midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDEMPIERE-1163 Web service role access control not working.

This commit is contained in:
Heng Sin Low 2013-07-11 14:40:31 +08:00
parent ba2d798449
commit c1494abff4
3 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
migration/i1.0c-release/oracle/201307110629_IDEMPIERE-1163.sql Normal file
View File

@ -0,0 +1,8 @@
-- Jul 11, 2013 2:11:52 PM MYT
-- IDEMPIERE-1163 Web service role access control not working
UPDATE AD_Field SET IsDisplayed='N', IsDisplayedGrid='N',Updated=TO_DATE('2013-07-11 14:11:52','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Field_ID=56679
;
SELECT register_migration_script('201307110629_IDEMPIERE-1163.sql') FROM dual
;

8
migration/i1.0c-release/postgresql/201307110629_IDEMPIERE-1163.sql Normal file
View File

@ -0,0 +1,8 @@
-- Jul 11, 2013 2:11:52 PM MYT
-- IDEMPIERE-1163 Web service role access control not working
UPDATE AD_Field SET IsDisplayed='N', IsDisplayedGrid='N',Updated=TO_TIMESTAMP('2013-07-11 14:11:52','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Field_ID=56679
;
SELECT register_migration_script('201307110629_IDEMPIERE-1163.sql') FROM dual
;

12
org.idempiere.webservices/WEB-INF/src/org/idempiere/webservices/AbstractService.java
View File

@ -64,6 +64,8 @@ import org.idempiere.webservices.fault.IdempiereServiceFault;
*/
public class AbstractService {
private static final String ROLE_ACCESS_SQL = "SELECT IsActive FROM WS_WebServiceTypeAccess WHERE AD_Role_ID=? "
+ "AND WS_WebServiceType_ID=?";
private static final String COMPIERE_SERVICE = "CompiereService";
@Resource
protected WebServiceContext ctx;
@ -225,7 +227,17 @@ public class AbstractService {
return "Service type " + serviceTypeValue + " not configured";
req.setAttribute("MWebServiceType", m_webservicetype);
// Check if role has access on web-service
String hasAccess = DB.getSQLValueString(null, ROLE_ACCESS_SQL,
Env.getAD_Role_ID( m_cs.getCtx()),
m_webservicetype.get_ID());
if (!"Y".equals(hasAccess))
{
return "Web Service Error: Login role does not have access to the service type";
}
String ret=invokeLoginValidator(null, m_cs.getCtx(), m_webservicetype, IWSValidator.TIMING_ON_AUTHORIZATION);
if(ret!=null && ret.length()>0)
return ret;