midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDEMPIERE-1624 Restrict access to System dashboards / based on patch from Nicolas Micoud (nmicoud)

This commit is contained in:
Carlos Ruiz 2013-12-11 10:11:50 -05:00
parent b1def62912
commit 074be8ab1a
2 changed files with 62 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
org.adempiere.base/src/org/compiere/model/MDashboardContentAccess.java
View File

@ -54,38 +54,54 @@ public class MDashboardContentAccess extends X_PA_DashboardContent_Access {
parameters.add(AD_Client_ID);
StringBuffer sql= new StringBuffer();
// First part : dashboards not configured in access and flagged to be shown in login (this is intended to show new dashboards, otherwise new dashboards won't be shown unless the user go and configure them)
sql.append("SELECT PA_DashboardContent_ID,ColumnNo ")
.append(" FROM PA_DashboardContent ")
.append(" WHERE PA_DashboardContent_ID NOT IN (")
.append(" SELECT PA_DashboardContent_ID ")
.append(" FROM PA_DashboardContent_Access" )
.append(" WHERE IsActive='Y' AND AD_Client_ID IN (0, ?))")
.append(" WHERE AD_Client_ID IN (0, ?))")
.append(" AND IsShowInLogin='Y'")
.append(" AND IsActive='Y' AND AD_Client_ID IN (0, ?)")
.append(" UNION ALL")
// Second part : second part is to process the dashboards configured in content access
.append(" SELECT ct.PA_DashboardContent_ID,ct.ColumnNo")
.append(" FROM PA_DashboardContent ct")
.append(" INNER JOIN PA_DashboardContent_Access cta on (ct.PA_DashboardContent_ID = cta.PA_DashboardContent_ID)")
.append(" WHERE cta.IsActive='Y'")
.append(" AND ct.IsActive='Y'");
if(AD_Role >= 0){
sql.append(" AND coalesce(cta.AD_Role_ID, ?) = ?");
if(AD_Role >= 0) {
sql.append(" AND COALESCE(cta.AD_Role_ID, ?) = ?");
parameters.add(AD_Role);
parameters.add(AD_Role);
}
if (AD_User >= 0){
sql.append(" AND coalesce(cta.AD_User_ID, ?) = ?");
if (AD_User >= 0) {
sql.append(" AND COALESCE(cta.AD_User_ID, ?) = ?");
parameters.add(AD_User);
parameters.add(AD_User);
}
sql.append(" AND cta.AD_Client_ID in (0,?)");
parameters.add(AD_Client_ID);
// New part : remove dashboard if inactive records
sql.append(" AND ct.PA_DashboardContent_ID NOT IN (SELECT PA_DashboardContent_ID FROM PA_DashboardContent_Access WHERE IsActive='N' AND ct.AD_Client_ID in (0,?)");
parameters.add(AD_Client_ID);
if (AD_Role >= 0) {
sql.append(" AND COALESCE(ct.AD_Role_ID, ?) = ?");
parameters.add(AD_Role);
parameters.add(AD_Role);
}
if (AD_User >= 0) {
sql.append(" AND COALESCE(ct.AD_User_ID, ?) = ?");
parameters.add(AD_User);
parameters.add(AD_User);
}
sql.append(")");
sql.append(" ORDER BY ColumnNo");
PreparedStatement pstmt=null;
ResultSet rs = null;

70
org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/window/WGadgets.java
View File

