IDEMPIERE-162 Let Process Role Access Update honor previous modifications to permissions
http://jira.idempiere.com/browse/IDEMPIERE-162 Peer reviewed, tested and integrated by Carlos Ruiz - globalqss
This commit is contained in:
parent
d858e4b230
commit
fcd0f768e2
|
@ -0,0 +1,15 @@
|
||||||
|
-- Mar 19, 2012 2:15:08 AM AST
|
||||||
|
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
|
||||||
|
INSERT INTO AD_Process_Para (IsRange,AD_Process_Para_ID,FieldLength,AD_Process_ID,IsCentrallyMaintained,AD_Reference_ID,SeqNo,IsMandatory,DefaultValue,EntityType,Name,ColumnName,Description,IsActive,AD_Client_ID,UpdatedBy,Updated,CreatedBy,Created,AD_Org_ID) VALUES ('N',200007,0,295,'Y',20,30,'N','Y','D','Reset Existing Access','ResetAccess','Reset Existing Access','Y',0,100,TO_DATE('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),100,TO_DATE('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),0)
|
||||||
|
;
|
||||||
|
|
||||||
|
-- Mar 19, 2012 2:15:08 AM AST
|
||||||
|
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
|
||||||
|
INSERT INTO AD_Process_Para_Trl (AD_Language,AD_Process_Para_ID, Help,Name,Description, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy) SELECT l.AD_Language,t.AD_Process_Para_ID, t.Help,t.Name,t.Description, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy FROM AD_Language l, AD_Process_Para t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Process_Para_ID=200007 AND NOT EXISTS (SELECT * FROM AD_Process_Para_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Process_Para_ID=t.AD_Process_Para_ID)
|
||||||
|
;
|
||||||
|
|
||||||
|
UPDATE AD_System
|
||||||
|
SET LastMigrationScriptApplied='839_IDEMPIERE-162.sql'
|
||||||
|
WHERE LastMigrationScriptApplied<'839_IDEMPIERE-162.sql'
|
||||||
|
OR LastMigrationScriptApplied IS NULL
|
||||||
|
;
|
|
@ -0,0 +1,15 @@
|
||||||
|
-- Mar 19, 2012 2:15:08 AM AST
|
||||||
|
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
|
||||||
|
INSERT INTO AD_Process_Para (IsRange,AD_Process_Para_ID,FieldLength,AD_Process_ID,IsCentrallyMaintained,AD_Reference_ID,SeqNo,IsMandatory,DefaultValue,EntityType,Name,ColumnName,Description,IsActive,AD_Client_ID,UpdatedBy,Updated,CreatedBy,Created,AD_Org_ID) VALUES ('N',200007,0,295,'Y',20,30,'N','Y','D','Reset Existing Access','ResetAccess','Reset Existing Access','Y',0,100,TO_TIMESTAMP('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),100,TO_TIMESTAMP('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),0)
|
||||||
|
;
|
||||||
|
|
||||||
|
-- Mar 19, 2012 2:15:08 AM AST
|
||||||
|
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
|
||||||
|
INSERT INTO AD_Process_Para_Trl (AD_Language,AD_Process_Para_ID, Help,Name,Description, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy) SELECT l.AD_Language,t.AD_Process_Para_ID, t.Help,t.Name,t.Description, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy FROM AD_Language l, AD_Process_Para t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Process_Para_ID=200007 AND NOT EXISTS (SELECT * FROM AD_Process_Para_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Process_Para_ID=t.AD_Process_Para_ID)
|
||||||
|
;
|
