IDEMPIERE-162 Let Process Role Access Update honor previous modifications to permissions
http://jira.idempiere.com/browse/IDEMPIERE-162 Peer reviewed, tested and integrated by Carlos Ruiz - globalqss
This commit is contained in:
parent
d858e4b230
commit
fcd0f768e2
|
@ -0,0 +1,15 @@
|
|||
-- Mar 19, 2012 2:15:08 AM AST
|
||||
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
|
||||
INSERT INTO AD_Process_Para (IsRange,AD_Process_Para_ID,FieldLength,AD_Process_ID,IsCentrallyMaintained,AD_Reference_ID,SeqNo,IsMandatory,DefaultValue,EntityType,Name,ColumnName,Description,IsActive,AD_Client_ID,UpdatedBy,Updated,CreatedBy,Created,AD_Org_ID) VALUES ('N',200007,0,295,'Y',20,30,'N','Y','D','Reset Existing Access','ResetAccess','Reset Existing Access','Y',0,100,TO_DATE('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),100,TO_DATE('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),0)
|
||||
;
|
||||
|
||||
-- Mar 19, 2012 2:15:08 AM AST
|
||||
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
|
||||
INSERT INTO AD_Process_Para_Trl (AD_Language,AD_Process_Para_ID, Help,Name,Description, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy) SELECT l.AD_Language,t.AD_Process_Para_ID, t.Help,t.Name,t.Description, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy FROM AD_Language l, AD_Process_Para t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Process_Para_ID=200007 AND NOT EXISTS (SELECT * FROM AD_Process_Para_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Process_Para_ID=t.AD_Process_Para_ID)
|
||||
;
|
||||
|
||||
UPDATE AD_System
|
||||
SET LastMigrationScriptApplied='839_IDEMPIERE-162.sql'
|
||||
WHERE LastMigrationScriptApplied<'839_IDEMPIERE-162.sql'
|
||||
OR LastMigrationScriptApplied IS NULL
|
||||
;
|
|
@ -0,0 +1,15 @@
|
|||
-- Mar 19, 2012 2:15:08 AM AST
|
||||
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
|
||||
INSERT INTO AD_Process_Para (IsRange,AD_Process_Para_ID,FieldLength,AD_Process_ID,IsCentrallyMaintained,AD_Reference_ID,SeqNo,IsMandatory,DefaultValue,EntityType,Name,ColumnName,Description,IsActive,AD_Client_ID,UpdatedBy,Updated,CreatedBy,Created,AD_Org_ID) VALUES ('N',200007,0,295,'Y',20,30,'N','Y','D','Reset Existing Access','ResetAccess','Reset Existing Access','Y',0,100,TO_TIMESTAMP('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),100,TO_TIMESTAMP('2012-03-19 02:15:08','YYYY-MM-DD HH24:MI:SS'),0)
|
||||
;
|
||||
|
||||
-- Mar 19, 2012 2:15:08 AM AST
|
||||
-- IDEMPIERE-162 Fix Role Access Update to honour Existing permissions
|
||||
INSERT INTO AD_Process_Para_Trl (AD_Language,AD_Process_Para_ID, Help,Name,Description, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy) SELECT l.AD_Language,t.AD_Process_Para_ID, t.Help,t.Name,t.Description, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy FROM AD_Language l, AD_Process_Para t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Process_Para_ID=200007 AND NOT EXISTS (SELECT * FROM AD_Process_Para_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Process_Para_ID=t.AD_Process_Para_ID)
|
||||
;
|
||||
|
||||
UPDATE AD_System
|
||||
SET LastMigrationScriptApplied='839_IDEMPIERE-162.sql'
|
||||
WHERE LastMigrationScriptApplied<'839_IDEMPIERE-162.sql'
|
||||
OR LastMigrationScriptApplied IS NULL
|
||||
;
|
|
@ -46,6 +46,8 @@ public class RoleAccessUpdate extends SvrProcess
