IDEMPIERE-162 Let Process Role Access Update honor previous modifications to permissions

http://jira.idempiere.com/browse/IDEMPIERE-162
Peer reviewed, tested and integrated by Carlos Ruiz - globalqss
This commit is contained in:
Hesham S. Ahmed 2012-05-23 09:42:51 -05:00
parent d858e4b230
commit fcd0f768e2
4 changed files with 86 additions and 40 deletions

View File

@ -0,0 +1,15 @@
-- Mar 19, 2012 2:15:08 AM AST
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
INSERT INTO AD_Process_Para (IsRange,AD_Process_Para_ID,FieldLength,AD_Process_ID,IsCentrallyMaintained,AD_Reference_ID,SeqNo,IsMandatory,DefaultValue,EntityType,Name,ColumnName,Description,IsActive,AD_Client_ID,UpdatedBy,Updated,CreatedBy,Created,AD_Org_ID) VALUES ('N',200007,0,295,'Y',20,30,'N','Y','D','Reset Existing Access','ResetAccess','Reset Existing Access','Y',0,100,TO_DATE('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),100,TO_DATE('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),0)
;
-- Mar 19, 2012 2:15:08 AM AST
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
INSERT INTO AD_Process_Para_Trl (AD_Language,AD_Process_Para_ID, Help,Name,Description, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy) SELECT l.AD_Language,t.AD_Process_Para_ID, t.Help,t.Name,t.Description, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy FROM AD_Language l, AD_Process_Para t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Process_Para_ID=200007 AND NOT EXISTS (SELECT * FROM AD_Process_Para_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Process_Para_ID=t.AD_Process_Para_ID)
;
UPDATE AD_System
SET LastMigrationScriptApplied='839_IDEMPIERE-162.sql'
WHERE LastMigrationScriptApplied<'839_IDEMPIERE-162.sql'
OR LastMigrationScriptApplied IS NULL
;

View File

@ -0,0 +1,15 @@
-- Mar 19, 2012 2:15:08 AM AST
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
INSERT INTO AD_Process_Para (IsRange,AD_Process_Para_ID,FieldLength,AD_Process_ID,IsCentrallyMaintained,AD_Reference_ID,SeqNo,IsMandatory,DefaultValue,EntityType,Name,ColumnName,Description,IsActive,AD_Client_ID,UpdatedBy,Updated,CreatedBy,Created,AD_Org_ID) VALUES ('N',200007,0,295,'Y',20,30,'N','Y','D','Reset Existing Access','ResetAccess','Reset Existing Access','Y',0,100,TO_TIMESTAMP('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),100,TO_TIMESTAMP('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),0)
;
-- Mar 19, 2012 2:15:08 AM AST
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
INSERT INTO AD_Process_Para_Trl (AD_Language,AD_Process_Para_ID, Help,Name,Description, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy) SELECT l.AD_Language,t.AD_Process_Para_ID, t.Help,t.Name,t.Description, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy FROM AD_Language l, AD_Process_Para t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Process_Para_ID=200007 AND NOT EXISTS (SELECT * FROM AD_Process_Para_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Process_Para_ID=t.AD_Process_Para_ID)
;
UPDATE AD_System
SET LastMigrationScriptApplied='839_IDEMPIERE-162.sql'
WHERE LastMigrationScriptApplied<'839_IDEMPIERE-162.sql'
OR LastMigrationScriptApplied IS NULL
;

View File

@ -46,6 +46,8 @@ public class RoleAccessUpdate extends SvrProcess
private int p_AD_Role_ID = -1; private int p_AD_Role_ID = -1;
/** Update Roles of Client */ /** Update Roles of Client */
private int p_AD_Client_ID = -1; private int p_AD_Client_ID = -1;
/** Reset Existing Access */
private boolean p_IsReset = true;
/** /**
@ -63,6 +65,8 @@ public class RoleAccessUpdate extends SvrProcess
p_AD_Role_ID = para[i].getParameterAsInt(); p_AD_Role_ID = para[i].getParameterAsInt();
else if (name.equals("AD_Client_ID")) else if (name.equals("AD_Client_ID"))
p_AD_Client_ID = para[i].getParameterAsInt(); p_AD_Client_ID = para[i].getParameterAsInt();
else if (name.equals("ResetAccess"))
p_IsReset = "Y".equals(para[i].getParameter());
else else
log.log(Level.SEVERE, "Unknown Parameter: " + name); log.log(Level.SEVERE, "Unknown Parameter: " + name);
} }
@ -117,7 +121,7 @@ public class RoleAccessUpdate extends SvrProcess
private void updateRole (MRole role) private void updateRole (MRole role)
{ {
addLog(0, null, null, role.getName() + ": " addLog(0, null, null, role.getName() + ": "
+ role.updateAccessRecords()); + role.updateAccessRecords(p_IsReset));
} // updateRole } // updateRole
//add main method, preparing for nightly build //add main method, preparing for nightly build