||||||
|
|
||||||
|
UPDATE AD_System
|
||||||
|
SET LastMigrationScriptApplied='839_IDEMPIERE-162.sql'
|
||||||
|
WHERE LastMigrationScriptApplied<'839_IDEMPIERE-162.sql'
|
||||||
|
OR LastMigrationScriptApplied IS NULL
|
||||||
|
;
|
|
@ -46,6 +46,8 @@ public class RoleAccessUpdate extends SvrProcess
|
||||||
private int p_AD_Role_ID = -1;
|
private int p_AD_Role_ID = -1;
|
||||||
/** Update Roles of Client */
|
/** Update Roles of Client */
|
||||||
private int p_AD_Client_ID = -1;
|
private int p_AD_Client_ID = -1;
|
||||||
|
/** Reset Existing Access */
|
||||||
|
private boolean p_IsReset = true;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -63,6 +65,8 @@ public class RoleAccessUpdate extends SvrProcess
|
||||||
p_AD_Role_ID = para[i].getParameterAsInt();
|
p_AD_Role_ID = para[i].getParameterAsInt();
|
||||||
else if (name.equals("AD_Client_ID"))
|
else if (name.equals("AD_Client_ID"))
|
||||||
p_AD_Client_ID = para[i].getParameterAsInt();
|
p_AD_Client_ID = para[i].getParameterAsInt();
|
||||||
|
else if (name.equals("ResetAccess"))
|
||||||
|
p_IsReset = "Y".equals(para[i].getParameter());
|
||||||
else
|
else
|
||||||
log.log(Level.SEVERE, "Unknown Parameter: " + name);
|
log.log(Level.SEVERE, "Unknown Parameter: " + name);
|
||||||
}
|
}
|
||||||
|
@ -117,7 +121,7 @@ public class RoleAccessUpdate extends SvrProcess
|
||||||
private void updateRole (MRole role)
|
private void updateRole (MRole role)
|
||||||
{
|
{
|
||||||
addLog(0, null, null, role.getName() + ": "
|
addLog(0, null, null, role.getName() + ": "
|
||||||
+ role.updateAccessRecords());
|
+ role.updateAccessRecords(p_IsReset));
|
||||||
} // updateRole
|
} // updateRole
|
||||||
|
|
||||||
//add main method, preparing for nightly build
|
//add main method, preparing for nightly build
|
||||||
|
|
|
@ -398,15 +398,25 @@ public final class MRole extends X_AD_Role implements SystemIDs
|
||||||
return success;
|
return success;
|
||||||
} // afterDelete
|
} // afterDelete
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create Access Records
|
||||||
|
* @return info
|
||||||
|
*/
|
||||||
|
public String updateAccessRecords ()
|
||||||
|
{
|
||||||
|
return updateAccessRecords(true);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create Access Records
|
* Create Access Records
|
||||||
|
* @param reset true will reset existing access
|
||||||
* @return info
|
* @return info
|
||||||
*/
|
*/
|
||||||
public String updateAccessRecords ()
|
public String updateAccessRecords (boolean reset)
|
||||||
{
|
{
|
||||||
if (isManual())
|
if (isManual())
|
||||||
return "-";
|
return "-";
|
||||||
|
|
||||||
String roleClientOrgUser = getAD_Role_ID() + ","
|
String roleClientOrgUser = getAD_Role_ID() + ","
|
||||||
+ getAD_Client_ID() + "," + getAD_Org_ID() + ",'Y', SysDate,"
|
+ getAD_Client_ID() + "," + getAD_Org_ID() + ",'Y', SysDate,"
|
||||||
|
@ -419,31 +429,40 @@ public final class MRole extends X_AD_Role implements SystemIDs
|
||||||
+ "SELECT DISTINCT w.AD_Window_ID, " + roleClientOrgUser
|
+ "SELECT DISTINCT w.AD_Window_ID, " + roleClientOrgUser
|
||||||
+ "FROM AD_Window w"
|
+ "FROM AD_Window w"
|
||||||