@ -230,51 +230,57 @@ public class WGadgets extends Window implements EventListener<Event>{
{
Properties ctx = Env.getCtx();
int AD_CLient_ID =Env.getAD_Client_ID(ctx);
int AD_Client_ID =Env.getAD_Client_ID(ctx);
int AD_Role_ID = Env.getAD_Role_ID(ctx);
int AD_User_ID = Env.getAD_User_ID(ctx);
noItems.removeAll(noItems);
yesItems.removeAll(yesItems);
String query = " SELECT ct.PA_DashboardContent_ID, ct.Name "
+" FROM PA_DashboardContent ct"
+" WHERE ct.AD_Client_ID IN (0,?)"
+" AND ct.IsActive='Y'"
+" AND ct.PA_DashboardContent_ID NOT IN ("
+" SELECT pre.PA_DashboardContent_ID"
+" FROM PA_DashboardPreference pre"
+" WHERE pre.AD_Client_ID IN (0,?)"
+" AND pre.AD_Role_ID = ?"
+" AND pre.AD_User_ID = ?"
+" AND pre.AD_Org_ID=0 "
+" AND pre.IsActive='Y') "
+" AND ("
+" ct.PA_DashboardContent_ID NOT IN ( SELECT PA_DashboardContent_ID "
+" FROM PA_DashboardContent_Access"
+" WHERE IsActive='Y' AND AD_Client_ID IN (0, ?))"
+" OR ct.PA_DashboardContent_ID IN ( SELECT cta.PA_DashboardContent_ID "
+" FROM PA_DashboardContent_Access cta "
+" WHERE cta.IsActive='Y'"
+" AND coalesce(cta.AD_Role_ID, ?) = ?"
+" AND coalesce(cta.AD_User_ID, ?) = ?"
+" AND cta.AD_Client_ID in (0,?) ) "
+" )";
String query = ""
+ "SELECT ct.PA_DashboardContent_ID, "
+ " ct.Name "
+ "FROM PA_DashboardContent ct "
+ "WHERE ct.AD_Client_ID IN ( 0, ? ) "
+ " AND ct.IsActive = 'Y' "
+ " AND ct.PA_DashboardContent_ID NOT IN (SELECT pre.PA_DashboardContent_ID "
+ " FROM PA_DashboardPreference pre "
+ " WHERE pre.AD_Client_ID IN ( 0, ? ) "
+ " AND pre.AD_Role_ID = ? "
+ " AND pre.AD_User_ID = ? "
+ " AND pre.AD_Org_ID = 0 "
+ " AND pre.IsActive = 'Y') "
+ " AND ( ct.PA_DashboardContent_ID NOT IN (SELECT cta.PA_DashboardContent_ID "
+ " FROM PA_DashboardContent_Access cta "
+ " WHERE cta.IsActive = 'N' "
+ " AND COALESCE(cta.AD_Role_ID, ?) = ? "
+ " AND COALESCE(cta.AD_User_ID, ?) = ? "
+ " AND cta.AD_Client_ID IN ( 0, ? )) "
+ " OR ct.PA_DashboardContent_ID IN (SELECT cta.PA_DashboardContent_ID "
+ " FROM PA_DashboardContent_Access cta "
+ " WHERE cta.IsActive = 'Y' "
+ " AND COALESCE(cta.AD_Role_ID, ?) = ? "
+ " AND COALESCE(cta.AD_User_ID, ?) = ? "
+ " AND cta.AD_Client_ID IN ( 0, ? )) ) ";
ResultSet rs = null;
PreparedStatement pstmt = null;
try {
pstmt = DB.prepareStatement(query, null);
pstmt.setInt(1, AD_CLient_ID);
pstmt.setInt(2, AD_CLient_ID);
pstmt.setInt(1, AD_Client_ID);
pstmt.setInt(2, AD_Client_ID);
pstmt.setInt(3, AD_Role_ID);
pstmt.setInt(4, AD_User_ID);
pstmt.setInt(5, AD_CLient_ID);
pstmt.setInt(5, AD_Role_ID);
pstmt.setInt(6, AD_Role_ID);
pstmt.setInt(7, AD_Role_ID);
pstmt.setInt(7, AD_User_ID);
pstmt.setInt(8, AD_User_ID);
pstmt.setInt(9, AD_User_ID);
pstmt.setInt(10, AD_CLient_ID);
pstmt.setInt(9, AD_Client_ID);
pstmt.setInt(10, AD_Role_ID);
pstmt.setInt(11, AD_Role_ID);
pstmt.setInt(12, AD_User_ID);
pstmt.setInt(13, AD_User_ID);
pstmt.setInt(14, AD_Client_ID);
rs = pstmt.executeQuery();
while (rs.next()) {
@ -298,7 +304,7 @@ public class WGadgets extends Window implements EventListener<Event>{
+" AND IsActive='Y'";
Query query1 =new Query(ctx,MDashboardPreference.Table_Name, where, null);
query1.setParameters(new Object[]{AD_User_ID,AD_Role_ID ,AD_CLient_ID});
query1.setParameters(new Object[]{AD_User_ID,AD_Role_ID ,AD_Client_ID});
List<MDashboardPreference> preference=query1.list();
if(preference.size() > 0){