IDEMPIERE-5174 Disable System User (#1174)

Verify hardcoded comparisons for role and system users
2022-02-12 04:25:52 +01:00 · 2022-02-12 04:25:52 +01:00 · a9c4f7b642
parent c90afc0948
commit a9c4f7b642
19 changed files with 35 additions and 24 deletions
--- a/org.adempiere.base.process/src/org/compiere/process/RoleAccessUpdate.java
+++ b/org.adempiere.base.process/src/org/compiere/process/RoleAccessUpdate.java
@ -23,6 +23,7 @@ import java.util.logging.Level;
 import org.compiere.Adempiere;
 import org.compiere.model.MRole;
 import org.compiere.model.Query;
+import org.compiere.model.SystemIDs;
 import org.compiere.util.CLogMgt;
 import org.compiere.util.CLogger;
 import org.compiere.util.Env;
@ -93,7 +94,7 @@ public class RoleAccessUpdate extends SvrProcess
 				whereClause.append(" AND AD_Client_ID=? ");
 				params.add(p_AD_Client_ID);
 			}
-			if (p_AD_Role_ID == 0) // System Role
+			if (p_AD_Role_ID == SystemIDs.ROLE_SYSTEM) // System Role
 			{
 				whereClause.append(" AND AD_Role_ID=?");
 				params.add(p_AD_Role_ID);
--- a/org.adempiere.base.process/src/org/compiere/process/UserPassword.java
+++ b/org.adempiere.base.process/src/org/compiere/process/UserPassword.java
@ -20,6 +20,7 @@ import java.util.logging.Level;

 import org.compiere.model.MSysConfig;
 import org.compiere.model.MUser;
+import org.compiere.model.SystemIDs;
 import org.compiere.util.Util;
 /**
 *	Reset Password
@ -89,8 +90,8 @@ public class UserPassword extends SvrProcess
 		//	Do we need a password ?
 		if (Util.isEmpty(p_OldPassword))		//	Password required
 		{
-			if (p_AD_User_ID == 0			//	change of System
-					|| p_AD_User_ID == 100		//	change of SuperUser
+			if (p_AD_User_ID == SystemIDs.USER_SYSTEM			//	change of System
+					|| p_AD_User_ID == SystemIDs.USER_SUPERUSER		//	change of SuperUser
 					|| !operator.isAdministrator())
 				throw new IllegalArgumentException("@OldPasswordMandatory@");
 		} else {
--- a/org.adempiere.base/src/org/adempiere/model/MTabCustomization.java
+++ b/org.adempiere.base/src/org/adempiere/model/MTabCustomization.java
@ -4,6 +4,7 @@ import java.sql.ResultSet;
 import java.util.Properties;

 import org.compiere.model.Query;
+import org.compiere.model.SystemIDs;
 import org.compiere.model.X_AD_Tab_Customization;
 import org.compiere.util.Util;

@ -112,7 +113,7 @@ public class MTabCustomization extends X_AD_Tab_Customization {
 	@Override
 	public void setAD_User_ID (int AD_User_ID)
 	{
-		if (AD_User_ID == 0) 
+		if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED) 
 			set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
 		else 
 			super.setAD_User_ID(AD_User_ID);
--- a/org.adempiere.base/src/org/compiere/model/MDashboardPreference.java
+++ b/org.adempiere.base/src/org/compiere/model/MDashboardPreference.java
@ -113,7 +113,7 @@ public class MDashboardPreference extends X_PA_DashboardPreference
 	@Override
 	public void setAD_User_ID (int AD_User_ID)
 	{
-		if (AD_User_ID == 0) 
+		if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED) 
 			set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
 		else 
 			super.setAD_User_ID(AD_User_ID);
--- a/org.adempiere.base/src/org/compiere/model/MDocumentStatus.java
+++ b/org.adempiere.base/src/org/compiere/model/MDocumentStatus.java
@ -163,8 +163,8 @@ public class MDocumentStatus extends X_PA_DocumentStatus {
 			 * but as they are the administrators is not a problem
 			 */
 			if (   (access.getAD_Role_ID() == roleId && access.getAD_User_ID() == userId)
-				|| (access.getAD_Role_ID() == roleId && access.getAD_User_ID() == 0     )
-				|| (access.getAD_Role_ID() == 0      && access.getAD_User_ID() == userId) )
+				|| (access.getAD_Role_ID() == roleId && access.getAD_User_ID() == SystemIDs.USER_SYSTEM)
+				|| (access.getAD_Role_ID() == SystemIDs.ROLE_SYSTEM && access.getAD_User_ID() == userId) )
 				return true;
 		}

