IDEMPIERE-5174 Disable System User (#1174)

Verify hardcoded comparisons for role and system users
This commit is contained in:
Carlos Ruiz 2022-02-12 04:25:52 +01:00 committed by GitHub
parent c90afc0948
commit a9c4f7b642
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 35 additions and 24 deletions

View File

@ -23,6 +23,7 @@ import java.util.logging.Level;
import org.compiere.Adempiere;
import org.compiere.model.MRole;
import org.compiere.model.Query;
import org.compiere.model.SystemIDs;
import org.compiere.util.CLogMgt;
import org.compiere.util.CLogger;
import org.compiere.util.Env;
@ -93,7 +94,7 @@ public class RoleAccessUpdate extends SvrProcess
whereClause.append(" AND AD_Client_ID=? ");
params.add(p_AD_Client_ID);
}
if (p_AD_Role_ID == 0) // System Role
if (p_AD_Role_ID == SystemIDs.ROLE_SYSTEM) // System Role
{
whereClause.append(" AND AD_Role_ID=?");
params.add(p_AD_Role_ID);

View File

@ -20,6 +20,7 @@ import java.util.logging.Level;
import org.compiere.model.MSysConfig;
import org.compiere.model.MUser;
import org.compiere.model.SystemIDs;
import org.compiere.util.Util;
/**
* Reset Password
@ -89,8 +90,8 @@ public class UserPassword extends SvrProcess
// Do we need a password ?
if (Util.isEmpty(p_OldPassword)) // Password required
{
if (p_AD_User_ID == 0 // change of System
|| p_AD_User_ID == 100 // change of SuperUser
if (p_AD_User_ID == SystemIDs.USER_SYSTEM // change of System
|| p_AD_User_ID == SystemIDs.USER_SUPERUSER // change of SuperUser
|| !operator.isAdministrator())
throw new IllegalArgumentException("@OldPasswordMandatory@");
} else {

View File

@ -4,6 +4,7 @@ import java.sql.ResultSet;
import java.util.Properties;
import org.compiere.model.Query;
import org.compiere.model.SystemIDs;
import org.compiere.model.X_AD_Tab_Customization;
import org.compiere.util.Util;
@ -112,7 +113,7 @@ public class MTabCustomization extends X_AD_Tab_Customization {
@Override
public void setAD_User_ID (int AD_User_ID)
{
if (AD_User_ID == 0)
if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED)
set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
else
super.setAD_User_ID(AD_User_ID);

View File

@ -113,7 +113,7 @@ public class MDashboardPreference extends X_PA_DashboardPreference
@Override
public void setAD_User_ID (int AD_User_ID)
{
if (AD_User_ID == 0)
if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED)
set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
else
super.setAD_User_ID(AD_User_ID);

View File

@ -163,8 +163,8 @@ public class MDocumentStatus extends X_PA_DocumentStatus {
* but as they are the administrators is not a problem
*/
if ( (access.getAD_Role_ID() == roleId && access.getAD_User_ID() == userId)
|| (access.getAD_Role_ID() == roleId && access.getAD_User_ID() == 0 )
|| (access.getAD_Role_ID() == 0 && access.getAD_User_ID() == userId) )
|| (access.getAD_Role_ID() == roleId && access.getAD_User_ID() == SystemIDs.USER_SYSTEM)
|| (access.getAD_Role_ID() == SystemIDs.ROLE_SYSTEM && access.getAD_User_ID() == userId) )
return true;
}

View File

@ -199,7 +199,7 @@ public class MMFARegistration extends X_MFA_Registration {
@Override
public void setAD_User_ID (int AD_User_ID)
{
if (AD_User_ID == 0)
if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED)
set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
else
super.setAD_User_ID(AD_User_ID);

View File

@ -107,7 +107,7 @@ public class MPreference extends X_AD_Preference
@Override
public void setAD_User_ID (int AD_User_ID)
{
if (AD_User_ID == 0)
if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED)
set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
else
super.setAD_User_ID(AD_User_ID);

