IDEMPIERE-5180 : Add client name on RoleAccessUpdate process and add … (#1159)

* IDEMPIERE-5180 : Add client name on RoleAccessUpdate process and add client validation

* IDEMPIERE-5181 : RoleAccessUpdate add role validation

* IDEMPIERE-5181 : RoleAccessUpdate fix client validation

* IDEMPIERE-5181 : RoleAccessUpdate - remove on Client parameter
This commit is contained in:
Nicolas Micoud 2022-02-22 07:33:47 +01:00 committed by GitHub
parent d8278d9026
commit ee3df039bf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 64 additions and 16 deletions

View File

@ -0,0 +1,30 @@
SET SQLBLANKLINES ON
SET DEFINE OFF
-- IDEMPIERE-5180
-- Feb 5, 2022, 10:01:05 AM CET
INSERT INTO AD_Val_Rule (AD_Val_Rule_ID,Name,Description,Type,Code,AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,EntityType,AD_Val_Rule_UU) VALUES (200153,'AD_Role of Client - Not manual only','Not manual roles of current client','S','AD_Role.AD_Client_ID=@#AD_Client_ID@ AND AD_Role.IsManual=''N''',0,0,'Y',TO_DATE('2022-02-05 10:01:05','YYYY-MM-DD HH24:MI:SS'),0,TO_DATE('2022-02-05 10:01:05','YYYY-MM-DD HH24:MI:SS'),0,'D','c79f3aa1-27ec-429f-b8e9-72b7ddc95dc2')
;
-- Feb 5, 2022, 10:01:16 AM CET
UPDATE AD_Process_Para SET AD_Val_Rule_ID=200153,Updated=TO_DATE('2022-02-05 10:01:16','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=0 WHERE AD_Process_Para_ID=539
;
-- Feb 8, 2022, 8:25:06 AM CET
UPDATE AD_Process SET Help='Update the access rights of a role or all roles of a client to windows, forms, processes and workflows. Note that a role is only updated if it is not marked as manual.',Updated=TO_DATE('2022-02-08 08:25:06','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=0 WHERE AD_Process_ID=295
;
-- Feb 8, 2022, 1:24:16 PM CET
DELETE FROM AD_Process_Para_Trl WHERE AD_Process_Para_ID=538
;
-- Feb 8, 2022, 1:24:16 PM CET
DELETE FROM AD_Process_Para WHERE AD_Process_Para_ID=538
;
-- Feb 8, 2022, 1:25:37 PM CET
UPDATE AD_Process SET Help='Update the access rights of a role or all roles of a client to windows, forms, processes and workflows. Note that a role is only updated if it is not marked as manual. Note that if is executed from System client and role is not set, all tenant will be udpated',Updated=TO_DATE('2022-02-08 13:25:37','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=0 WHERE AD_Process_ID=295
;
SELECT register_migration_script('202202041530_IDEMPIERE-5180.sql') FROM dual
;

View File

@ -0,0 +1,27 @@
-- IDEMPIERE-5180
-- Feb 5, 2022, 10:01:05 AM CET
INSERT INTO AD_Val_Rule (AD_Val_Rule_ID,Name,Description,Type,Code,AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,EntityType,AD_Val_Rule_UU) VALUES (200153,'AD_Role of Client - Not manual only','Not manual roles of current client','S','AD_Role.AD_Client_ID=@#AD_Client_ID@ AND AD_Role.IsManual=''N''',0,0,'Y',TO_TIMESTAMP('2022-02-05 10:01:05','YYYY-MM-DD HH24:MI:SS'),0,TO_TIMESTAMP('2022-02-05 10:01:05','YYYY-MM-DD HH24:MI:SS'),0,'D','c79f3aa1-27ec-429f-b8e9-72b7ddc95dc2')
;
-- Feb 5, 2022, 10:01:16 AM CET
UPDATE AD_Process_Para SET AD_Val_Rule_ID=200153,Updated=TO_TIMESTAMP('2022-02-05 10:01:16','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=0 WHERE AD_Process_Para_ID=539
;
-- Feb 8, 2022, 8:25:06 AM CET
UPDATE AD_Process SET Help='Update the access rights of a role or all roles of a client to windows, forms, processes and workflows. Note that a role is only updated if it is not marked as manual.',Updated=TO_TIMESTAMP('2022-02-08 08:25:06','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=0 WHERE AD_Process_ID=295
;
-- Feb 8, 2022, 1:24:16 PM CET
DELETE FROM AD_Process_Para_Trl WHERE AD_Process_Para_ID=538
;
-- Feb 8, 2022, 1:24:16 PM CET
DELETE FROM AD_Process_Para WHERE AD_Process_Para_ID=538
;
-- Feb 8, 2022, 1:25:37 PM CET
UPDATE AD_Process SET Help='Update the access rights of a role or all roles of a client to windows, forms, processes and workflows. Note that a role is only updated if it is not marked as manual. Note that if is executed from System client and role is not set, all tenant will be udpated',Updated=TO_TIMESTAMP('2022-02-08 13:25:37','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=0 WHERE AD_Process_ID=295
;
SELECT register_migration_script('202202041530_IDEMPIERE-5180.sql') FROM dual
;

