DocumentEngine: correct DB access layer
This commit is contained in:
teo_sarca
parent
4b68d9be64
commit
6803becc5b
|
|
@ -1174,9 +1174,6 @@ public class DocumentEngine implements DocAction
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Checks the access rights of the given role/client for the given document actions.
|
* Checks the access rights of the given role/client for the given document actions.
|
||||||
* If no access rules can be found for a doctype/client/document action combination
|
|
||||||
* every role can access this combination (so no definition is needed for the default
|
|
||||||
* access rights).
|
|
||||||
* @param clientId
|
* @param clientId
|
||||||
* @param roleId
|
* @param roleId
|
||||||
* @param docTypeId
|
* @param docTypeId
|
||||||
|
|
@ -1185,35 +1182,48 @@ public class DocumentEngine implements DocAction
|
||||||
* @return number of valid actions in the String[] options
|
* @return number of valid actions in the String[] options
|
||||||
*/
|
*/
|
||||||
public static int checkActionAccess(int clientId, int roleId, int docTypeId, String[] options, int maxIndex) {
|
public static int checkActionAccess(int clientId, int roleId, int docTypeId, String[] options, int maxIndex) {
|
||||||
|
if (maxIndex <= 0)
|
||||||
|
return maxIndex;
|
||||||
|
//
|
||||||
final Vector<String> validOptions = new Vector<String>();
|
final Vector<String> validOptions = new Vector<String>();
|
||||||
String sql = "SELECT AD_Role_ID FROM AD_Document_Action_Access "
|
StringBuffer sql_values = new StringBuffer();
|
||||||
+ "WHERE IsActive='Y' AND AD_Client_ID=? AND C_DocType_ID=? AND AD_Ref_List_ID=" +
|
for (int i = 0; i < maxIndex; i++) {
|
||||||
"(SELECT AD_Ref_List_ID FROM AD_Ref_List WHERE AD_Reference_ID=135" +
|
if (sql_values.length() > 0)
|
||||||
" AND Value=?)";
|
sql_values.append(",");
|
||||||
|
sql_values.append("?");
|
||||||
|
}
|
||||||
|
String sql = "SELECT rl.Value FROM AD_Document_Action_Access a"
|
||||||
|
+ " INNER JOIN AD_Ref_List rl ON (rl.AD_Reference_ID=135 and rl.AD_Ref_List_ID=a.AD_Ref_List_ID)"
|
||||||
|
+ " WHERE a.IsActive='Y' AND a.AD_Client_ID=? AND a.C_DocType_ID=? AND a.AD_Role_ID=?" // #1,2,3
|
||||||
|
+ " AND rl.Value IN ("+sql_values.toString()+")"; // #4...
|
||||||
|
PreparedStatement pstmt = null;
|
||||||
|
ResultSet rs = null;
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
PreparedStatement pstmt = DB.prepareStatement(sql, null);
|
pstmt = DB.prepareStatement(sql, null);
|
||||||
|
int para_idx = 1;
|
||||||
|
pstmt.setInt(para_idx++, clientId);
|
||||||
|
pstmt.setInt(para_idx++, docTypeId);
|
||||||
|
pstmt.setInt(para_idx++, roleId);
|
||||||
for (int i = 0; i < maxIndex; i++) {
|
for (int i = 0; i < maxIndex; i++) {
|
||||||
pstmt.setInt(1, clientId);
|
pstmt.setString(para_idx++, options[i]);
|
||||||
pstmt.setInt(2, docTypeId);
|
}
|
||||||
pstmt.setString(3, options[i]);
|
rs = pstmt.executeQuery();
|
||||||
ResultSet rs = pstmt.executeQuery();
|
while (rs.next()) {
|
||||||
while (rs.next()) {
|
String op = rs.getString(1);
|
||||||
if(rs.getInt(1) == roleId){
|
validOptions.add(op);
|
||||||
//is valid for role
|
|
||||||
validOptions.add(options[i]);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
rs.close();
|
|
||||||
}
|
}
|
||||||
validOptions.toArray(options);
|
validOptions.toArray(options);
|
||||||
pstmt.close();
|
|
||||||
}
|
}
|
||||||
catch (SQLException e)
|
catch (SQLException e)
|
||||||
{
|
{
|
||||||
log.log(Level.SEVERE, sql, e);
|
log.log(Level.SEVERE, sql, e);
|
||||||
}
|
}
|
||||||
|
finally
|
||||||
|
{
|
||||||
|
DB.close(rs, pstmt);
|
||||||
|
rs = null; pstmt = null;
|
||||||
|
}
|
||||||
return validOptions.size();
|
return validOptions.size();
|
||||||
}
|
}
|
||||||
} // DocumentEnine
|
} // DocumentEnine
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue