From 1d5b87afbfdaa77259288a33fd053fac2daea216 Mon Sep 17 00:00:00 2001 From: Heng Sin Low Date: Thu, 20 Jun 2013 12:07:16 +0800 Subject: [PATCH] =?UTF-8?q?IDEMPIERE-1042=20Role=20Data=20Access=20?= =?UTF-8?q?=E2=80=93=20Table=20Access=20Exporting.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../oracle/201306200400_IDEMPIERE-1042.sql | 24 +++++++++ .../201306200400_IDEMPIERE-1042.sql | 23 ++++++++ .../org/compiere/model/I_AD_Table_Access.java | 26 --------- .../src/org/compiere/model/MRole.java | 54 ++++++++++--------- .../src/org/compiere/model/MTableAccess.java | 8 +-- .../org/compiere/model/X_AD_Table_Access.java | 52 +----------------- .../adwindow/AbstractADWindowContent.java | 11 +++- .../webui/panel/action/ReportAction.java | 3 +- 8 files changed, 91 insertions(+), 110 deletions(-) create mode 100644 migration/i1.0b-release/oracle/201306200400_IDEMPIERE-1042.sql create mode 100644 migration/i1.0b-release/postgresql/201306200400_IDEMPIERE-1042.sql diff --git a/migration/i1.0b-release/oracle/201306200400_IDEMPIERE-1042.sql b/migration/i1.0b-release/oracle/201306200400_IDEMPIERE-1042.sql new file mode 100644 index 0000000000..833a8e8156 --- /dev/null +++ b/migration/i1.0b-release/oracle/201306200400_IDEMPIERE-1042.sql @@ -0,0 +1,24 @@ +-- Jun 20, 2013 11:45:39 AM MYT +-- IDEMPIERE-1042 Role Data Access +UPDATE AD_Field SET IsActive='N',Updated=TO_DATE('2013-06-20 11:45:39','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Field_ID=8320 +; + +-- Jun 20, 2013 11:45:50 AM MYT +-- IDEMPIERE-1042 Role Data Access +UPDATE AD_Field SET IsActive='N',Updated=TO_DATE('2013-06-20 11:45:50','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Field_ID=8321 +; + +-- Jun 20, 2013 11:46:19 AM MYT +-- IDEMPIERE-1042 Role Data Access +UPDATE AD_Column SET IsActive='N',Updated=TO_DATE('2013-06-20 11:46:19','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Column_ID=9970 +; + +-- Jun 20, 2013 11:46:39 AM MYT +-- IDEMPIERE-1042 Role Data Access +UPDATE AD_Column SET IsActive='N',Updated=TO_DATE('2013-06-20 11:46:39','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Column_ID=9971 +; + + +SELECT register_migration_script('201306200400_IDEMPIERE-1042.sql') FROM dual +; + diff --git a/migration/i1.0b-release/postgresql/201306200400_IDEMPIERE-1042.sql b/migration/i1.0b-release/postgresql/201306200400_IDEMPIERE-1042.sql new file mode 100644 index 0000000000..560e2f48c9 --- /dev/null +++ b/migration/i1.0b-release/postgresql/201306200400_IDEMPIERE-1042.sql @@ -0,0 +1,23 @@ +-- Jun 20, 2013 11:45:39 AM MYT +-- IDEMPIERE-1042 Role Data Access +UPDATE AD_Field SET IsActive='N',Updated=TO_TIMESTAMP('2013-06-20 11:45:39','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Field_ID=8320 +; + +-- Jun 20, 2013 11:45:50 AM MYT +-- IDEMPIERE-1042 Role Data Access +UPDATE AD_Field SET IsActive='N',Updated=TO_TIMESTAMP('2013-06-20 11:45:50','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Field_ID=8321 +; + +-- Jun 20, 2013 11:46:19 AM MYT +-- IDEMPIERE-1042 Role Data Access +UPDATE AD_Column SET IsActive='N',Updated=TO_TIMESTAMP('2013-06-20 11:46:19','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Column_ID=9970 +; + +-- Jun 20, 2013 11:46:39 AM MYT +-- IDEMPIERE-1042 Role Data Access +UPDATE AD_Column SET IsActive='N',Updated=TO_TIMESTAMP('2013-06-20 11:46:39','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Column_ID=9971 +; + +SELECT register_migration_script('201306200400_IDEMPIERE-1042.sql') FROM