View File

@ -398,15 +398,25 @@ public final class MRole extends X_AD_Role implements SystemIDs
return success; return success;
} // afterDelete } // afterDelete
/**
* Create Access Records
* @return info
*/
public String updateAccessRecords ()
{
return updateAccessRecords(true);
}
/** /**
* Create Access Records * Create Access Records
* @param reset true will reset existing access
* @return info * @return info
*/ */
public String updateAccessRecords () public String updateAccessRecords (boolean reset)
{ {
if (isManual()) if (isManual())
return "-"; return "-";
String roleClientOrgUser = getAD_Role_ID() + "," String roleClientOrgUser = getAD_Role_ID() + ","
+ getAD_Client_ID() + "," + getAD_Org_ID() + ",'Y', SysDate," + getAD_Client_ID() + "," + getAD_Org_ID() + ",'Y', SysDate,"
@ -419,31 +429,40 @@ public final class MRole extends X_AD_Role implements SystemIDs
+ "SELECT DISTINCT w.AD_Window_ID, " + roleClientOrgUser + "SELECT DISTINCT w.AD_Window_ID, " + roleClientOrgUser
+ "FROM AD_Window w" + "FROM AD_Window w"
+ " INNER JOIN AD_Tab t ON (w.AD_Window_ID=t.AD_Window_ID)" + " INNER JOIN AD_Tab t ON (w.AD_Window_ID=t.AD_Window_ID)"
+ " INNER JOIN AD_Table tt ON (t.AD_Table_ID=tt.AD_Table_ID) " + " INNER JOIN AD_Table tt ON (t.AD_Table_ID=tt.AD_Table_ID) "
+ "WHERE t.SeqNo=(SELECT MIN(SeqNo) FROM AD_Tab xt " // only check first tab + " LEFT JOIN AD_Window_Access wa ON "
+ "(wa.AD_Role_ID=" + getAD_Role_ID()
+ " AND w.AD_Window_ID = wa.AD_Window_ID) "
+ "WHERE wa.AD_Window_ID IS NULL AND t.SeqNo=(SELECT MIN(SeqNo) FROM AD_Tab xt " // only check first tab
+ "WHERE xt.AD_Window_ID=w.AD_Window_ID)" + "WHERE xt.AD_Window_ID=w.AD_Window_ID)"
+ "AND tt.AccessLevel IN "; + "AND tt.AccessLevel IN ";
String sqlProcess = "INSERT INTO AD_Process_Access " String sqlProcess = "INSERT INTO AD_Process_Access "
+ "(AD_Process_ID, AD_Role_ID," + "(AD_Process_ID, AD_Role_ID,"
+ " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) " + " AD_Client_ID, AD_Org_ID, IsActive, Created, CreatedBy, Updated, UpdatedBy, IsReadWrite) "
+ "SELECT DISTINCT p.AD_Process_ID, " + roleClientOrgUser + "SELECT DISTINCT p.AD_Process_ID, " + roleClientOrgUser
+ "FROM AD_Process p " + "FROM AD_Process p LEFT JOIN AD_Process_Access pa ON "
+ "WHERE AccessLevel IN "; + "(pa.AD_Role_ID=" + getAD_Role_ID()
+ " AND p.AD_Process_ID = pa.AD_Process_ID) "
+ "WHERE pa.AD_Process_ID IS NULL AND AccessLevel IN ";
String sqlForm = "INSERT INTO AD_Form_Access " String sqlForm = "INSERT INTO AD_Form_Access "
+ "(AD_Form_ID, AD_Role_ID," + "(AD_Form_ID, AD_Role_ID,"
+ " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) " + " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) "
+ "SELECT f.AD_Form_ID, " + roleClientOrgUser + "SELECT f.AD_Form_ID, " + roleClientOrgUser
+ "FROM AD_Form f " + "FROM AD_Form f LEFT JOIN AD_Form_Access fa ON "
+ "WHERE AccessLevel IN "; + "(fa.AD_Role_ID=" + getAD_Role_ID()
+ " AND f.AD_Form_ID = fa.AD_Form_ID) "
+ "WHERE fa.AD_Form_ID IS NULL AND AccessLevel IN ";
String sqlWorkflow = "INSERT INTO AD_WorkFlow_Access " String sqlWorkflow = "INSERT INTO AD_WorkFlow_Access "
+ "(AD_WorkFlow_ID, AD_Role_ID," + "(AD_WorkFlow_ID, AD_Role_ID,"
+ " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) " + " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) "
