midsuit
/
core-jgi
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDEMPIERE-1624 Restrict access to System dashboards / based on patch from Nicolas Micoud (nmicoud)

This commit is contained in:
Carlos Ruiz 2013-12-11 10:11:50 -05:00
parent b1def62912
commit 074be8ab1a
2 changed files with 62 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
org.adempiere.base/src/org/compiere/model/MDashboardContentAccess.java
View File

@ -54,15 +54,17 @@ public class MDashboardContentAccess extends X_PA_DashboardContent_Access {
parameters.add(AD_Client_ID); parameters.add(AD_Client_ID);
StringBuffer sql= new StringBuffer(); StringBuffer sql= new StringBuffer();
// First part : dashboards not configured in access and flagged to be shown in login (this is intended to show new dashboards, otherwise new dashboards won't be shown unless the user go and configure them)
sql.append("SELECT PA_DashboardContent_ID,ColumnNo ") sql.append("SELECT PA_DashboardContent_ID,ColumnNo ")
.append(" FROM PA_DashboardContent ") .append(" FROM PA_DashboardContent ")
.append(" WHERE PA_DashboardContent_ID NOT IN (") .append(" WHERE PA_DashboardContent_ID NOT IN (")
.append(" SELECT PA_DashboardContent_ID ") .append(" SELECT PA_DashboardContent_ID ")
.append(" FROM PA_DashboardContent_Access" ) .append(" FROM PA_DashboardContent_Access" )
.append(" WHERE IsActive='Y' AND AD_Client_ID IN (0, ?))") .append(" WHERE AD_Client_ID IN (0, ?))")
.append(" AND IsShowInLogin='Y'") .append(" AND IsShowInLogin='Y'")
.append(" AND IsActive='Y' AND AD_Client_ID IN (0, ?)") .append(" AND IsActive='Y' AND AD_Client_ID IN (0, ?)")
.append(" UNION ALL") .append(" UNION ALL")
// Second part : second part is to process the dashboards configured in content access
.append(" SELECT ct.PA_DashboardContent_ID,ct.ColumnNo") .append(" SELECT ct.PA_DashboardContent_ID,ct.ColumnNo")
.append(" FROM PA_DashboardContent ct") .append(" FROM PA_DashboardContent ct")
.append(" INNER JOIN PA_DashboardContent_Access cta on (ct.PA_DashboardContent_ID = cta.PA_DashboardContent_ID)") .append(" INNER JOIN PA_DashboardContent_Access cta on (ct.PA_DashboardContent_ID = cta.PA_DashboardContent_ID)")
@ -70,13 +72,12 @@ public class MDashboardContentAccess extends X_PA_DashboardContent_Access {
.append(" AND ct.IsActive='Y'"); .append(" AND ct.IsActive='Y'");
if(AD_Role >= 0) { if(AD_Role >= 0) {
sql.append(" AND coalesce(cta.AD_Role_ID, ?) = ?"); sql.append(" AND COALESCE(cta.AD_Role_ID, ?) = ?");
parameters.add(AD_Role); parameters.add(AD_Role);
parameters.add(AD_Role); parameters.add(AD_Role);
} }
if (AD_User >= 0) { if (AD_User >= 0) {
sql.append(" AND coalesce(cta.AD_User_ID, ?) = ?"); sql.append(" AND COALESCE(cta.AD_User_ID, ?) = ?");
parameters.add(AD_User); parameters.add(AD_User);
parameters.add(AD_User); parameters.add(AD_User);
} }
@ -84,6 +85,21 @@ public class MDashboardContentAccess extends X_PA_DashboardContent_Access {
sql.append(" AND cta.AD_Client_ID in (0,?)"); sql.append(" AND cta.AD_Client_ID in (0,?)");
parameters.add(AD_Client_ID); parameters.add(AD_Client_ID);
// New part : remove dashboard if inactive records
sql.append(" AND ct.PA_DashboardContent_ID NOT IN (SELECT PA_DashboardContent_ID FROM PA_DashboardContent_Access WHERE IsActive='N' AND ct.AD_Client_ID in (0,?)");
parameters.add(AD_Client_ID);
if (AD_Role >= 0) {
sql.append(" AND COALESCE(ct.AD_Role_ID, ?) = ?");
parameters.add(AD_Role);
parameters.add(AD_Role);
}
if (AD_User >= 0) {
sql.append(" AND COALESCE(ct.AD_User_ID, ?) = ?");
parameters.add(AD_User);
parameters.add(AD_User);
}
sql.append(")");
sql.append(" ORDER BY ColumnNo"); sql.append(" ORDER BY ColumnNo");
PreparedStatement pstmt=null; PreparedStatement pstmt=null;

44
org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/window/WGadgets.java
View File