dual +; + diff --git a/org.adempiere.base/src/org/compiere/model/I_AD_Table_Access.java b/org.adempiere.base/src/org/compiere/model/I_AD_Table_Access.java index c8ac17ec1f..d5fc3b15f3 100644 --- a/org.adempiere.base/src/org/compiere/model/I_AD_Table_Access.java +++ b/org.adempiere.base/src/org/compiere/model/I_AD_Table_Access.java @@ -143,32 +143,6 @@ public interface I_AD_Table_Access */ public boolean isActive(); - /** Column name IsCanExport */ - public static final String COLUMNNAME_IsCanExport = "IsCanExport"; - - /** Set Can Export. - * Users with this role can export data - */ - public void setIsCanExport (boolean IsCanExport); - - /** Get Can Export. - * Users with this role can export data - */ - public boolean isCanExport(); - - /** Column name IsCanReport */ - public static final String COLUMNNAME_IsCanReport = "IsCanReport"; - - /** Set Can Report. - * Users with this role can create reports - */ - public void setIsCanReport (boolean IsCanReport); - - /** Get Can Report. - * Users with this role can create reports - */ - public boolean isCanReport(); - /** Column name IsExclude */ public static final String COLUMNNAME_IsExclude = "IsExclude"; diff --git a/org.adempiere.base/src/org/compiere/model/MRole.java b/org.adempiere.base/src/org/compiere/model/MRole.java index 5dcb312474..63af3a9913 100644 --- a/org.adempiere.base/src/org/compiere/model/MRole.java +++ b/org.adempiere.base/src/org/compiere/model/MRole.java @@ -1196,8 +1196,9 @@ public final class MRole extends X_AD_Role return false; } if (!isTableAccess(AD_Table_ID, true)) // No R/O Access to Table - return false; - // + return false; + + //default to negative list, can report on all tables boolean canReport = true; for (int i = 0; i < m_tableAccess.length; i++) { @@ -1207,19 +1208,18 @@ public final class MRole extends X_AD_Role { if (m_tableAccess[i].getAD_Table_ID() == AD_Table_ID) { - canReport = m_tableAccess[i].isCanReport(); - if (log.isLoggable(Level.FINE)) log.fine("Exclude " + AD_Table_ID + " - " + canReport); - return canReport; + if (log.isLoggable(Level.FINE)) log.fine("Exclude " + AD_Table_ID); + return false; } } else // Include - { + { + //positive list, can report ONLY on included tables canReport = false; if (m_tableAccess[i].getAD_Table_ID() == AD_Table_ID) { - canReport = m_tableAccess[i].isCanReport(); - if (log.isLoggable(Level.FINE)) log.fine("Include " + AD_Table_ID + " - " + canReport); - return canReport; + if (log.isLoggable(Level.FINE)) log.fine("Include " + AD_Table_ID); + return true; } } } // for all Table Access @@ -1243,7 +1243,8 @@ public final class MRole extends X_AD_Role return false; if (!isCanReport (AD_Table_ID)) // We cannot Export if we cannot report return false; - // + + //default to negative list, can report on all tables boolean canExport = true; for (int i = 0; i < m_tableAccess.length; i++) { @@ -1251,16 +1252,21 @@ public final class MRole extends X_AD_Role continue; if (m_tableAccess[i].isExclude()) // Exclude { - canExport = m_tableAccess[i].isCanExport(); - if (log.isLoggable(Level.FINE)) log.fine("Exclude " + AD_Table_ID + " - " + canExport); - return canExport; + if (m_tableAccess[i].getAD_Table_ID() == AD_Table_ID) + { + if (log.isLoggable(Level.FINE)) log.fine("Exclude " + AD_Table_ID); + return false; + } } else // Include - { - canExport = false; - canExport = m_tableAccess[i].isCanExport(); - if (log.isLoggable(Level.FINE)) log.fine("Include " + AD_Table_ID + " - " + canExport); - return canExport; + { + //positive list, can export ONLY on included tables + canExport = false; + if (m_tableAccess[i].getAD_Table_ID() == AD_Table_ID) + { + if (log.isLoggable(Level.FINE)) log.fine("Include " + AD_Table_ID); + return true; + } } } // for all Table Access if (log.isLoggable(Level.FINE)) log.fine(AD_Table_ID + " - " + canExport); @@ -1278,7 +1284,8 @@ public final class MRole extends X_AD_Role if (!isTableAccessLevel (AD_Table_ID, ro)) // Role Based Access return false; loadTableAccess(false); - // + + //default to negative list, can access on all tables boolean hasAccess = true; // assuming exclusive rule for (int i = 0; i < m_tableAccess.length; i++) { @@ -1302,7 +1309,8 @@ public final class MRole extends X_AD_Role else // Include // If you Include Access to a table and select Read Only, // you can only read data (otherwise full access). - { + { + //positive list, can access ONLY on included tables hasAccess = false; if (m_tableAccess[i].getAD_Table_ID() == AD_Table_ID) { @@ -2846,12 +2854,6 @@ public final class MRole extends X_AD_Role if (found && override) { // stronger permissions first - if (ta2.isCanReport()) - ta1.setIsCanExport(true); - if (ta2.isCanReport()) - ta1.setIsCanReport(true); - if (!ta2.isReadOnly()) - ta1.setIsCanExport(false); if (!ta2.isExclude()) ta1.setIsExclude(false); } diff --git a/org.adempiere.base/src/org/compiere/model/MTableAccess.java b/org.adempiere.base/src/org/compiere/model/MTableAccess.java index 6de607483b..d574ab328d 100644 --- a/org.adempiere.base/src/org/compiere/model/MTableAccess.java +++ b/org.adempiere.base/src/org/compiere/model/MTableAccess.java @@ -75,9 +75,9 @@ public class MTableAccess extends X_AD_Table_Access if (ACCESSTYPERULE_Accessing.equals(getAccessTypeRule())) sb.append("-ReadOnly=").append(isReadOnly()); else if (ACCESSTYPERULE_Exporting.equals(getAccessTypeRule())) - sb.append("-CanExport=").append(isCanExport()); + sb.append("-CanExport=").append(!isExclude()); else if (ACCESSTYPERULE_Reporting.equals(getAccessTypeRule())) - sb.append("-CanReport=").append(isCanReport()); + sb.append("-CanReport=").append(!isExclude()); sb.append("]"); return sb.toString(); } // toString @@ -97,9 +97,9 @@ public class MTableAccess extends X_AD_Table_Access if (ACCESSTYPERULE_Accessing.equals(getAccessTypeRule())) sb.append(" - ").append(Msg.translate(ctx, "IsReadOnly")).append("=").append(isReadOnly()); else if (ACCESSTYPERULE_Exporting.equals(getAccessTypeRule())) - sb.append(" - ").append(Msg.translate(ctx, "IsCanExport")).append("=").append(isCanExport()); + sb.append(" - ").append(Msg.translate(ctx, "CanExport")).append("=").append(!isExclude()); else if (ACCESSTYPERULE_Reporting.equals(getAccessTypeRule())) - sb.append(" - ").append(Msg.translate(ctx, "IsCanReport")).append("=").append(isCanReport()); + sb.append(" - ").append(Msg.translate(ctx, "CanReport")).append("=").append(!isExclude()); sb.append(" - ").append(isExclude() ? ex : in); return sb.toString(); } // toStringX diff --git a/org.adempiere.base/src/org/compiere/model/X_AD_Table_Access.java b/org.adempiere.base/src/org/compiere/model/X_AD_Table_Access.java index 01c929ad77..6c30edf2ee 100644 --- a/org.adempiere.base/src/org/compiere/model/X_AD_Table_Access.java +++ b/org.adempiere.base/src/org/compiere/model/X_AD_Table_Access.java @@ -30,7 +30,7 @@ public class X_AD_Table_Access extends PO implements I_AD_Table_Access, I_Persis /** * */ - private