--- a/org.adempiere.base/src/org/compiere/model/MMFARegistration.java
+++ b/org.adempiere.base/src/org/compiere/model/MMFARegistration.java
@ -199,7 +199,7 @@ public class MMFARegistration extends X_MFA_Registration {
 	@Override
 	public void setAD_User_ID (int AD_User_ID)
 	{
-		if (AD_User_ID == 0) 
+		if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED) 
 			set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
 		else 
 			super.setAD_User_ID(AD_User_ID);
--- a/org.adempiere.base/src/org/compiere/model/MPreference.java
+++ b/org.adempiere.base/src/org/compiere/model/MPreference.java
@ -107,7 +107,7 @@ public class MPreference extends X_AD_Preference
 	@Override
 	public void setAD_User_ID (int AD_User_ID)
 	{
-		if (AD_User_ID == 0) 
+		if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED) 
 			set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
 		else 
 			super.setAD_User_ID(AD_User_ID);
--- a/org.adempiere.base/src/org/compiere/model/MRole.java
+++ b/org.adempiere.base/src/org/compiere/model/MRole.java
@ -131,7 +131,7 @@ public final class MRole extends X_AD_Role implements ImmutablePOSupport
 		if (role == null || reload)
 		{
 			role = new MRole (ctx, AD_Role_ID, null);			
-			if (AD_Role_ID == 0)
+			if (AD_Role_ID == SystemIDs.ROLE_SYSTEM)
 			{
 				String trxName = null;
 				role.load(trxName);			//	special Handling
@ -269,7 +269,7 @@ public final class MRole extends X_AD_Role implements ImmutablePOSupport
 	{
 		super (ctx, AD_Role_ID, trxName);
 		//	ID=0 == System Administrator
-		if (AD_Role_ID == 0)
+		if (AD_Role_ID == SystemIDs.ROLE_SYSTEM)
 		{
 			setIsCanExport (true);
 			setIsCanReport (true);
--- a/org.adempiere.base/src/org/compiere/model/MUser.java
+++ b/org.adempiere.base/src/org/compiere/model/MUser.java
@ -154,7 +154,7 @@ public class MUser extends X_AD_User implements ImmutablePOSupport
 		if (retValue == null)
 		{
 			retValue = new MUser (ctx, AD_User_ID, (String)null);
-			if (AD_User_ID == 0)
+			if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED)
 			{
 				String trxName = null;
 				retValue.load(trxName);	//	load System Record
@ -835,7 +835,7 @@ public class MUser extends X_AD_User implements ImmutablePOSupport
 			MRole[] roles = getRoles(0);
 			for (int i = 0; i < roles.length; i++)
 			{
-				if (roles[i].getAD_Role_ID() == 0)
+				if (roles[i].getAD_Role_ID() == SystemIDs.ROLE_SYSTEM)
 				{
 					m_isAdministrator = Boolean.TRUE;
 					break;
--- a/org.adempiere.base/src/org/compiere/model/MUserPreference.java
+++ b/org.adempiere.base/src/org/compiere/model/MUserPreference.java
@ -55,7 +55,7 @@ public class MUserPreference extends X_AD_UserPreference{
 	@Override
 	public void setAD_User_ID (int AD_User_ID)
 	{
-		if (AD_User_ID == 0) 
+		if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED) 
 			set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
 		else 
 			super.setAD_User_ID(AD_User_ID);
--- a/org.adempiere.base/src/org/compiere/model/MUserQuery.java
+++ b/org.adempiere.base/src/org/compiere/model/MUserQuery.java
@ -354,7 +354,7 @@ public class MUserQuery extends X_AD_UserQuery
 	@Override
 	public void setAD_User_ID (int AD_User_ID)
 	{
-		if (AD_User_ID == 0) 
+		if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED) 
 			set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
 		else 
 			super.setAD_User_ID(AD_User_ID);
--- a/org.adempiere.base/src/org/compiere/model/MUserRoles.java
+++ b/org.adempiere.base/src/org/compiere/model/MUserRoles.java
@ -122,7 +122,7 @@ public class MUserRoles extends X_AD_User_Roles
 	@Override
 	public void setAD_User_ID (int AD_User_ID)
 	{
-		if (AD_User_ID == 0) 
+		if (AD_User_ID == SystemIDs.USER_SYSTEM_DEPRECATED) 
 			set_ValueNoCheck (COLUMNNAME_AD_User_ID, AD_User_ID);
 		else 
 			super.setAD_User_ID(AD_User_ID);
--- a/org.adempiere.base/src/org/compiere/model/ModelValidationEngine.java
+++ b/org.adempiere.base/src/org/compiere/model/ModelValidationEngine.java
@ -270,7 +270,7 @@ public class ModelValidationEngine
 		if (errors != null && !errors.isEmpty())
 			return errors.get(0);

