From fcd0f768e22179f321b4a31f4bbbf0c2258bc117 Mon Sep 17 00:00:00 2001 From: "Hesham S. Ahmed" Date: Wed, 23 May 2012 09:42:51 -0500 Subject: [PATCH] IDEMPIERE-162 Let Process Role Access Update honor previous modifications to permissions http://jira.idempiere.com/browse/IDEMPIERE-162 Peer reviewed, tested and integrated by Carlos Ruiz - globalqss --- .../oracle/839_IDEMPIERE-162.sql | 15 ++++ .../postgresql/839_IDEMPIERE-162.sql | 15 ++++ .../compiere/process/RoleAccessUpdate.java | 6 +- .../src/org/compiere/model/MRole.java | 90 +++++++++++-------- 4 files changed, 86 insertions(+), 40 deletions(-) create mode 100644 migration/360lts-release/oracle/839_IDEMPIERE-162.sql create mode 100644 migration/360lts-release/postgresql/839_IDEMPIERE-162.sql diff --git a/migration/360lts-release/oracle/839_IDEMPIERE-162.sql b/migration/360lts-release/oracle/839_IDEMPIERE-162.sql new file mode 100644 index 0000000000..e92fdabcd2 --- /dev/null +++ b/migration/360lts-release/oracle/839_IDEMPIERE-162.sql @@ -0,0 +1,15 @@ +-- Mar 19, 2012 2:15:08 AM AST +-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions +INSERT INTO AD_Process_Para (IsRange,AD_Process_Para_ID,FieldLength,AD_Process_ID,IsCentrallyMaintained,AD_Reference_ID,SeqNo,IsMandatory,DefaultValue,EntityType,Name,ColumnName,Description,IsActive,AD_Client_ID,UpdatedBy,Updated,CreatedBy,Created,AD_Org_ID) VALUES ('N',200007,0,295,'Y',20,30,'N','Y','D','Reset Existing Access','ResetAccess','Reset Existing Access','Y',0,100,TO_DATE('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),100,TO_DATE('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),0) +; + +-- Mar 19, 2012 2:15:08 AM AST +-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions +INSERT INTO AD_Process_Para_Trl (AD_Language,AD_Process_Para_ID, Help,Name,Description, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy) SELECT l.AD_Language,t.AD_Process_Para_ID, t.Help,t.Name,t.Description, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy FROM AD_Language l, AD_Process_Para t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Process_Para_ID=200007 AND NOT EXISTS (SELECT * FROM AD_Process_Para_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Process_Para_ID=t.AD_Process_Para_ID) +; + +UPDATE AD_System + SET LastMigrationScriptApplied='839_IDEMPIERE-162.sql' +WHERE LastMigrationScriptApplied<'839_IDEMPIERE-162.sql' + OR LastMigrationScriptApplied IS NULL +; diff --git a/migration/360lts-release/postgresql/839_IDEMPIERE-162.sql b/migration/360lts-release/postgresql/839_IDEMPIERE-162.sql new file mode 100644 index 0000000000..cf292f3557 --- /dev/null +++ b/migration/360lts-release/postgresql/839_IDEMPIERE-162.sql @@ -0,0 +1,15 @@ +-- Mar 19, 2012 2:15:08 AM AST +-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions +INSERT INTO AD_Process_Para (IsRange,AD_Process_Para_ID,FieldLength,AD_Process_ID,IsCentrallyMaintained,AD_Reference_ID,SeqNo,IsMandatory,DefaultValue,EntityType,Name,ColumnName,Description,IsActive,AD_Client_ID,UpdatedBy,Updated,CreatedBy,Created,AD_Org_ID) VALUES ('N',200007,0,295,'Y',20,30,'N','Y','D','Reset Existing Access','ResetAccess','Reset Existing Access','Y',0,100,TO_TIMESTAMP('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),100,TO_TIMESTAMP('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),0) +; + +-- Mar 19, 2012 2:15:08 AM AST +-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions +INSERT INTO AD_Process_Para_Trl (AD_Language,AD_Process_Para_ID, Help,Name,Description, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy) SELECT l.AD_Language,t.AD_Process_Para_ID, t.Help,t.Name,t.Description, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy FROM AD_Language