midsuit
/
core-jgi
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDEMPIERE-1624 Restrict access to System dashboards / based on patch from Nicolas Micoud (nmicoud)

This commit is contained in:
Carlos Ruiz 2013-12-11 10:11:50 -05:00
parent b1def62912
commit 074be8ab1a
2 changed files with 62 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
org.adempiere.base/src/org/compiere/model/MDashboardContentAccess.java
View File

@ -54,38 +54,54 @@ public class MDashboardContentAccess extends X_PA_DashboardContent_Access {
parameters.add(AD_Client_ID); parameters.add(AD_Client_ID);
StringBuffer sql= new StringBuffer(); StringBuffer sql= new StringBuffer();
// First part : dashboards not configured in access and flagged to be shown in login (this is intended to show new dashboards, otherwise new dashboards won't be shown unless the user go and configure them)
sql.append("SELECT PA_DashboardContent_ID,ColumnNo ") sql.append("SELECT PA_DashboardContent_ID,ColumnNo ")
.append(" FROM PA_DashboardContent ") .append(" FROM PA_DashboardContent ")
.append(" WHERE PA_DashboardContent_ID NOT IN (") .append(" WHERE PA_DashboardContent_ID NOT IN (")
.append(" SELECT PA_DashboardContent_ID ") .append(" SELECT PA_DashboardContent_ID ")
.append(" FROM PA_DashboardContent_Access" ) .append(" FROM PA_DashboardContent_Access" )
.append(" WHERE IsActive='Y' AND AD_Client_ID IN (0, ?))") .append(" WHERE AD_Client_ID IN (0, ?))")
.append(" AND IsShowInLogin='Y'") .append(" AND IsShowInLogin='Y'")
.append(" AND IsActive='Y' AND AD_Client_ID IN (0, ?)") .append(" AND IsActive='Y' AND AD_Client_ID IN (0, ?)")
.append(" UNION ALL") .append(" UNION ALL")
// Second part : second part is to process the dashboards configured in content access
.append(" SELECT ct.PA_DashboardContent_ID,ct.ColumnNo") .append(" SELECT ct.PA_DashboardContent_ID,ct.ColumnNo")
.append(" FROM PA_DashboardContent ct") .append(" FROM PA_DashboardContent ct")
.append(" INNER JOIN PA_DashboardContent_Access cta on (ct.PA_DashboardContent_ID = cta.PA_DashboardContent_ID)") .append(" INNER JOIN PA_DashboardContent_Access cta on (ct.PA_DashboardContent_ID = cta.PA_DashboardContent_ID)")
.append(" WHERE cta.IsActive='Y'") .append(" WHERE cta.IsActive='Y'")
.append(" AND ct.IsActive='Y'"); .append(" AND ct.IsActive='Y'");
if(AD_Role >= 0){ if(AD_Role >= 0) {
sql.append(" AND coalesce(cta.AD_Role_ID, ?) = ?"); sql.append(" AND COALESCE(cta.AD_Role_ID, ?) = ?");
parameters.add(AD_Role); parameters.add(AD_Role);
parameters.add(AD_Role); parameters.add(AD_Role);
} }
if (AD_User >= 0) {
if (AD_User >= 0){ sql.append(" AND COALESCE(cta.AD_User_ID, ?) = ?");
sql.append(" AND coalesce(cta.AD_User_ID, ?) = ?");
parameters.add(AD_User); parameters.add(AD_User);
parameters.add(AD_User); parameters.add(AD_User);
} }
sql.append(" AND cta.AD_Client_ID in (0,?)"); sql.append(" AND cta.AD_Client_ID in (0,?)");
parameters.add(AD_Client_ID); parameters.add(AD_Client_ID);
// New part : remove dashboard if inactive records
sql.append(" AND ct.PA_DashboardContent_ID NOT IN (SELECT PA_DashboardContent_ID FROM PA_DashboardContent_Access WHERE IsActive='N' AND ct.AD_Client_ID in (0,?)");
parameters.add(AD_Client_ID);
if (AD_Role >= 0) {
sql.append(" AND COALESCE(ct.AD_Role_ID, ?) = ?");
parameters.add(AD_Role);
parameters.add(AD_Role);
}
if (AD_User >= 0) {
sql.append(" AND COALESCE(ct.AD_User_ID, ?) = ?");
parameters.add(AD_User);
parameters.add(AD_User);
}
sql.append(")");
sql.append(" ORDER BY ColumnNo"); sql.append(" ORDER BY ColumnNo");
PreparedStatement pstmt=null; PreparedStatement pstmt=null;
ResultSet rs = null; ResultSet rs = null;

70
org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/window/WGadgets.java
View File