View File

@ -21,6 +21,7 @@ import java.util.List;
import java.util.logging.Level; import java.util.logging.Level;
import org.compiere.Adempiere; import org.compiere.Adempiere;
import org.compiere.model.MClient;
import org.compiere.model.MRole; import org.compiere.model.MRole;
import org.compiere.model.Query; import org.compiere.model.Query;
import org.compiere.model.SystemIDs; import org.compiere.model.SystemIDs;
@ -46,12 +47,9 @@ public class RoleAccessUpdate extends SvrProcess
/** Update Role */ /** Update Role */
private int p_AD_Role_ID = -1; private int p_AD_Role_ID = -1;
/** Update Roles of Client */
private int p_AD_Client_ID = -1;
/** Reset Existing Access */ /** Reset Existing Access */
private boolean p_IsReset = true; private boolean p_IsReset = true;
/** /**
* Prepare * Prepare
*/ */
@ -65,8 +63,6 @@ public class RoleAccessUpdate extends SvrProcess
; ;
else if (name.equals("AD_Role_ID")) else if (name.equals("AD_Role_ID"))
p_AD_Role_ID = para[i].getParameterAsInt(); p_AD_Role_ID = para[i].getParameterAsInt();
else if (name.equals("AD_Client_ID"))
p_AD_Client_ID = para[i].getParameterAsInt();
else if (name.equals("ResetAccess")) else if (name.equals("ResetAccess"))
p_IsReset = "Y".equals(para[i].getParameter()); p_IsReset = "Y".equals(para[i].getParameter());
else else
@ -81,7 +77,7 @@ public class RoleAccessUpdate extends SvrProcess
*/ */
protected String doIt () throws Exception protected String doIt () throws Exception
{ {
if (log.isLoggable(Level.INFO)) log.info("AD_Client_ID=" + p_AD_Client_ID + ", AD_Role_ID=" + p_AD_Role_ID); if (log.isLoggable(Level.INFO)) log.info("AD_Role_ID=" + p_AD_Role_ID);
// //
if (p_AD_Role_ID > 0) if (p_AD_Role_ID > 0)
updateRole (new MRole (getCtx(), p_AD_Role_ID, get_TrxName())); updateRole (new MRole (getCtx(), p_AD_Role_ID, get_TrxName()));
@ -89,21 +85,16 @@ public class RoleAccessUpdate extends SvrProcess
{ {
List<Object> params = new ArrayList<Object>(); List<Object> params = new ArrayList<Object>();
StringBuilder whereClause = new StringBuilder("1=1"); StringBuilder whereClause = new StringBuilder("1=1");
if (p_AD_Client_ID > 0)
{
whereClause.append(" AND AD_Client_ID=? ");
params.add(p_AD_Client_ID);
}
if (p_AD_Role_ID == SystemIDs.ROLE_SYSTEM) // System Role if (p_AD_Role_ID == SystemIDs.ROLE_SYSTEM) // System Role
{ {
whereClause.append(" AND AD_Role_ID=?"); whereClause.append(" AND AD_Role_ID=?");
params.add(p_AD_Role_ID); params.add(p_AD_Role_ID);
} }
//sql += "ORDER BY AD_Client_ID, Name";
List<MRole> roles = new Query(getCtx(), MRole.Table_Name, whereClause.toString(), get_TrxName()) List<MRole> roles = new Query(getCtx(), MRole.Table_Name, whereClause.toString(), get_TrxName())
.setOnlyActiveRecords(true) .setOnlyActiveRecords(true)
.setParameters(params) .setParameters(params)
.setClient_ID(getAD_Client_ID() > 0) // to avoid Cross tenant PO reading if running from a client > 0 with no role
.setOrderBy("AD_Client_ID, Name") .setOrderBy("AD_Client_ID, Name")
.list(); .list();
@ -122,7 +113,7 @@ public class RoleAccessUpdate extends SvrProcess
*/ */
private void updateRole (MRole role) private void updateRole (MRole role)
{ {
StringBuilder msglog = new StringBuilder(role.getName()).append(": ") StringBuilder msglog = new StringBuilder(MClient.get(role.getAD_Client_ID()).getName()).append(" - ").append(role.getName()).append(": ")
.append(role.updateAccessRecords(p_IsReset)); .append(role.updateAccessRecords(p_IsReset));
addLog(0, null, null, msglog.toString()); addLog(0, null, null, msglog.toString());
} // updateRole } // updateRole