IDEMPIERE-162 Let Process Role Access Update honor previous modifications to permissions

http://jira.idempiere.com/browse/IDEMPIERE-162
Peer reviewed, tested and integrated by Carlos Ruiz - globalqss
This commit is contained in:
Hesham S. Ahmed 2012-05-23 09:42:51 -05:00
parent d858e4b230
commit fcd0f768e2
4 changed files with 86 additions and 40 deletions

View File

@ -0,0 +1,15 @@
-- Mar 19, 2012 2:15:08 AM AST
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
INSERT INTO AD_Process_Para (IsRange,AD_Process_Para_ID,FieldLength,AD_Process_ID,IsCentrallyMaintained,AD_Reference_ID,SeqNo,IsMandatory,DefaultValue,EntityType,Name,ColumnName,Description,IsActive,AD_Client_ID,UpdatedBy,Updated,CreatedBy,Created,AD_Org_ID) VALUES ('N',200007,0,295,'Y',20,30,'N','Y','D','Reset Existing Access','ResetAccess','Reset Existing Access','Y',0,100,TO_DATE('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),100,TO_DATE('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),0)
;
-- Mar 19, 2012 2:15:08 AM AST
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
INSERT INTO AD_Process_Para_Trl (AD_Language,AD_Process_Para_ID, Help,Name,Description, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy) SELECT l.AD_Language,t.AD_Process_Para_ID, t.Help,t.Name,t.Description, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy FROM AD_Language l, AD_Process_Para t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Process_Para_ID=200007 AND NOT EXISTS (SELECT * FROM AD_Process_Para_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Process_Para_ID=t.AD_Process_Para_ID)
;
UPDATE AD_System
SET LastMigrationScriptApplied='839_IDEMPIERE-162.sql'
WHERE LastMigrationScriptApplied<'839_IDEMPIERE-162.sql'
OR LastMigrationScriptApplied IS NULL
;

View File

@ -0,0 +1,15 @@
-- Mar 19, 2012 2:15:08 AM AST
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
INSERT INTO AD_Process_Para (IsRange,AD_Process_Para_ID,FieldLength,AD_Process_ID,IsCentrallyMaintained,AD_Reference_ID,SeqNo,IsMandatory,DefaultValue,EntityType,Name,ColumnName,Description,IsActive,AD_Client_ID,UpdatedBy,Updated,CreatedBy,Created,AD_Org_ID) VALUES ('N',200007,0,295,'Y',20,30,'N','Y','D','Reset Existing Access','ResetAccess','Reset Existing Access','Y',0,100,TO_TIMESTAMP('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),100,TO_TIMESTAMP('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),0)
;
-- Mar 19, 2012 2:15:08 AM AST
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
INSERT INTO AD_Process_Para_Trl (AD_Language,AD_Process_Para_ID, Help,Name,Description, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy) SELECT l.AD_Language,t.AD_Process_Para_ID, t.Help,t.Name,t.Description, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy FROM AD_Language l, AD_Process_Para t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Process_Para_ID=200007 AND NOT EXISTS (SELECT * FROM AD_Process_Para_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Process_Para_ID=t.AD_Process_Para_ID)
;
UPDATE AD_System
SET LastMigrationScriptApplied='839_IDEMPIERE-162.sql'
WHERE LastMigrationScriptApplied<'839_IDEMPIERE-162.sql'
OR LastMigrationScriptApplied IS NULL
;

View File

@ -46,6 +46,8 @@ public class RoleAccessUpdate extends SvrProcess
private int p_AD_Role_ID = -1;
/** Update Roles of Client */
private int p_AD_Client_ID = -1;
/** Reset Existing Access */
private boolean p_IsReset = true;
/**
@ -63,6 +65,8 @@ public class RoleAccessUpdate extends SvrProcess
p_AD_Role_ID = para[i].getParameterAsInt();
else if (name.equals("AD_Client_ID"))
p_AD_Client_ID = para[i].getParameterAsInt();
else if (name.equals("ResetAccess"))
p_IsReset = "Y".equals(para[i].getParameter());
else
log.log(Level.SEVERE, "Unknown Parameter: " + name);
}
@ -117,7 +121,7 @@ public class RoleAccessUpdate extends SvrProcess
private void updateRole (MRole role)
{
addLog(0, null, null, role.getName() + ": "
+ role.updateAccessRecords());
+ role.updateAccessRecords(p_IsReset));
} // updateRole
//add main method, preparing for nightly build