@ -230,51 +230,57 @@ public class WGadgets extends Window implements EventListener<Event>{
{ {
Properties ctx = Env.getCtx(); Properties ctx = Env.getCtx();
int AD_CLient_ID =Env.getAD_Client_ID(ctx); int AD_Client_ID =Env.getAD_Client_ID(ctx);
int AD_Role_ID = Env.getAD_Role_ID(ctx); int AD_Role_ID = Env.getAD_Role_ID(ctx);
int AD_User_ID = Env.getAD_User_ID(ctx); int AD_User_ID = Env.getAD_User_ID(ctx);
noItems.removeAll(noItems); noItems.removeAll(noItems);
yesItems.removeAll(yesItems); yesItems.removeAll(yesItems);
String query = " SELECT ct.PA_DashboardContent_ID, ct.Name " String query = ""
+" FROM PA_DashboardContent ct" + "SELECT ct.PA_DashboardContent_ID, "
+" WHERE ct.AD_Client_ID IN (0,?)" + " ct.Name "
+" AND ct.IsActive='Y'" + "FROM PA_DashboardContent ct "
+" AND ct.PA_DashboardContent_ID NOT IN (" + "WHERE ct.AD_Client_ID IN ( 0, ? ) "
+" SELECT pre.PA_DashboardContent_ID" + " AND ct.IsActive = 'Y' "
+" FROM PA_DashboardPreference pre" + " AND ct.PA_DashboardContent_ID NOT IN (SELECT pre.PA_DashboardContent_ID "
+" WHERE pre.AD_Client_ID IN (0,?)" + " FROM PA_DashboardPreference pre "
+" AND pre.AD_Role_ID = ?" + " WHERE pre.AD_Client_ID IN ( 0, ? ) "
+" AND pre.AD_User_ID = ?" + " AND pre.AD_Role_ID = ? "
+" AND pre.AD_Org_ID=0 " + " AND pre.AD_User_ID = ? "
+" AND pre.IsActive='Y') " + " AND pre.AD_Org_ID = 0 "
+" AND (" + " AND pre.IsActive = 'Y') "
+" ct.PA_DashboardContent_ID NOT IN ( SELECT PA_DashboardContent_ID " + " AND ( ct.PA_DashboardContent_ID NOT IN (SELECT cta.PA_DashboardContent_ID "
+" FROM PA_DashboardContent_Access" + " FROM PA_DashboardContent_Access cta "
+" WHERE IsActive='Y' AND AD_Client_ID IN (0, ?))" + " WHERE cta.IsActive = 'N' "
+" OR ct.PA_DashboardContent_ID IN ( SELECT cta.PA_DashboardContent_ID " + " AND COALESCE(cta.AD_Role_ID, ?) = ? "
+" FROM PA_DashboardContent_Access cta " + " AND COALESCE(cta.AD_User_ID, ?) = ? "
+" WHERE cta.IsActive='Y'" + " AND cta.AD_Client_ID IN ( 0, ? )) "
+" AND coalesce(cta.AD_Role_ID, ?) = ?" + " OR ct.PA_DashboardContent_ID IN (SELECT cta.PA_DashboardContent_ID "
+" AND coalesce(cta.AD_User_ID, ?) = ?" + " FROM PA_DashboardContent_Access cta "
+" AND cta.AD_Client_ID in (0,?) ) " + " WHERE cta.IsActive = 'Y' "
+" )"; + " AND COALESCE(cta.AD_Role_ID, ?) = ? "
+ " AND COALESCE(cta.AD_User_ID, ?) = ? "
+ " AND cta.AD_Client_ID IN ( 0, ? )) ) ";
ResultSet rs = null; ResultSet rs = null;
PreparedStatement pstmt = null; PreparedStatement pstmt = null;
try { try {
pstmt = DB.prepareStatement(query, null); pstmt = DB.prepareStatement(query, null);
pstmt.setInt(1, AD_CLient_ID); pstmt.setInt(1, AD_Client_ID);
pstmt.setInt(2, AD_CLient_ID); pstmt.setInt(2, AD_Client_ID);
pstmt.setInt(3, AD_Role_ID); pstmt.setInt(3, AD_Role_ID);
pstmt.setInt(4, AD_User_ID); pstmt.setInt(4, AD_User_ID);
pstmt.setInt(5, AD_CLient_ID); pstmt.setInt(5, AD_Role_ID);
pstmt.setInt(6, AD_Role_ID); pstmt.setInt(6, AD_Role_ID);
pstmt.setInt(7, AD_Role_ID); pstmt.setInt(7, AD_User_ID);
pstmt.setInt(8, AD_User_ID); pstmt.setInt(8, AD_User_ID);
pstmt.setInt(9, AD_User_ID); pstmt.setInt(9, AD_Client_ID);
pstmt.setInt(10, AD_CLient_ID); pstmt.setInt(10, AD_Role_ID);
pstmt.setInt(11, AD_Role_ID);
pstmt.setInt(12, AD_User_ID);
pstmt.setInt(13, AD_User_ID);
pstmt.setInt(14, AD_Client_ID);
rs = pstmt.executeQuery(); rs = pstmt.executeQuery();
while (rs.next()) { while (rs.next()) {
@ -298,7 +304,7 @@ public class WGadgets extends Window implements EventListener<Event>{
+" AND IsActive='Y'"; +" AND IsActive='Y'";
Query query1 =new Query(ctx,MDashboardPreference.Table_Name, where, null); Query query1 =new Query(ctx,MDashboardPreference.Table_Name, where, null);
query1.setParameters(new Object[]{AD_User_ID,AD_Role_ID ,AD_CLient_ID}); query1.setParameters(new Object[]{AD_User_ID,AD_Role_ID ,AD_Client_ID});
List<MDashboardPreference> preference=query1.list(); List<MDashboardPreference> preference=query1.list();
if(preference.size() > 0){ if(preference.size() > 0){