+ " INNER JOIN AD_Tab t ON (w.AD_Window_ID=t.AD_Window_ID)"
|
+ " INNER JOIN AD_Tab t ON (w.AD_Window_ID=t.AD_Window_ID)"
|
||||||
+ " INNER JOIN AD_Table tt ON (t.AD_Table_ID=tt.AD_Table_ID) "
|
+ " INNER JOIN AD_Table tt ON (t.AD_Table_ID=tt.AD_Table_ID) "
|
||||||
+ "WHERE t.SeqNo=(SELECT MIN(SeqNo) FROM AD_Tab xt " // only check first tab
|
+ " LEFT JOIN AD_Window_Access wa ON "
|
||||||
|
+ "(wa.AD_Role_ID=" + getAD_Role_ID()
|
||||||
|
+ " AND w.AD_Window_ID = wa.AD_Window_ID) "
|
||||||
|
+ "WHERE wa.AD_Window_ID IS NULL AND t.SeqNo=(SELECT MIN(SeqNo) FROM AD_Tab xt " // only check first tab
|
||||||
+ "WHERE xt.AD_Window_ID=w.AD_Window_ID)"
|
+ "WHERE xt.AD_Window_ID=w.AD_Window_ID)"
|
||||||
+ "AND tt.AccessLevel IN ";
|
+ "AND tt.AccessLevel IN ";
|
||||||
|
|
||||||
String sqlProcess = "INSERT INTO AD_Process_Access "
|
String sqlProcess = "INSERT INTO AD_Process_Access "
|
||||||
+ "(AD_Process_ID, AD_Role_ID,"
|
+ "(AD_Process_ID, AD_Role_ID,"
|
||||||
+ " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) "
|
+ " AD_Client_ID, AD_Org_ID, IsActive, Created, CreatedBy, Updated, UpdatedBy, IsReadWrite) "
|
||||||
+ "SELECT DISTINCT p.AD_Process_ID, " + roleClientOrgUser
|
+ "SELECT DISTINCT p.AD_Process_ID, " + roleClientOrgUser
|
||||||
+ "FROM AD_Process p "
|
+ "FROM AD_Process p LEFT JOIN AD_Process_Access pa ON "
|
||||||
+ "WHERE AccessLevel IN ";
|
+ "(pa.AD_Role_ID=" + getAD_Role_ID()
|
||||||
|
+ " AND p.AD_Process_ID = pa.AD_Process_ID) "
|
||||||
|
+ "WHERE pa.AD_Process_ID IS NULL AND AccessLevel IN ";
|
||||||
|
|
||||||
String sqlForm = "INSERT INTO AD_Form_Access "
|
String sqlForm = "INSERT INTO AD_Form_Access "
|
||||||
+ "(AD_Form_ID, AD_Role_ID,"
|
+ "(AD_Form_ID, AD_Role_ID,"
|
||||||
+ " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) "
|
+ " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) "
|
||||||
+ "SELECT f.AD_Form_ID, " + roleClientOrgUser
|
+ "SELECT f.AD_Form_ID, " + roleClientOrgUser
|
||||||
+ "FROM AD_Form f "
|
+ "FROM AD_Form f LEFT JOIN AD_Form_Access fa ON "
|
||||||
+ "WHERE AccessLevel IN ";
|
+ "(fa.AD_Role_ID=" + getAD_Role_ID()
|
||||||
|
+ " AND f.AD_Form_ID = fa.AD_Form_ID) "
|
||||||
|
+ "WHERE fa.AD_Form_ID IS NULL AND AccessLevel IN ";
|
||||||
|
|
||||||
String sqlWorkflow = "INSERT INTO AD_WorkFlow_Access "
|
String sqlWorkflow = "INSERT INTO AD_WorkFlow_Access "
|
||||||
+ "(AD_WorkFlow_ID, AD_Role_ID,"
|
+ "(AD_WorkFlow_ID, AD_Role_ID,"
|
||||||
+ " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) "
|
+ " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) "
|
||||||
+ "SELECT w.AD_WorkFlow_ID, " + roleClientOrgUser
|
+ "SELECT w.AD_WorkFlow_ID, " + roleClientOrgUser
|
||||||
+ "FROM AD_WorkFlow w "
|
+ "FROM AD_WorkFlow w LEFT JOIN AD_WorkFlow_Access wa ON "
|
||||||
+ "WHERE AccessLevel IN ";
|
+ "(wa.AD_Role_ID=" + getAD_Role_ID()
|
||||||
|
+ " AND w.AD_WorkFlow_ID = wa.AD_WorkFlow_ID) "
|
||||||
|
+ "WHERE wa.AD_WorkFlow_ID IS NULL AND AccessLevel IN ";
|
||||||
|
|
||||||
String sqlDocAction = "INSERT INTO AD_Document_Action_Access "
|
String sqlDocAction = "INSERT INTO AD_Document_Action_Access "
|
||||||