View File

@ -398,12 +398,22 @@ public final class MRole extends X_AD_Role implements SystemIDs
return success;
} // afterDelete
/**
* Create Access Records
* @return info
*/
public String updateAccessRecords ()
{
return updateAccessRecords(true);
}
/**
* Create Access Records
* @param reset true will reset existing access
* @return info
*/
public String updateAccessRecords (boolean reset)
{
if (isManual())
return "-";
@ -420,7 +430,10 @@ public final class MRole extends X_AD_Role implements SystemIDs
+ "FROM AD_Window w"
+ " INNER JOIN AD_Tab t ON (w.AD_Window_ID=t.AD_Window_ID)"
+ " INNER JOIN AD_Table tt ON (t.AD_Table_ID=tt.AD_Table_ID) "
+ "WHERE t.SeqNo=(SELECT MIN(SeqNo) FROM AD_Tab xt " // only check first tab
+ " LEFT JOIN AD_Window_Access wa ON "
+ "(wa.AD_Role_ID=" + getAD_Role_ID()
+ " AND w.AD_Window_ID = wa.AD_Window_ID) "
+ "WHERE wa.AD_Window_ID IS NULL AND t.SeqNo=(SELECT MIN(SeqNo) FROM AD_Tab xt " // only check first tab
+ "WHERE xt.AD_Window_ID=w.AD_Window_ID)"
+ "AND tt.AccessLevel IN ";
@ -428,22 +441,28 @@ public final class MRole extends X_AD_Role implements SystemIDs
+ "(AD_Process_ID, AD_Role_ID,"
+ " AD_Client_ID, AD_Org_ID, IsActive, Created, CreatedBy, Updated, UpdatedBy, IsReadWrite) "
+ "SELECT DISTINCT p.AD_Process_ID, " + roleClientOrgUser
+ "FROM AD_Process p "
+ "WHERE AccessLevel IN ";
+ "FROM AD_Process p LEFT JOIN AD_Process_Access pa ON "
+ "(pa.AD_Role_ID=" + getAD_Role_ID()
+ " AND p.AD_Process_ID = pa.AD_Process_ID) "
+ "WHERE pa.AD_Process_ID IS NULL AND AccessLevel IN ";
String sqlForm = "INSERT INTO AD_Form_Access "
+ "(AD_Form_ID, AD_Role_ID,"
+ " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) "
+ "SELECT f.AD_Form_ID, " + roleClientOrgUser
+ "FROM AD_Form f "
+ "WHERE AccessLevel IN ";
+ "FROM AD_Form f LEFT JOIN AD_Form_Access fa ON "
+ "(fa.AD_Role_ID=" + getAD_Role_ID()
+ " AND f.AD_Form_ID = fa.AD_Form_ID) "
+ "WHERE fa.AD_Form_ID IS NULL AND AccessLevel IN ";
String sqlWorkflow = "INSERT INTO AD_WorkFlow_Access "
+ "(AD_WorkFlow_ID, AD_Role_ID,"
+ " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) "
+ "SELECT w.AD_WorkFlow_ID, " + roleClientOrgUser
+ "FROM AD_WorkFlow w "
+ "WHERE AccessLevel IN ";
+ "FROM AD_WorkFlow w LEFT JOIN AD_WorkFlow_Access wa ON "
+ "(wa.AD_Role_ID=" + getAD_Role_ID()
+ " AND w.AD_WorkFlow_ID = wa.AD_WorkFlow_ID) "
+ "WHERE wa.AD_WorkFlow_ID IS NULL AND AccessLevel IN ";
String sqlDocAction = "INSERT INTO AD_Document_Action_Access "
+ "(AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,"
@ -457,7 +476,10 @@ public final class MRole extends X_AD_Role implements SystemIDs
+ "INNER JOIN AD_Ref_List action ON (action.AD_Reference_ID=135) "
+ "INNER JOIN AD_Role rol ON (rol.AD_Client_ID=client.AD_Client_ID "
+ "AND rol.AD_Role_ID=" + getAD_Role_ID()
+ ") )";
+ ") LEFT JOIN AD_Document_Action_Access da ON "
+ "(da.AD_Role_ID=" + getAD_Role_ID()
+ " AND da.C_DocType_ID=doctype.C_DocType_ID AND da.AD_Ref_List_ID=action.AD_Ref_List_ID) "
+ "WHERE (da.C_DocType_ID IS NULL AND da.AD_Ref_List_ID IS NULL)) ";
/**
@ -490,25 +512,15 @@ public final class MRole extends X_AD_Role implements SystemIDs
}
if (roleAccessLevelWin == null)
roleAccessLevelWin = roleAccessLevel;
//
String whereDel = " WHERE AD_Role_ID=" + getAD_Role_ID();
//
int winDel = DB.executeUpdate("DELETE FROM AD_Window_Access" + whereDel, get_TrxName());
int win = DB.executeUpdate(sqlWindow + roleAccessLevelWin, get_TrxName());
int procDel = DB.executeUpdate("DELETE FROM AD_Process_Access" + whereDel, get_TrxName());
int proc = DB.executeUpdate(sqlProcess + roleAccessLevel, get_TrxName());
int formDel = DB.executeUpdate("DELETE FROM AD_Form_Access" + whereDel, get_TrxName());
int form = DB.executeUpdate(sqlForm + roleAccessLevel, get_TrxName());
int wfDel = DB.executeUpdate("DELETE FROM AD_WorkFlow_Access" + whereDel, get_TrxName());
int wf = DB.executeUpdate(sqlWorkflow + roleAccessLevel, get_TrxName());
int docactDel = DB.executeUpdate("DELETE FROM AD_Document_Action_Access" + whereDel, get_TrxName());
int docact = DB.executeUpdate(sqlDocAction, get_TrxName());
log.fine("AD_Window_ID=" + winDel + "+" + win
+ ", AD_Process_ID=" + procDel + "+" + proc
+ ", AD_Form_ID=" + formDel + "+" + form
+ ", AD_Workflow_ID=" + wfDel + "+" + wf
+ ", AD_Document_Action_Access=" + docactDel + "+" + docact);
if (reset)
deleteAccessRecords();
int win = DB.executeUpdate(sqlWindow + roleAccessLevelWin, get_TrxName());
int proc = DB.executeUpdate(sqlProcess + roleAccessLevel, get_TrxName());
int form = DB.executeUpdate(sqlForm + roleAccessLevel, get_TrxName());
int wf = DB.executeUpdate(sqlWorkflow + roleAccessLevel, get_TrxName());
int docact = DB.executeUpdate(sqlDocAction, get_TrxName());
loadAccess(true);
return "@AD_Window_ID@ #" + win