static final long serialVersionUID = 20130425L; + private static final long serialVersionUID = 20130620L; /** Standard Constructor */ public X_AD_Table_Access (Properties ctx, int AD_Table_Access_ID, String trxName) @@ -42,8 +42,6 @@ public class X_AD_Table_Access extends PO implements I_AD_Table_Access, I_Persis // A setAD_Role_ID (0); setAD_Table_ID (0); - setIsCanExport (false); - setIsCanReport (false); setIsExclude (true); // Y setIsReadOnly (false); @@ -182,54 +180,6 @@ public class X_AD_Table_Access extends PO implements I_AD_Table_Access, I_Persis return new KeyNamePair(get_ID(), String.valueOf(getAD_Table_ID())); } - /** Set Can Export. - @param IsCanExport - Users with this role can export data - */ - public void setIsCanExport (boolean IsCanExport) - { - set_Value (COLUMNNAME_IsCanExport, Boolean.valueOf(IsCanExport)); - } - - /** Get Can Export. - @return Users with this role can export data - */ - public boolean isCanExport () - { - Object oo = get_Value(COLUMNNAME_IsCanExport); - if (oo != null) - { - if (oo instanceof Boolean) - return ((Boolean)oo).booleanValue(); - return "Y".equals(oo); - } - return false; - } - - /** Set Can Report. - @param IsCanReport - Users with this role can create reports - */ - public void setIsCanReport (boolean IsCanReport) - { - set_Value (COLUMNNAME_IsCanReport, Boolean.valueOf(IsCanReport)); - } - - /** Get Can Report. - @return Users with this role can create reports - */ - public boolean isCanReport () - { - Object oo = get_Value(COLUMNNAME_IsCanReport); - if (oo != null) - { - if (oo instanceof Boolean) - return ((Boolean)oo).booleanValue(); - return "Y".equals(oo); - } - return false; - } - /** Set Exclude. @param IsExclude Exclude access to the data - if not selected Include access to the data diff --git a/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/adwindow/AbstractADWindowContent.java b/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/adwindow/AbstractADWindowContent.java index 379e9c3d5f..cbb895927b 100644 --- a/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/adwindow/AbstractADWindowContent.java +++ b/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/adwindow/AbstractADWindowContent.java @@ -2371,8 +2371,15 @@ public abstract class AbstractADWindowContent extends AbstractUIPart implements @Override public void onExport() { - ExportAction action = new ExportAction(this); - action.export(); + int AD_Table_ID=getActiveGridTab().getAD_Table_ID(); + final boolean isCanExport=MRole.getDefault().isCanExport(AD_Table_ID); + if (!isCanExport) { + FDialog.error(curWindowNo, parent, "AccessCannotExport"); + return; + } else { + ExportAction action = new ExportAction(this); + action.export(); + } } @Override diff --git a/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/panel/action/ReportAction.java b/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/panel/action/ReportAction.java index 91a93a4dc7..e673269b9a 100644 --- a/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/panel/action/ReportAction.java +++ b/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/panel/action/ReportAction.java @@ -94,7 +94,8 @@ public class ReportAction implements EventListener public void show() { - final boolean isCanExport=MRole.getDefault().isCanExport(); + int AD_Table_ID=panel.getActiveGridTab().getAD_Table_ID(); + final boolean isCanExport=MRole.getDefault().isCanExport(AD_Table_ID); if(winReport == null) { winReport = new Window();