+ "SELECT w.AD_WorkFlow_ID, " + roleClientOrgUser + "SELECT w.AD_WorkFlow_ID, " + roleClientOrgUser
+ "FROM AD_WorkFlow w " + "FROM AD_WorkFlow w LEFT JOIN AD_WorkFlow_Access wa ON "
+ "WHERE AccessLevel IN "; + "(wa.AD_Role_ID=" + getAD_Role_ID()
+ " AND w.AD_WorkFlow_ID = wa.AD_WorkFlow_ID) "
+ "WHERE wa.AD_WorkFlow_ID IS NULL AND AccessLevel IN ";
String sqlDocAction = "INSERT INTO AD_Document_Action_Access " String sqlDocAction = "INSERT INTO AD_Document_Action_Access "
+ "(AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy," + "(AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,"
@ -457,7 +476,10 @@ public final class MRole extends X_AD_Role implements SystemIDs
+ "INNER JOIN AD_Ref_List action ON (action.AD_Reference_ID=135) " + "INNER JOIN AD_Ref_List action ON (action.AD_Reference_ID=135) "
+ "INNER JOIN AD_Role rol ON (rol.AD_Client_ID=client.AD_Client_ID " + "INNER JOIN AD_Role rol ON (rol.AD_Client_ID=client.AD_Client_ID "
+ "AND rol.AD_Role_ID=" + getAD_Role_ID() + "AND rol.AD_Role_ID=" + getAD_Role_ID()
+ ") )"; + ") LEFT JOIN AD_Document_Action_Access da ON "
+ "(da.AD_Role_ID=" + getAD_Role_ID()
+ " AND da.C_DocType_ID=doctype.C_DocType_ID AND da.AD_Ref_List_ID=action.AD_Ref_List_ID) "
+ "WHERE (da.C_DocType_ID IS NULL AND da.AD_Ref_List_ID IS NULL)) ";
/** /**
@ -489,26 +511,16 @@ public final class MRole extends X_AD_Role implements SystemIDs
+ " AND w.Name NOT LIKE '%(all)%'"; + " AND w.Name NOT LIKE '%(all)%'";
} }
if (roleAccessLevelWin == null) if (roleAccessLevelWin == null)
roleAccessLevelWin = roleAccessLevel; roleAccessLevelWin = roleAccessLevel;
//
String whereDel = " WHERE AD_Role_ID=" + getAD_Role_ID(); if (reset)
// deleteAccessRecords();
int winDel = DB.executeUpdate("DELETE FROM AD_Window_Access" + whereDel, get_TrxName());
int win = DB.executeUpdate(sqlWindow + roleAccessLevelWin, get_TrxName());
int procDel = DB.executeUpdate("DELETE FROM AD_Process_Access" + whereDel, get_TrxName());
int proc = DB.executeUpdate(sqlProcess + roleAccessLevel, get_TrxName());
int formDel = DB.executeUpdate("DELETE FROM AD_Form_Access" + whereDel, get_TrxName());
int form = DB.executeUpdate(sqlForm + roleAccessLevel, get_TrxName());
int wfDel = DB.executeUpdate("DELETE FROM AD_WorkFlow_Access" + whereDel, get_TrxName());
int wf = DB.executeUpdate(sqlWorkflow + roleAccessLevel, get_TrxName());
int docactDel = DB.executeUpdate("DELETE FROM AD_Document_Action_Access" + whereDel, get_TrxName());
int docact = DB.executeUpdate(sqlDocAction, get_TrxName());
log.fine("AD_Window_ID=" + winDel + "+" + win int win = DB.executeUpdate(sqlWindow + roleAccessLevelWin, get_TrxName());
+ ", AD_Process_ID=" + procDel + "+" + proc int proc = DB.executeUpdate(sqlProcess + roleAccessLevel, get_TrxName());
+ ", AD_Form_ID=" + formDel + "+" + form int form = DB.executeUpdate(sqlForm + roleAccessLevel, get_TrxName());
+ ", AD_Workflow_ID=" + wfDel + "+" + wf int wf = DB.executeUpdate(sqlWorkflow + roleAccessLevel, get_TrxName());
+ ", AD_Document_Action_Access=" + docactDel + "+" + docact); int docact = DB.executeUpdate(sqlDocAction, get_TrxName());
loadAccess(true); loadAccess(true);
return "@AD_Window_ID@ #" + win return "@AD_Window_ID@ #" + win