@ -230,51 +230,57 @@ public class WGadgets extends Window implements EventListener<Event>{
{ {
Properties ctx = Env.getCtx(); Properties ctx = Env.getCtx();
int AD_CLient_ID =Env.getAD_Client_ID(ctx); int AD_Client_ID =Env.getAD_Client_ID(ctx);
int AD_Role_ID = Env.getAD_Role_ID(ctx); int AD_Role_ID = Env.getAD_Role_ID(ctx);
int AD_User_ID = Env.getAD_User_ID(ctx); int AD_User_ID = Env.getAD_User_ID(ctx);
noItems.removeAll(noItems); noItems.removeAll(noItems);
yesItems.removeAll(yesItems); yesItems.removeAll(yesItems);
String query = " SELECT ct.PA_DashboardContent_ID, ct.Name " String query = ""
+ "SELECT ct.PA_DashboardContent_ID, "
+ " ct.Name "
+ "FROM PA_DashboardContent ct " + "FROM PA_DashboardContent ct "
+ "WHERE ct.AD_Client_ID IN ( 0, ? ) " + "WHERE ct.AD_Client_ID IN ( 0, ? ) "
+ " AND ct.IsActive = 'Y' " + " AND ct.IsActive = 'Y' "
+" AND ct.PA_DashboardContent_ID NOT IN (" + " AND ct.PA_DashboardContent_ID NOT IN (SELECT pre.PA_DashboardContent_ID "
+" SELECT pre.PA_DashboardContent_ID"
+ " FROM PA_DashboardPreference pre " + " FROM PA_DashboardPreference pre "
+ " WHERE pre.AD_Client_ID IN ( 0, ? ) " + " WHERE pre.AD_Client_ID IN ( 0, ? ) "
+ " AND pre.AD_Role_ID = ? " + " AND pre.AD_Role_ID = ? "
+ " AND pre.AD_User_ID = ? " + " AND pre.AD_User_ID = ? "
+ " AND pre.AD_Org_ID = 0 " + " AND pre.AD_Org_ID = 0 "
+ " AND pre.IsActive = 'Y') " + " AND pre.IsActive = 'Y') "
+" AND (" + " AND ( ct.PA_DashboardContent_ID NOT IN (SELECT cta.PA_DashboardContent_ID "
+" ct.PA_DashboardContent_ID NOT IN ( SELECT PA_DashboardContent_ID " + " FROM PA_DashboardContent_Access cta "
+" FROM PA_DashboardContent_Access" + " WHERE cta.IsActive = 'N' "
+" WHERE IsActive='Y' AND AD_Client_ID IN (0, ?))" + " AND COALESCE(cta.AD_Role_ID, ?) = ? "
+ " AND COALESCE(cta.AD_User_ID, ?) = ? "
+ " AND cta.AD_Client_ID IN ( 0, ? )) "
+ " OR ct.PA_DashboardContent_ID IN (SELECT cta.PA_DashboardContent_ID " + " OR ct.PA_DashboardContent_ID IN (SELECT cta.PA_DashboardContent_ID "
+ " FROM PA_DashboardContent_Access cta " + " FROM PA_DashboardContent_Access cta "
+ " WHERE cta.IsActive = 'Y' " + " WHERE cta.IsActive = 'Y' "
+" AND coalesce(cta.AD_Role_ID, ?) = ?" + " AND COALESCE(cta.AD_Role_ID, ?) = ? "
+" AND coalesce(cta.AD_User_ID, ?) = ?" + " AND COALESCE(cta.AD_User_ID, ?) = ? "
+" AND cta.AD_Client_ID in (0,?) ) " + " AND cta.AD_Client_ID IN ( 0, ? )) ) ";
+" )";
ResultSet rs = null; ResultSet rs = null;
PreparedStatement pstmt = null; PreparedStatement pstmt = null;
try { try {
pstmt = DB.prepareStatement(query, null); pstmt = DB.prepareStatement(query, null);
pstmt.setInt(1, AD_CLient_ID); pstmt.setInt(1, AD_Client_ID);
pstmt.setInt(2, AD_CLient_ID); pstmt.setInt(2, AD_Client_ID);
pstmt.setInt(3, AD_Role_ID); pstmt.setInt(3, AD_Role_ID);
pstmt.setInt(4, AD_User_ID); pstmt.setInt(4, AD_User_ID);
pstmt.setInt(5, AD_CLient_ID); pstmt.setInt(5, AD_Role_ID);
pstmt.setInt(6, AD_Role_ID); pstmt.setInt(6, AD_Role_ID);
pstmt.setInt(7, AD_Role_ID); pstmt.setInt(7, AD_User_ID);
pstmt.setInt(8, AD_User_ID); pstmt.setInt(8, AD_User_ID);
pstmt.setInt(9, AD_User_ID); pstmt.setInt(9, AD_Client_ID);
pstmt.setInt(10, AD_CLient_ID); pstmt.setInt(10, AD_Role_ID);
pstmt.setInt(11, AD_Role_ID);
pstmt.setInt(12, AD_User_ID);
pstmt.setInt(13, AD_User_ID);
pstmt.setInt(14, AD_Client_ID);
rs = pstmt.executeQuery(); rs = pstmt.executeQuery();
while (rs.next()) { while (rs.next()) {
@ -298,7 +304,7 @@ public class WGadgets extends Window implements EventListener<Event>{
+" AND IsActive='Y'"; +" AND IsActive='Y'";
Query query1 =new Query(ctx,MDashboardPreference.Table_Name, where, null); Query query1 =new Query(ctx,MDashboardPreference.Table_Name, where, null);
query1.setParameters(new Object[]{AD_User_ID,AD_Role_ID ,AD_CLient_ID}); query1.setParameters(new Object[]{AD_User_ID,AD_Role_ID ,AD_Client_ID});
List<MDashboardPreference> preference=query1.list(); List<MDashboardPreference> preference=query1.list();
if(preference.size() > 0){ if(preference.size() > 0){