|
|||
private int p_AD_Role_ID = -1;
|
||||
/** Update Roles of Client */
|
||||
private int p_AD_Client_ID = -1;
|
||||
/** Reset Existing Access */
|
||||
private boolean p_IsReset = true;
|
||||
|
||||
|
||||
/**
|
||||
|
@ -63,6 +65,8 @@ public class RoleAccessUpdate extends SvrProcess
|
|||
p_AD_Role_ID = para[i].getParameterAsInt();
|
||||
else if (name.equals("AD_Client_ID"))
|
||||
p_AD_Client_ID = para[i].getParameterAsInt();
|
||||
else if (name.equals("ResetAccess"))
|
||||
p_IsReset = "Y".equals(para[i].getParameter());
|
||||
else
|
||||
log.log(Level.SEVERE, "Unknown Parameter: " + name);
|
||||
}
|
||||
|
@ -117,7 +121,7 @@ public class RoleAccessUpdate extends SvrProcess
|
|||
private void updateRole (MRole role)
|
||||
{
|
||||
addLog(0, null, null, role.getName() + ": "
|
||||
+ role.updateAccessRecords());
|
||||
+ role.updateAccessRecords(p_IsReset));
|
||||
} // updateRole
|
||||
|
||||
//add main method, preparing for nightly build
|
||||
|
|
|
@ -398,12 +398,22 @@ public final class MRole extends X_AD_Role implements SystemIDs
|
|||
return success;
|
||||
} // afterDelete
|
||||
|
||||
|
||||
/**
|
||||
* Create Access Records
|
||||
* @return info
|
||||
*/
|
||||
public String updateAccessRecords ()
|
||||
{
|
||||
return updateAccessRecords(true);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Create Access Records
|
||||
* @param reset true will reset existing access
|
||||
* @return info
|
||||
*/
|
||||
public String updateAccessRecords (boolean reset)
|
||||
{
|
||||
if (isManual())
|
||||
return "-";
|
||||
|
@ -420,30 +430,39 @@ public final class MRole extends X_AD_Role implements SystemIDs
|
|||
+ "FROM AD_Window w"
|
||||
+ " INNER JOIN AD_Tab t ON (w.AD_Window_ID=t.AD_Window_ID)"
|
||||
+ " INNER JOIN AD_Table tt ON (t.AD_Table_ID=tt.AD_Table_ID) "
|
||||
+ "WHERE t.SeqNo=(SELECT MIN(SeqNo) FROM AD_Tab xt " // only check first tab
|
||||
+ " LEFT JOIN AD_Window_Access wa ON "
|
||||
+ "(wa.AD_Role_ID=" + getAD_Role_ID()
|
||||
+ " AND w.AD_Window_ID = wa.AD_Window_ID) "
|
||||
+ "WHERE wa.AD_Window_ID IS NULL AND t.SeqNo=(SELECT MIN(SeqNo) FROM AD_Tab xt " // only check first tab
|
||||
+ "WHERE xt.AD_Window_ID=w.AD_Window_ID)"
|
||||
+ "AND tt.AccessLevel IN ";
|
||||
|
||||
String sqlProcess = "INSERT INTO AD_Process_Access "
|
||||
+ "(AD_Process_ID, AD_Role_ID,"
|
||||
+ " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) "
|
||||
+ " AD_Client_ID, AD_Org_ID, IsActive, Created, CreatedBy, Updated, UpdatedBy, IsReadWrite) "
|
||||
+ "SELECT DISTINCT p.AD_Process_ID, " + roleClientOrgUser
|
||||
+ "FROM AD_Process p "
|
||||
+ "WHERE AccessLevel IN ";
|
||||
+ "FROM AD_Process p LEFT JOIN AD_Process_Access pa ON "
|
||||
+ "(pa.AD_Role_ID=" + getAD_Role_ID()
|
||||
+ " AND p.AD_Process_ID = pa.AD_Process_ID) "
|
||||
+ "WHERE pa.AD_Process_ID IS NULL AND AccessLevel IN ";
|
||||
|
||||
String sqlForm = "INSERT INTO AD_Form_Access "
|
||||
+ "(AD_Form_ID, AD_Role_ID,"
|
||||
+ " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) "
|
||||
+ "SELECT f.AD_Form_ID, " + roleClientOrgUser
|
||||
+ "FROM AD_Form f "
|
||||
+ "WHERE AccessLevel IN ";
|
||||
+ "FROM AD_Form f LEFT JOIN AD_Form_Access fa ON "
|
||||
+ "(fa.AD_Role_ID=" + getAD_Role_ID()
|
||||
+ " AND f.AD_Form_ID = fa.AD_Form_ID) "
|
||||
