From 1ffe76b595ed6aedb37b0a72a8fc153092e72fcd Mon Sep 17 00:00:00 2001 From: Carlos Ruiz Date: Fri, 12 Mar 2021 11:37:59 +0100 Subject: [PATCH] IDEMPIERE-4733 2Pack - -Cannot export and import data from one client to another client (#626) * IDEMPIERE-4733 2Pack - -Cannot export and import data from one client to another client * Fix Cross tenant PO reading request ... * IDEMPIERE-4733 * Add control for importing records with official IDs, to show a clearer message to the user --- .../src/org/adempiere/pipo2/POFinder.java | 19 +++++++++++++++++-- .../src/org/adempiere/pipo2/PoFiller.java | 9 ++++++++- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/org.adempiere.pipo/src/org/adempiere/pipo2/POFinder.java b/org.adempiere.pipo/src/org/adempiere/pipo2/POFinder.java index 9827ef1ef4..3b8dd62e21 100644 --- a/org.adempiere.pipo/src/org/adempiere/pipo2/POFinder.java +++ b/org.adempiere.pipo/src/org/adempiere/pipo2/POFinder.java @@ -86,7 +86,14 @@ public class POFinder { uuid = uuid.trim(); String targetUUID = Env.getAD_Client_ID(ctx.ctx) > 0 ? getTargetUUID(ctx.ctx, tableName, uuid, ctx.trx.getTrxName()) : uuid; Query query = new Query(ctx.ctx, tableName, uuidColumn+"=?", getTrxName(ctx)); - po = query.setParameters(targetUUID).firstOnly(); + /* Is possible to read here from source tenant to create in a new tenant, so safe to allow reading + * writing in wrong tenant is controlled later */ + try { + PO.setCrossTenantSafe(); + po = query.setParameters(targetUUID).firstOnly(); + } finally { + PO.clearCrossTenantSafe(); + } if (po != null && po.getAD_Client_ID() > 0) { if (po.getAD_Client_ID() > 0 && po.getAD_Client_ID() != Env.getAD_Client_ID(ctx.ctx)) { targetUUID = UUID.randomUUID().toString(); @@ -101,7 +108,15 @@ public class POFinder { String id = element.properties.get(idColumn).contents.toString(); if (id != null && id.trim().length() > 0) { Query query = new Query(ctx.ctx, tableName, idColumn+"=?", getTrxName(ctx)); - po = query.setParameters(Integer.valueOf(id.trim())).firstOnly(); + /* Allow reading from a different tenant to show user a clearer error message below + * This is, instead of "Cross tenant PO reading request" the user will see a message + * "2Pack cannot update/access record that belongs to another client" which is more explanatory */ + try { + PO.setCrossTenantSafe(); + po = query.setParameters(Integer.valueOf(id.trim())).firstOnly(); + } finally { + PO.clearCrossTenantSafe(); + } if (po != null && po.getAD_Client_ID() > 0) { if (po.getAD_Client_ID() != Env.getAD_Client_ID(ctx.ctx)) { throw new IllegalStateException("2Pack cannot update/access record that belongs to another client. TableName="+po.get_TableName() diff --git a/org.adempiere.pipo/src/org/adempiere/pipo2/PoFiller.java b/org.adempiere.pipo/src/org/adempiere/pipo2/PoFiller.java index 27a251be65..5424e388b9 100644 --- a/org.adempiere.pipo/src/org/adempiere/pipo2/PoFiller.java +++ b/org.adempiere.pipo/src/org/adempiere/pipo2/PoFiller.java @@ -214,7 +214,14 @@ public class PoFiller{ } if (id > 0 && refTableName != null) { if (foreignTable != null) { - PO subPo = foreignTable.getPO(id, po.get_TrxName()); + /* Allow to read here from another tenant, cross tenant control is implemented later in a safe way */ + PO subPo = null; + try { + PO.setCrossTenantSafe(); + subPo = foreignTable.getPO(id, po.get_TrxName()); + } finally { + PO.clearCrossTenantSafe(); + } if (subPo != null && subPo.getAD_Client_ID() != Env.getAD_Client_ID(ctx.ctx)) { String accessLevel = foreignTable.getAccessLevel(); if ((MTable.ACCESSLEVEL_All.equals(accessLevel)