l, AD_Process_Para t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Process_Para_ID=200007 AND NOT EXISTS (SELECT * FROM AD_Process_Para_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Process_Para_ID=t.AD_Process_Para_ID) +; + +UPDATE AD_System + SET LastMigrationScriptApplied='839_IDEMPIERE-162.sql' +WHERE LastMigrationScriptApplied<'839_IDEMPIERE-162.sql' + OR LastMigrationScriptApplied IS NULL +; diff --git a/org.adempiere.base.process/src/org/compiere/process/RoleAccessUpdate.java b/org.adempiere.base.process/src/org/compiere/process/RoleAccessUpdate.java index d12803e899..77ebb01ce7 100644 --- a/org.adempiere.base.process/src/org/compiere/process/RoleAccessUpdate.java +++ b/org.adempiere.base.process/src/org/compiere/process/RoleAccessUpdate.java @@ -46,6 +46,8 @@ public class RoleAccessUpdate extends SvrProcess private int p_AD_Role_ID = -1; /** Update Roles of Client */ private int p_AD_Client_ID = -1; + /** Reset Existing Access */ + private boolean p_IsReset = true; /** @@ -63,6 +65,8 @@ public class RoleAccessUpdate extends SvrProcess p_AD_Role_ID = para[i].getParameterAsInt(); else if (name.equals("AD_Client_ID")) p_AD_Client_ID = para[i].getParameterAsInt(); + else if (name.equals("ResetAccess")) + p_IsReset = "Y".equals(para[i].getParameter()); else log.log(Level.SEVERE, "Unknown Parameter: " + name); } @@ -117,7 +121,7 @@ public class RoleAccessUpdate extends SvrProcess private void updateRole (MRole role) { addLog(0, null, null, role.getName() + ": " - + role.updateAccessRecords()); + + role.updateAccessRecords(p_IsReset)); } // updateRole //add main method, preparing for nightly build diff --git a/org.adempiere.base/src/org/compiere/model/MRole.java b/org.adempiere.base/src/org/compiere/model/MRole.java index 1f3ad18009..880d089d1b 100644 --- a/org.adempiere.base/src/org/compiere/model/MRole.java +++ b/org.adempiere.base/src/org/compiere/model/MRole.java @@ -398,15 +398,25 @@ public final class MRole extends X_AD_Role implements SystemIDs return success; } // afterDelete - + /** + * Create Access Records + * @return info + */ + public String updateAccessRecords () + { + return updateAccessRecords(true); + } + + /** - * Create Access Records + * Create Access Records + * @param reset true will reset existing access * @return info */ - public String updateAccessRecords () - { - if (isManual()) - return "-"; + public String updateAccessRecords (boolean reset) + { + if (isManual()) + return "-"; String roleClientOrgUser = getAD_Role_ID() + "," + getAD_Client_ID() + "," + getAD_Org_ID() + ",'Y', SysDate," @@ -419,31 +429,40 @@ public final class MRole extends X_AD_Role implements SystemIDs + "SELECT DISTINCT w.AD_Window_ID, " + roleClientOrgUser + "FROM AD_Window w" + " INNER JOIN AD_Tab t ON (w.AD_Window_ID=t.AD_Window_ID)" - + " INNER JOIN AD_Table tt ON (t.AD_Table_ID=tt.AD_Table_ID) " - + "WHERE t.SeqNo=(SELECT MIN(SeqNo) FROM AD_Tab xt " // only check first tab + + " INNER JOIN AD_Table tt ON (t.AD_Table_ID=tt.AD_Table_ID) " + + " LEFT JOIN AD_Window_Access wa ON " + + "(wa.AD_Role_ID=" + getAD_Role_ID() + + " AND w.AD_Window_ID = wa.AD_Window_ID) " + + "WHERE wa.AD_Window_ID IS NULL AND t.SeqNo=(SELECT MIN(SeqNo) FROM AD_Tab xt " // only check first tab + "WHERE xt.AD_Window_ID=w.AD_Window_ID)" + "AND tt.AccessLevel IN "; - - String sqlProcess = "INSERT INTO AD_Process_Access " - + "(AD_Process_ID, AD_Role_ID," - + " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) " - + "SELECT DISTINCT p.AD_Process_ID, " + roleClientOrgUser - + "FROM AD_Process p " - + "WHERE AccessLevel IN "; + + String sqlProcess = "INSERT INTO AD_Process_Access " + + "(AD_Process_ID, AD_Role_ID," + + " AD_Client_ID, AD_Org_ID, IsActive, Created, CreatedBy, Updated, UpdatedBy, IsReadWrite) " + + "SELECT