View File

@ -131,7 +131,7 @@ public final class MRole extends X_AD_Role implements ImmutablePOSupport
if (role == null || reload)
{
role = new MRole (ctx, AD_Role_ID, null);
if (AD_Role_ID == 0)
if (AD_Role_ID == SystemIDs.ROLE_SYSTEM)
{
String trxName = null;
role.load(trxName); // special Handling
@ -269,7 +269,7 @@ public final class MRole extends X_AD_Role implements ImmutablePOSupport
{
super (ctx, AD_Role_ID, trxName);
// ID=0 == System Administrator
if (AD_Role_ID == 0)
if (AD_Role_ID == SystemIDs.ROLE_SYSTEM)
{
setIsCanExport (true);
setIsCanReport (true);

View File

@ -154,7 +154,7 @@ public class MUser extends X_AD_User implements ImmutablePOSupport
if (retValue == null)
{
retValue = new MUser (ctx, AD_User_ID, (String)null);
if (AD_User_ID == 0)
if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED)
{
String trxName = null;
retValue.load(trxName); // load System Record
@ -835,7 +835,7 @@ public class MUser extends X_AD_User implements ImmutablePOSupport
MRole[] roles = getRoles(0);
for (int i = 0; i < roles.length; i++)
{
if (roles[i].getAD_Role_ID() == 0)
if (roles[i].getAD_Role_ID() == SystemIDs.ROLE_SYSTEM)
{
m_isAdministrator = Boolean.TRUE;
break;

View File

@ -55,7 +55,7 @@ public class MUserPreference extends X_AD_UserPreference{
@Override
public void setAD_User_ID (int AD_User_ID)
{
if (AD_User_ID == 0)
if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED)
set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
else
super.setAD_User_ID(AD_User_ID);

View File

@ -354,7 +354,7 @@ public class MUserQuery extends X_AD_UserQuery
@Override
public void setAD_User_ID (int AD_User_ID)
{
if (AD_User_ID == 0)
if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED)
set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
else
super.setAD_User_ID(AD_User_ID);

View File

@ -122,7 +122,7 @@ public class MUserRoles extends X_AD_User_Roles
@Override
public void setAD_User_ID (int AD_User_ID)
{
if (AD_User_ID == 0)
if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED)
set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
else
super.setAD_User_ID(AD_User_ID);

View File

@ -270,7 +270,7 @@ public class ModelValidationEngine
if (errors != null && !errors.isEmpty())
return errors.get(0);
if (AD_User_ID == 0 && AD_Role_ID == 0)
if ((AD_User_ID == SystemIDs.USER_SYSTEM || AD_User_ID == SystemIDs.USER_SUPERUSER) && AD_Role_ID == SystemIDs.ROLE_SYSTEM)
; // don't validate for user system on role system
else
if (! Util.isEmpty(missingModelValidationMessage)) {

View File

@ -181,7 +181,10 @@ public class SystemIDs
public final static int TREE_MENUPRIMARY = 10;
public final static int USER_SUPERUSER = 100;
public final static int USER_SYSTEM = 0;
public final static int USER_SYSTEM = 10;
public final static int USER_SYSTEM_DEPRECATED = 0;
public final static int ROLE_SYSTEM = 0;
public final static int WINDOW_ACCOUNTCOMBINATION = 153;
public final static int WINDOW_ATTRIBUTESETINSTANCE = 358;

View File

@ -38,6 +38,7 @@ import org.compiere.model.MQuery;
import org.compiere.model.MReportView;
import org.compiere.model.MRole;
import org.compiere.model.MTable;
import org.compiere.model.SystemIDs;
import org.compiere.util.CLogMgt;
import org.compiere.util.CLogger;
import org.compiere.util.DB;
@ -728,7 +729,7 @@ public class DataEngine
}
// Access Restriction
MRole role = MRole.getDefault(ctx, false);
if (role.getAD_Role_ID() == 0 && !Ini.isClient())
if (role.getAD_Role_ID() == SystemIDs.ROLE_SYSTEM && !Ini.isClient())
; // System Access
else
finalSQL = new StringBuilder (role.addAccessSQL (finalSQL.toString (),