+ "WHERE fa.AD_Form_ID IS NULL AND AccessLevel IN ";
|
||||
|
||||
String sqlWorkflow = "INSERT INTO AD_WorkFlow_Access "
|
||||
+ "(AD_WorkFlow_ID, AD_Role_ID,"
|
||||
+ " AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,IsReadWrite) "
|
||||
+ "SELECT w.AD_WorkFlow_ID, " + roleClientOrgUser
|
||||
+ "FROM AD_WorkFlow w "
|
||||
+ "WHERE AccessLevel IN ";
|
||||
+ "FROM AD_WorkFlow w LEFT JOIN AD_WorkFlow_Access wa ON "
|
||||
+ "(wa.AD_Role_ID=" + getAD_Role_ID()
|
||||
+ " AND w.AD_WorkFlow_ID = wa.AD_WorkFlow_ID) "
|
||||
+ "WHERE wa.AD_WorkFlow_ID IS NULL AND AccessLevel IN ";
|
||||
|
||||
String sqlDocAction = "INSERT INTO AD_Document_Action_Access "
|
||||
+ "(AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,"
|
||||
|
@ -457,7 +476,10 @@ public final class MRole extends X_AD_Role implements SystemIDs
|
|||
+ "INNER JOIN AD_Ref_List action ON (action.AD_Reference_ID=135) "
|
||||
+ "INNER JOIN AD_Role rol ON (rol.AD_Client_ID=client.AD_Client_ID "
|
||||
+ "AND rol.AD_Role_ID=" + getAD_Role_ID()
|
||||
+ ") )";
|
||||
+ ") LEFT JOIN AD_Document_Action_Access da ON "
|
||||
+ "(da.AD_Role_ID=" + getAD_Role_ID()
|
||||
+ " AND da.C_DocType_ID=doctype.C_DocType_ID AND da.AD_Ref_List_ID=action.AD_Ref_List_ID) "
|
||||
+ "WHERE (da.C_DocType_ID IS NULL AND da.AD_Ref_List_ID IS NULL)) ";
|
||||
|
||||
|
||||
/**
|
||||
|
@ -490,25 +512,15 @@ public final class MRole extends X_AD_Role implements SystemIDs
|
|||
}
|
||||
if (roleAccessLevelWin == null)
|
||||
roleAccessLevelWin = roleAccessLevel;
|
||||
//
|
||||
String whereDel = " WHERE AD_Role_ID=" + getAD_Role_ID();
|
||||
//
|
||||
int winDel = DB.executeUpdate("DELETE FROM AD_Window_Access" + whereDel, get_TrxName());
|
||||
int win = DB.executeUpdate(sqlWindow + roleAccessLevelWin, get_TrxName());
|
||||
int procDel = DB.executeUpdate("DELETE FROM AD_Process_Access" + whereDel, get_TrxName());
|
||||
int proc = DB.executeUpdate(sqlProcess + roleAccessLevel, get_TrxName());
|
||||
int formDel = DB.executeUpdate("DELETE FROM AD_Form_Access" + whereDel, get_TrxName());
|
||||
int form = DB.executeUpdate(sqlForm + roleAccessLevel, get_TrxName());
|
||||
int wfDel = DB.executeUpdate("DELETE FROM AD_WorkFlow_Access" + whereDel, get_TrxName());
|
||||
int wf = DB.executeUpdate(sqlWorkflow + roleAccessLevel, get_TrxName());
|
||||
int docactDel = DB.executeUpdate("DELETE FROM AD_Document_Action_Access" + whereDel, get_TrxName());
|
||||
int docact = DB.executeUpdate(sqlDocAction, get_TrxName());
|
||||
|
||||
log.fine("AD_Window_ID=" + winDel + "+" + win
|
||||
+ ", AD_Process_ID=" + procDel + "+" + proc
|
||||
+ ", AD_Form_ID=" + formDel + "+" + form
|
||||
+ ", AD_Workflow_ID=" + wfDel + "+" + wf
|
||||
+ ", AD_Document_Action_Access=" + docactDel + "+" + docact);
|
||||
if (reset)
|
||||
deleteAccessRecords();
|
||||
|
||||
int win = DB.executeUpdate(sqlWindow + roleAccessLevelWin, get_TrxName());
|
||||
int proc = DB.executeUpdate(sqlProcess + roleAccessLevel, get_TrxName());
|
||||
int form = DB.executeUpdate(sqlForm + roleAccessLevel, get_TrxName());
|
||||
int wf = DB.executeUpdate(sqlWorkflow + roleAccessLevel, get_TrxName());
|
||||
int docact = DB.executeUpdate(sqlDocAction, get_TrxName());
|
||||
|
||||
loadAccess(true);
|
||||
return "@AD_Window_ID@ #" + win
|
||||
|
|
Loading…
Reference in New Issue