-		if (AD_User_ID == 0 && AD_Role_ID == 0)
+		if ((AD_User_ID == SystemIDs.USER_SYSTEM || AD_User_ID == SystemIDs.USER_SUPERUSER) && AD_Role_ID == SystemIDs.ROLE_SYSTEM)
 			; // don't validate for user system on role system
 		else
 			if (! Util.isEmpty(missingModelValidationMessage)) {
--- a/org.adempiere.base/src/org/compiere/model/SystemIDs.java
+++ b/org.adempiere.base/src/org/compiere/model/SystemIDs.java
@ -181,7 +181,10 @@ public class SystemIDs
 	public final static int TREE_MENUPRIMARY = 10;

 	public final static int USER_SUPERUSER = 100;
-	public final static int USER_SYSTEM = 0;
+	public final static int USER_SYSTEM = 10;
+	public final static int USER_SYSTEM_DEPRECATED = 0;
+
+	public final static int ROLE_SYSTEM = 0;

 	public final static int WINDOW_ACCOUNTCOMBINATION = 153;
 	public final static int WINDOW_ATTRIBUTESETINSTANCE = 358;
--- a/org.adempiere.base/src/org/compiere/print/DataEngine.java
+++ b/org.adempiere.base/src/org/compiere/print/DataEngine.java
@ -38,6 +38,7 @@ import org.compiere.model.MQuery;
 import org.compiere.model.MReportView;
 import org.compiere.model.MRole;
 import org.compiere.model.MTable;
+import org.compiere.model.SystemIDs;
 import org.compiere.util.CLogMgt;
 import org.compiere.util.CLogger;
 import org.compiere.util.DB;
@ -728,7 +729,7 @@ public class DataEngine
 			}
 			//	Access Restriction
 			MRole role = MRole.getDefault(ctx, false);
-			if (role.getAD_Role_ID() == 0 && !Ini.isClient())
+			if (role.getAD_Role_ID() == SystemIDs.ROLE_SYSTEM && !Ini.isClient())
 				;	//	System Access
 			else
 				finalSQL = new StringBuilder (role.addAccessSQL (finalSQL.toString (), 
--- a/org.adempiere.base/src/org/compiere/util/Login.java
+++ b/org.adempiere.base/src/org/compiere/util/Login.java
@ -50,6 +50,7 @@ import org.compiere.model.MUserPreference;
 import org.compiere.model.ModelValidationEngine;
 import org.compiere.model.PO;
 import org.compiere.model.Query;
+import org.compiere.model.SystemIDs;


