IDEMPIERE-1163 Web service role access control not working.

This commit is contained in:
Heng Sin Low 2013-07-11 14:40:31 +08:00
parent ba2d798449
commit c1494abff4
3 changed files with 28 additions and 0 deletions

View File

@ -0,0 +1,8 @@
-- Jul 11, 2013 2:11:52 PM MYT
-- IDEMPIERE-1163 Web service role access control not working
UPDATE AD_Field SET IsDisplayed='N', IsDisplayedGrid='N',Updated=TO_DATE('2013-07-11 14:11:52','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Field_ID=56679
;
SELECT register_migration_script('201307110629_IDEMPIERE-1163.sql') FROM dual
;

View File

@ -0,0 +1,8 @@
-- Jul 11, 2013 2:11:52 PM MYT
-- IDEMPIERE-1163 Web service role access control not working
UPDATE AD_Field SET IsDisplayed='N', IsDisplayedGrid='N',Updated=TO_TIMESTAMP('2013-07-11 14:11:52','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Field_ID=56679
;
SELECT register_migration_script('201307110629_IDEMPIERE-1163.sql') FROM dual
;

View File

@ -64,6 +64,8 @@ import org.idempiere.webservices.fault.IdempiereServiceFault;
*/ */
public class AbstractService { public class AbstractService {
private static final String ROLE_ACCESS_SQL = "SELECT IsActive FROM WS_WebServiceTypeAccess WHERE AD_Role_ID=? "
+ "AND WS_WebServiceType_ID=?";
private static final String COMPIERE_SERVICE = "CompiereService"; private static final String COMPIERE_SERVICE = "CompiereService";
@Resource @Resource
protected WebServiceContext ctx; protected WebServiceContext ctx;
@ -225,7 +227,17 @@ public class AbstractService {
return "Service type " + serviceTypeValue + " not configured"; return "Service type " + serviceTypeValue + " not configured";
req.setAttribute("MWebServiceType", m_webservicetype); req.setAttribute("MWebServiceType", m_webservicetype);
// Check if role has access on web-service
String hasAccess = DB.getSQLValueString(null, ROLE_ACCESS_SQL,
Env.getAD_Role_ID( m_cs.getCtx()),
m_webservicetype.get_ID());
if (!"Y".equals(hasAccess))
{
return "Web Service Error: Login role does not have access to the service type";
}
String ret=invokeLoginValidator(null, m_cs.getCtx(), m_webservicetype, IWSValidator.TIMING_ON_AUTHORIZATION); String ret=invokeLoginValidator(null, m_cs.getCtx(), m_webservicetype, IWSValidator.TIMING_ON_AUTHORIZATION);
if(ret!=null && ret.length()>0) if(ret!=null && ret.length()>0)
return ret; return ret;