+ "(AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,"
|
+ "(AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,"
|
||||||
|
@ -457,7 +476,10 @@ public final class MRole extends X_AD_Role implements SystemIDs
|
||||||
+ "INNER JOIN AD_Ref_List action ON (action.AD_Reference_ID=135) "
|
+ "INNER JOIN AD_Ref_List action ON (action.AD_Reference_ID=135) "
|
||||||
+ "INNER JOIN AD_Role rol ON (rol.AD_Client_ID=client.AD_Client_ID "
|
+ "INNER JOIN AD_Role rol ON (rol.AD_Client_ID=client.AD_Client_ID "
|
||||||
+ "AND rol.AD_Role_ID=" + getAD_Role_ID()
|
+ "AND rol.AD_Role_ID=" + getAD_Role_ID()
|
||||||
+ ") )";
|
+ ") LEFT JOIN AD_Document_Action_Access da ON "
|
||||||
|
+ "(da.AD_Role_ID=" + getAD_Role_ID()
|
||||||
|
+ " AND da.C_DocType_ID=doctype.C_DocType_ID AND da.AD_Ref_List_ID=action.AD_Ref_List_ID) "
|
||||||
|
+ "WHERE (da.C_DocType_ID IS NULL AND da.AD_Ref_List_ID IS NULL)) ";
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -489,26 +511,16 @@ public final class MRole extends X_AD_Role implements SystemIDs
|
||||||
+ " AND w.Name NOT LIKE '%(all)%'";
|
+ " AND w.Name NOT LIKE '%(all)%'";
|
||||||
}
|
}
|
||||||
if (roleAccessLevelWin == null)
|
if (roleAccessLevelWin == null)
|
||||||
roleAccessLevelWin = roleAccessLevel;
|
roleAccessLevelWin = roleAccessLevel;
|
||||||
//
|
|
||||||
String whereDel = " WHERE AD_Role_ID=" + getAD_Role_ID();
|
if (reset)
|
||||||
//
|
deleteAccessRecords();
|
||||||
int winDel = DB.executeUpdate("DELETE FROM AD_Window_Access" + whereDel, get_TrxName());
|
|
||||||
int win = DB.executeUpdate(sqlWindow + roleAccessLevelWin, get_TrxName());
|
|
||||||
int procDel = DB.executeUpdate("DELETE FROM AD_Process_Access" + whereDel, get_TrxName());
|
|
||||||
int proc = DB.executeUpdate(sqlProcess + roleAccessLevel, get_TrxName());
|
|
||||||
int formDel = DB.executeUpdate("DELETE FROM AD_Form_Access" + whereDel, get_TrxName());
|
|
||||||
int form = DB.executeUpdate(sqlForm + roleAccessLevel, get_TrxName());
|
|
||||||
int wfDel = DB.executeUpdate("DELETE FROM AD_WorkFlow_Access" + whereDel, get_TrxName());
|
|
||||||
int wf = DB.executeUpdate(sqlWorkflow + roleAccessLevel, get_TrxName());
|
|
||||||
int docactDel = DB.executeUpdate("DELETE FROM AD_Document_Action_Access" + whereDel, get_TrxName());
|
|
||||||
int docact = DB.executeUpdate(sqlDocAction, get_TrxName());
|
|
||||||
|
|
||||||
log.fine("AD_Window_ID=" + winDel + "+" + win
|
int win = DB.executeUpdate(sqlWindow + roleAccessLevelWin, get_TrxName());
|
||||||
+ ", AD_Process_ID=" + procDel + "+" + proc
|
int proc = DB.executeUpdate(sqlProcess + roleAccessLevel, get_TrxName());
|
||||||
+ ", AD_Form_ID=" + formDel + "+" + form
|
int form = DB.executeUpdate(sqlForm + roleAccessLevel, get_TrxName());
|
||||||
+ ", AD_Workflow_ID=" + wfDel + "+" + wf
|
int wf = DB.executeUpdate(sqlWorkflow + roleAccessLevel, get_TrxName());
|
||||||
+ ", AD_Document_Action_Access=" + docactDel + "+" + docact);
|
int docact = DB.executeUpdate(sqlDocAction, get_TrxName());
|
||||||
|
|
||||||
loadAccess(true);
|
loadAccess(true);
|
||||||
return "@AD_Window_ID@ #" + win
|
return "@AD_Window_ID@ #" + win
|
||||||
|
|
Loading…
Reference in New Issue