 /**
@ -414,7 +415,7 @@ public class Login
 					}
 					if (valid) { 
 						int AD_Role_ID = rs.getInt(2);
-						if (AD_Role_ID == 0)
+						if (AD_Role_ID == SystemIDs.ROLE_SYSTEM)
 							Env.setContext(m_ctx, "#SysAdmin", "Y");
 						String Name = rs.getString(3);
 						KeyNamePair p = new KeyNamePair(AD_Role_ID, Name);
--- a/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/apps/form/WResetPassword.java
+++ b/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/apps/form/WResetPassword.java
@ -42,6 +42,7 @@ import org.compiere.model.MPasswordHistory;
 import org.compiere.model.MPasswordRule;
 import org.compiere.model.MSysConfig;
 import org.compiere.model.MUser;
+import org.compiere.model.SystemIDs;
 import org.compiere.util.CLogger;
 import org.compiere.util.DisplayType;
 import org.compiere.util.Env;
@ -319,8 +320,8 @@ public class WResetPassword implements IFormController, EventListener<Event>, Va
 			MUser operator = MUser.get(Env.getCtx(), Env.getAD_User_ID(Env.getCtx()));
 			if (log.isLoggable(Level.FINE)) log.fine("Operator=" + operator);
 			
-			if (p_AD_User_ID == 0			//	change of System
-					|| p_AD_User_ID == 100		//	change of SuperUser
+			if (p_AD_User_ID == SystemIDs.USER_SYSTEM			//	change of System
+					|| p_AD_User_ID == SystemIDs.USER_SUPERUSER		//	change of SuperUser
 					|| !operator.isAdministrator())
 				throw new IllegalArgumentException(Msg.getMsg(Env.getCtx(), "OldPasswordMandatory"));
 		} else {
--- a/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/editor/WRadioGroupEditor.java
+++ b/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/editor/WRadioGroupEditor.java
@ -43,6 +43,7 @@ import org.compiere.model.MColumn;
 import org.compiere.model.MLookup;
 import org.compiere.model.MRole;
 import org.compiere.model.MTable;
+import org.compiere.model.SystemIDs;
 import org.compiere.util.CLogger;
 import org.compiere.util.DisplayType;
 import org.compiere.util.Env;
@ -153,7 +154,7 @@ public class WRadioGroupEditor extends WEditor implements ContextMenuListener, L
        	lookup.setMandatory(true);
            lookup.setMandatory(isMandatory());
            
-            if ((lookup.getDisplayType() == DisplayType.List && Env.getContextAsInt(Env.getCtx(), Env.AD_ROLE_ID) == 0)
+            if ((lookup.getDisplayType() == DisplayType.List && Env.getContextAsInt(Env.getCtx(), Env.AD_ROLE_ID) == SystemIDs.ROLE_SYSTEM)
            		|| lookup.getDisplayType() != DisplayType.List) 
            {
    			zoom= true;
--- a/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/editor/WTableDirEditor.java
+++ b/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/editor/WTableDirEditor.java
@ -54,6 +54,7 @@ import org.compiere.model.MLookup;
 import org.compiere.model.MRole;
 import org.compiere.model.MSysConfig;
 import org.compiere.model.MTable;
+import org.compiere.model.SystemIDs;
 import org.compiere.util.CCache;
 import org.compiere.util.CLogger;
 import org.compiere.util.CacheMgt;
@ -212,7 +213,7 @@ ContextMenuListener, IZoomableEditor
            lookup.addListDataListener(this);
            lookup.setMandatory(isMandatory());
            
-            if ((lookup.getDisplayType() == DisplayType.List && Env.getContextAsInt(Env.getCtx(), Env.AD_ROLE_ID) == 0)
+            if ((lookup.getDisplayType() == DisplayType.List && Env.getContextAsInt(Env.getCtx(), Env.AD_ROLE_ID) == SystemIDs.ROLE_SYSTEM)
            		|| lookup.getDisplayType() != DisplayType.List) 
            {
    			zoom= true;