IDEMPIERE-1163 Web service role access control not working.
This commit is contained in:
parent
ba2d798449
commit
c1494abff4
|
@ -0,0 +1,8 @@
|
||||||
|
-- Jul 11, 2013 2:11:52 PM MYT
|
||||||
|
-- IDEMPIERE-1163 Web service role access control not working
|
||||||
|
UPDATE AD_Field SET IsDisplayed='N', IsDisplayedGrid='N',Updated=TO_DATE('2013-07-11 14:11:52','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Field_ID=56679
|
||||||
|
;
|
||||||
|
|
||||||
|
SELECT register_migration_script('201307110629_IDEMPIERE-1163.sql') FROM dual
|
||||||
|
;
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
-- Jul 11, 2013 2:11:52 PM MYT
|
||||||
|
-- IDEMPIERE-1163 Web service role access control not working
|
||||||
|
UPDATE AD_Field SET IsDisplayed='N', IsDisplayedGrid='N',Updated=TO_TIMESTAMP('2013-07-11 14:11:52','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Field_ID=56679
|
||||||
|
;
|
||||||
|
|
||||||
|
SELECT register_migration_script('201307110629_IDEMPIERE-1163.sql') FROM dual
|
||||||
|
;
|
||||||
|
|
|
@ -64,6 +64,8 @@ import org.idempiere.webservices.fault.IdempiereServiceFault;
|
||||||
*/
|
*/
|
||||||
public class AbstractService {
|
public class AbstractService {
|
||||||
|
|
||||||
|
private static final String ROLE_ACCESS_SQL = "SELECT IsActive FROM WS_WebServiceTypeAccess WHERE AD_Role_ID=? "
|
||||||
|
+ "AND WS_WebServiceType_ID=?";
|
||||||
private static final String COMPIERE_SERVICE = "CompiereService";
|
private static final String COMPIERE_SERVICE = "CompiereService";
|
||||||
@Resource
|
@Resource
|
||||||
protected WebServiceContext ctx;
|
protected WebServiceContext ctx;
|
||||||
|
@ -225,7 +227,17 @@ public class AbstractService {
|
||||||
return "Service type " + serviceTypeValue + " not configured";
|
return "Service type " + serviceTypeValue + " not configured";
|
||||||
|
|
||||||
req.setAttribute("MWebServiceType", m_webservicetype);
|
req.setAttribute("MWebServiceType", m_webservicetype);
|
||||||
|
|
||||||
|
// Check if role has access on web-service
|
||||||
|
String hasAccess = DB.getSQLValueString(null, ROLE_ACCESS_SQL,
|
||||||
|
Env.getAD_Role_ID( m_cs.getCtx()),
|
||||||
|
m_webservicetype.get_ID());
|
||||||
|
|
||||||
|
if (!"Y".equals(hasAccess))
|
||||||
|
{
|
||||||
|
return "Web Service Error: Login role does not have access to the service type";
|
||||||
|
}
|
||||||
|
|
||||||
String ret=invokeLoginValidator(null, m_cs.getCtx(), m_webservicetype, IWSValidator.TIMING_ON_AUTHORIZATION);
|
String ret=invokeLoginValidator(null, m_cs.getCtx(), m_webservicetype, IWSValidator.TIMING_ON_AUTHORIZATION);
|
||||||
if(ret!=null && ret.length()>0)
|
if(ret!=null && ret.length()>0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
Loading…
Reference in New Issue