IDEMPIERE-1410 Non-advanced users can assign themselves advanced roles

2014-04-02 09:27:18 -05:00 · 2014-04-02 09:27:18 -05:00 · 4f44c80e25
parent 90453b1ab4
commit 4f44c80e25
1 changed files with 36 additions and 2 deletions
--- a/org.adempiere.base/src/org/compiere/model/MUserRoles.java
+++ b/org.adempiere.base/src/org/compiere/model/MUserRoles.java
@ -21,6 +21,7 @@ import java.util.List;
 import java.util.Properties;

 import org.compiere.util.CLogger;
+import org.compiere.util.Msg;

 /**
 *	User Roles Model
@ -33,8 +34,7 @@ public class MUserRoles extends X_AD_User_Roles
 	/**
 	 * 
 	 */
-	private static final long serialVersionUID = -2659323298844769713L;
-
+	private static final long serialVersionUID = 5850010835736994376L;

 	/**
 	 * 	Get User Roles Of Role
@ -133,4 +133,38 @@ public class MUserRoles extends X_AD_User_Roles
 		set_ValueNoCheck ("AD_Role_ID", new Integer(AD_Role_ID));
 	}	//	setAD_Role_ID

+	@Override
+	protected boolean beforeSave(boolean newRecord) {
+		// IDEMPIERE-1410
+		if (! MRole.getDefault().isAccessAdvanced()) {
+			MRole role = new MRole(getCtx(), getAD_Role_ID(), get_TrxName());
+			if (role.isAccessAdvanced()) {
+				log.saveError("Error", Msg.getMsg(getCtx(), "ActionNotAllowedHere"));
+				return false;
+			}
+			if (! newRecord && is_ValueChanged(COLUMNNAME_AD_Role_ID)) {
+				MRole oldrole = new MRole(getCtx(), get_ValueOldAsInt(COLUMNNAME_AD_Role_ID), get_TrxName());
+				if (oldrole.isAccessAdvanced()) {
+					log.saveError("Error", Msg.getMsg(getCtx(), "ActionNotAllowedHere"));
+					return false;
+				}
+			}
+		}
+		
+		return true;
+	}
+
+	@Override
+	protected boolean beforeDelete() {
+		// IDEMPIERE-1410
+		if (! MRole.getDefault().isAccessAdvanced()) {
+			MRole role = new MRole(getCtx(), getAD_Role_ID(), get_TrxName());
+			if (role.isAccessAdvanced()) {
+				log.saveError("Error", Msg.getMsg(getCtx(), "ActionNotAllowedHere"));
+				return false;
+			}
+		}
+		return true;
+	}
+
 }	//	MUserRoles