View File

@ -50,6 +50,7 @@ import org.compiere.model.MUserPreference;
import org.compiere.model.ModelValidationEngine;
import org.compiere.model.PO;
import org.compiere.model.Query;
import org.compiere.model.SystemIDs;
/**
@ -414,7 +415,7 @@ public class Login
}
if (valid) {
int AD_Role_ID = rs.getInt(2);
if (AD_Role_ID == 0)
if (AD_Role_ID == SystemIDs.ROLE_SYSTEM)
Env.setContext(m_ctx, "#SysAdmin", "Y");
String Name = rs.getString(3);
KeyNamePair p = new KeyNamePair(AD_Role_ID, Name);

View File

@ -42,6 +42,7 @@ import org.compiere.model.MPasswordHistory;
import org.compiere.model.MPasswordRule;
import org.compiere.model.MSysConfig;
import org.compiere.model.MUser;
import org.compiere.model.SystemIDs;
import org.compiere.util.CLogger;
import org.compiere.util.DisplayType;
import org.compiere.util.Env;
@ -319,8 +320,8 @@ public class WResetPassword implements IFormController, EventListener<Event>, Va
MUser operator = MUser.get(Env.getCtx(), Env.getAD_User_ID(Env.getCtx()));
if (log.isLoggable(Level.FINE)) log.fine("Operator=" + operator);
if (p_AD_User_ID == 0 // change of System
|| p_AD_User_ID == 100 // change of SuperUser
if (p_AD_User_ID == SystemIDs.USER_SYSTEM // change of System
|| p_AD_User_ID == SystemIDs.USER_SUPERUSER // change of SuperUser
|| !operator.isAdministrator())
throw new IllegalArgumentException(Msg.getMsg(Env.getCtx(), "OldPasswordMandatory"));
} else {

View File

@ -43,6 +43,7 @@ import org.compiere.model.MColumn;
import org.compiere.model.MLookup;
import org.compiere.model.MRole;
import org.compiere.model.MTable;
import org.compiere.model.SystemIDs;
import org.compiere.util.CLogger;
import org.compiere.util.DisplayType;
import org.compiere.util.Env;
@ -153,7 +154,7 @@ public class WRadioGroupEditor extends WEditor implements ContextMenuListener, L
lookup.setMandatory(true);
lookup.setMandatory(isMandatory());
if ((lookup.getDisplayType() == DisplayType.List && Env.getContextAsInt(Env.getCtx(), Env.AD_ROLE_ID) == 0)
if ((lookup.getDisplayType() == DisplayType.List && Env.getContextAsInt(Env.getCtx(), Env.AD_ROLE_ID) == SystemIDs.ROLE_SYSTEM)
|| lookup.getDisplayType() != DisplayType.List)
{
zoom= true;

View File

@ -54,6 +54,7 @@ import org.compiere.model.MLookup;
import org.compiere.model.MRole;
import org.compiere.model.MSysConfig;
import org.compiere.model.MTable;
import org.compiere.model.SystemIDs;
import org.compiere.util.CCache;
import org.compiere.util.CLogger;
import org.compiere.util.CacheMgt;
@ -212,7 +213,7 @@ ContextMenuListener, IZoomableEditor
lookup.addListDataListener(this);
lookup.setMandatory(isMandatory());
if ((lookup.getDisplayType() == DisplayType.List && Env.getContextAsInt(Env.getCtx(), Env.AD_ROLE_ID) == 0)
if ((lookup.getDisplayType() == DisplayType.List && Env.getContextAsInt(Env.getCtx(), Env.AD_ROLE_ID) == SystemIDs.ROLE_SYSTEM)
|| lookup.getDisplayType() != DisplayType.List)
{
zoom= true;