midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDEMPIERE-3930 Allow permission control for idempiereMonitor and OSGI console

This commit is contained in:
Carlos Ruiz 2019-03-25 15:19:04 -03:00
parent 66f6dac19d
commit 2df5088624
5 changed files with 60 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
migration/i6.2/oracle/201903251409_IDEMPIERE-3930.sql Normal file
View File

@ -0,0 +1,15 @@
SET SQLBLANKLINES ON
SET DEFINE OFF
-- IDEMPIERE-3930 Allow permission control for idempiereMonitor and OSGI console
-- Mar 25, 2019, 12:20:18 PM BRT
INSERT INTO AD_Form (AD_Form_ID,AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,Name,Description,Classname,AccessLevel,EntityType,IsBetaFunctionality,AD_Form_UU) VALUES (200011,0,0,'Y',TO_DATE('2019-03-25 12:20:17','YYYY-MM-DD HH24:MI:SS'),100,TO_DATE('2019-03-25 12:20:17','YYYY-MM-DD HH24:MI:SS'),100,'idempiereMonitor','Form to configure access to /idempiereMonitor - do not add to menu','/idempiereMonitor','4','D','N','3406efc3-aa1d-4212-bb5d-6d64ee39cc61')
;
-- Mar 25, 2019, 12:21:15 PM BRT
INSERT INTO AD_Form (AD_Form_ID,AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,Name,Description,Classname,AccessLevel,EntityType,IsBetaFunctionality,AD_Form_UU) VALUES (200012,0,0,'Y',TO_DATE('2019-03-25 12:21:15','YYYY-MM-DD HH24:MI:SS'),100,TO_DATE('2019-03-25 12:21:15','YYYY-MM-DD HH24:MI:SS'),100,'Apache Felix Web Console','Form to configure access to /osgi/system/console - do not add to menu','/osgi/system/console','4','D','N','bb212a96-e71d-4deb-98eb-799c74247c96')
;
SELECT register_migration_script('201903251409_IDEMPIERE-3930.sql') FROM dual
;

12
migration/i6.2/postgresql/201903251409_IDEMPIERE-3930.sql Normal file
View File

@ -0,0 +1,12 @@
-- IDEMPIERE-3930 Allow permission control for idempiereMonitor and OSGI console
-- Mar 25, 2019, 12:20:18 PM BRT
INSERT INTO AD_Form (AD_Form_ID,AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,Name,Description,Classname,AccessLevel,EntityType,IsBetaFunctionality,AD_Form_UU) VALUES (200011,0,0,'Y',TO_TIMESTAMP('2019-03-25 12:20:17','YYYY-MM-DD HH24:MI:SS'),100,TO_TIMESTAMP('2019-03-25 12:20:17','YYYY-MM-DD HH24:MI:SS'),100,'idempiereMonitor','Form to configure access to /idempiereMonitor - do not add to menu','/idempiereMonitor','4','D','N','3406efc3-aa1d-4212-bb5d-6d64ee39cc61')
;
-- Mar 25, 2019, 12:21:15 PM BRT
INSERT INTO AD_Form (AD_Form_ID,AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,Name,Description,Classname,AccessLevel,EntityType,IsBetaFunctionality,AD_Form_UU) VALUES (200012,0,0,'Y',TO_TIMESTAMP('2019-03-25 12:21:15','YYYY-MM-DD HH24:MI:SS'),100,TO_TIMESTAMP('2019-03-25 12:21:15','YYYY-MM-DD HH24:MI:SS'),100,'Apache Felix Web Console','Form to configure access to /osgi/system/console - do not add to menu','/osgi/system/console','4','D','N','bb212a96-e71d-4deb-98eb-799c74247c96')
;
SELECT register_migration_script('201903251409_IDEMPIERE-3930.sql') FROM dual
;

31
org.adempiere.base/src/org/compiere/model/MUser.java
View File

@ -58,7 +58,7 @@ public class MUser extends X_AD_User
/** /**
* *
*/ */
private static final long serialVersionUID = 9027688865361175114L; private static final long serialVersionUID = 7996468236476384128L;
/** /**
* Get active Users of BPartner * Get active Users of BPartner
@ -768,7 +768,7 @@ public class MUser extends X_AD_User
/** /**
* Is User an Administrator? * Is User an Administrator?
* @return true id Admin * @return true if Admin
*/ */
public boolean isAdministrator() public boolean isAdministrator()
{ {
@ -788,6 +788,33 @@ public class MUser extends X_AD_User
return m_isAdministrator.booleanValue(); return m_isAdministrator.booleanValue();
} // isAdministrator } // isAdministrator
/**
* User has access to URL form?
* @return true if user has access
*/
public boolean hasURLFormAccess(String url)
{
if (Util.isEmpty(url, true)) {
return false;
}
boolean hasAccess = false;
int formId = new Query(getCtx(), MForm.Table_Name, "ClassName=?", get_TrxName())
.setOnlyActiveRecords(true)
.setParameters(url)
.firstId();
if (formId > 0) {
for (MRole role : getRoles(0))
{
Boolean formAccess = role.getFormAccess(formId);
if (formAccess != null && formAccess.booleanValue()) {
hasAccess = true;
break;
}
}
}
return hasAccess;
} // hasURLFormAccess
/** /**
* Has the user Access to BP info and resources * Has the user Access to BP info and resources
* @param BPAccessType access type * @param BPAccessType access type

4
org.adempiere.server/src/main/servlet/org/compiere/web/AdempiereMonitorFilter.java
View File

@ -150,9 +150,9 @@ public class AdempiereMonitorFilter implements Filter
log.warning ("User not found: '" + name); log.warning ("User not found: '" + name);
return false; return false;
} }
if (!user.isAdministrator()) if (!user.isAdministrator() && !user.hasURLFormAccess("/idempiereMonitor"))
{ {
log.warning ("Not a Sys Admin = " + name); log.warning ("User doesn't have access to /idempiereMonitor = " + name);
return false; return false;
} }
if (log.isLoggable(Level.INFO)) log.info ("Name=" + name); if (log.isLoggable(Level.INFO)) log.info ("Name=" + name);

4
org.idempiere.felix.webconsole/src/org/idempiere/felix/webconsole/SecurityProviderImpl.java
View File

@ -30,9 +30,9 @@ public class SecurityProviderImpl implements WebConsoleSecurityProvider {
log.warning ("User not found: '" + username); log.warning ("User not found: '" + username);
return null; return null;
} }
if (!user.isAdministrator()) if (!user.isAdministrator() && !user.hasURLFormAccess("/osgi/system/console"))
{ {
log.warning ("Not a Sys Admin = " + username); log.warning ("User doesn't have access to /osgi/system/console = " + username);
return null; return null;
} }
if (log.isLoggable(Level.INFO)) log.info ("Name=" + username); if (log.isLoggable(Level.INFO)) log.info ("Name=" + username);