DISTINCT p.AD_Process_ID, " + roleClientOrgUser + + "FROM AD_Process p LEFT JOIN AD_Process_Access pa ON " + + "(pa.AD_Role_ID=" + getAD_Role_ID() + + " AND p.AD_Process_ID = pa.AD_Process_ID) " + + "WHERE pa.AD_Process_ID IS NULL AND AccessLevel IN "; String sqlForm = "INSERT INTO AD_Form_Access " + "(AD_Form_ID, AD_Role_ID," + " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) " + "SELECT f.AD_Form_ID, " + roleClientOrgUser - + "FROM AD_Form f " - + "WHERE AccessLevel IN "; + + "FROM AD_Form f LEFT JOIN AD_Form_Access fa ON " + + "(fa.AD_Role_ID=" + getAD_Role_ID() + + " AND f.AD_Form_ID = fa.AD_Form_ID) " + + "WHERE fa.AD_Form_ID IS NULL AND AccessLevel IN "; String sqlWorkflow = "INSERT INTO AD_WorkFlow_Access " + "(AD_WorkFlow_ID, AD_Role_ID," + " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) " + "SELECT w.AD_WorkFlow_ID, " + roleClientOrgUser - + "FROM AD_WorkFlow w " - + "WHERE AccessLevel IN "; + + "FROM AD_WorkFlow w LEFT JOIN AD_WorkFlow_Access wa ON " + + "(wa.AD_Role_ID=" + getAD_Role_ID() + + " AND w.AD_WorkFlow_ID = wa.AD_WorkFlow_ID) " + + "WHERE wa.AD_WorkFlow_ID IS NULL AND AccessLevel IN "; String sqlDocAction = "INSERT INTO AD_Document_Action_Access " + "(AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy," @@ -457,7 +476,10 @@ public final class MRole extends X_AD_Role implements SystemIDs + "INNER JOIN AD_Ref_List action ON (action.AD_Reference_ID=135) " + "INNER JOIN AD_Role rol ON (rol.AD_Client_ID=client.AD_Client_ID " + "AND rol.AD_Role_ID=" + getAD_Role_ID() - + ") )"; + + ") LEFT JOIN AD_Document_Action_Access da ON " + + "(da.AD_Role_ID=" + getAD_Role_ID() + + " AND da.C_DocType_ID=doctype.C_DocType_ID AND da.AD_Ref_List_ID=action.AD_Ref_List_ID) " + + "WHERE (da.C_DocType_ID IS NULL AND da.AD_Ref_List_ID IS NULL)) "; /** @@ -489,26 +511,16 @@ public final class MRole extends X_AD_Role implements SystemIDs + " AND w.Name NOT LIKE '%(all)%'"; } if (roleAccessLevelWin == null) - roleAccessLevelWin = roleAccessLevel; - // - String whereDel = " WHERE AD_Role_ID=" + getAD_Role_ID(); - // - int winDel = DB.executeUpdate("DELETE FROM AD_Window_Access" + whereDel, get_TrxName()); - int win = DB.executeUpdate(sqlWindow + roleAccessLevelWin, get_TrxName()); - int procDel = DB.executeUpdate("DELETE FROM AD_Process_Access" + whereDel, get_TrxName()); - int proc = DB.executeUpdate(sqlProcess + roleAccessLevel, get_TrxName()); - int formDel = DB.executeUpdate("DELETE FROM AD_Form_Access" + whereDel, get_TrxName()); - int form = DB.executeUpdate(sqlForm + roleAccessLevel, get_TrxName()); - int wfDel = DB.executeUpdate("DELETE FROM AD_WorkFlow_Access" + whereDel, get_TrxName()); - int wf = DB.executeUpdate(sqlWorkflow + roleAccessLevel, get_TrxName()); - int docactDel = DB.executeUpdate("DELETE FROM AD_Document_Action_Access" + whereDel, get_TrxName()); - int docact = DB.executeUpdate(sqlDocAction, get_TrxName()); + roleAccessLevelWin = roleAccessLevel; + + if (reset) + deleteAccessRecords(); - log.fine("AD_Window_ID=" + winDel + "+" + win - + ", AD_Process_ID=" + procDel + "+" + proc - + ", AD_Form_ID=" + formDel + "+" + form - + ", AD_Workflow_ID=" + wfDel + "+" + wf - + ", AD_Document_Action_Access=" + docactDel + "+" + docact); + int win = DB.executeUpdate(sqlWindow + roleAccessLevelWin, get_TrxName()); + int proc = DB.executeUpdate(sqlProcess + roleAccessLevel, get_TrxName()); + int form = DB.executeUpdate(sqlForm + roleAccessLevel, get_TrxName()); + int wf = DB.executeUpdate(sqlWorkflow + roleAccessLevel, get_TrxName()); + int docact = DB.executeUpdate(sqlDocAction, get_TrxName()); loadAccess(true); return "@AD_Window_ID@ #" + win