfileAccount)dataObject;
            if (ObjectUtils.isNull(profileAccount.getProfile())) {
                profileAccount.refreshReferenceObject(TemPropertyConstants.PROFILE);
            }
            if (!ObjectUtils.isNull(profileAccount.getProfile())) {
                addRoleQualificationsFromProfile(profileAccount.getProfile(), attributes);
            }
        }
    }

    /**
     * Adds role qualifiers harvested from the TemProfile to the attributes Map
     * @param profile the TemProfile to harvest qualifiers from
     * @param attributes the Map of qualifiers to add into
     */
    protected void addRoleQualificationsFromProfile(TemProfile profile, Map<String, String> attributes) {
        // Add the principalId from the profile to grant permission to users modifying their own profile.
        if (!StringUtils.isBlank(profile.getPrincipalId())) {
            attributes.put(KfsKimAttributes.PROFILE_PRINCIPAL_ID, profile.getPrincipalId());
        }

        // OrgCode and COACode are needed for the org descending hierarchy qualification
        if (!StringUtils.isBlank(profile.getHomeDeptOrgCode())) {
            attributes.put(KfsKimAttributes.ORGANIZATION_CODE, profile.getHomeDeptOrgCode());
        }
        if (!StringUtils.isBlank(profile.getHomeDeptChartOfAccountsCode())) {
            attributes.put(KfsKimAttributes.CHART_OF_ACCOUNTS_CODE, profile.getHomeDeptChartOfAccountsCode());
        }

        // Add the profileId from the profile to grant permission to the assigned arrangers modifying the profile.
        if (ObjectUtils.isNotNull(profile.getProfileId())) {
            attributes.put(TemPropertyConstants.TemProfileProperties.PROFILE_ID, profile.getProfileId().toString());
        }
    }

    @Override
    public boolean canCopy(Document document, Person user) {
        return false;
    }

    /**
     * There's a permission for out-of-the-box KFS to make the TemProfileAdministrator section read only
     * @see org.kuali.rice.kns.document.authorization.MaintenanceDocumentAuthorizerBase#getSecurePotentiallyReadOnlySectionIds()
     */
    @Override
    public Set<String> getSecurePotentiallyReadOnlySectionIds() {
        Set<String> readOnlySections = super.getSecurePotentiallyReadOnlySectionIds();
        readOnlySections.add(TemPropertyConstants.TemProfileProperties.TEM_PROFILE_ADMINISTRATOR);
        return readOnlySections;
    }

}