[process] Take into account secured process property to deny access to process
authorAsier Lostalé <asier.lostale@openbravo.com>
Tue, 01 May 2012 08:46:23 +0200
changeset 16374 18681251313d
parent 16373 091f9e19e3ac
child 16375 15642a7e18fd
[process] Take into account secured process property to deny access to process
modules/org.openbravo.client.application/src/org/openbravo/client/application/WindowSettingsActionHandler.java
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/main/ob-standard-window.js
--- a/modules/org.openbravo.client.application/src/org/openbravo/client/application/WindowSettingsActionHandler.java	Tue May 01 08:38:55 2012 +0200
+++ b/modules/org.openbravo.client.application/src/org/openbravo/client/application/WindowSettingsActionHandler.java	Tue May 01 08:46:23 2012 +0200
@@ -11,7 +11,7 @@
  * under the License. 
  * The Original Code is Openbravo ERP. 
  * The Initial Developer of the Original Code is Openbravo SLU 
- * All portions are Copyright (C) 2011 Openbravo SLU 
+ * All portions are Copyright (C) 2011-2012 Openbravo SLU 
  * All Rights Reserved. 
  * Contributor(s):  ______________________________________.
  ************************************************************************
@@ -36,7 +36,9 @@
 import org.openbravo.client.kernel.StaticResourceComponent;
 import org.openbravo.dal.core.OBContext;
 import org.openbravo.dal.service.OBDal;
+import org.openbravo.dal.service.OBQuery;
 import org.openbravo.erpCommon.businessUtility.Preferences;
+import org.openbravo.erpCommon.utility.PropertyException;
 import org.openbravo.model.ad.access.FieldAccess;
 import org.openbravo.model.ad.access.TabAccess;
 import org.openbravo.model.ad.access.WindowAccess;
@@ -126,6 +128,50 @@
         }
       }
 
+      // Processes without access
+      boolean securedProcess = false;
+      try {
+        securedProcess = "Y".equals(Preferences.getPreferenceValue("SecuredProcess", true,
+            OBContext.getOBContext().getCurrentClient(), OBContext.getOBContext()
+                .getCurrentOrganization(), OBContext.getOBContext().getUser(), OBContext
+                .getOBContext().getRole(), window));
+      } catch (PropertyException e) {
+        // do nothing, property is not set so securedProcess is false
+      }
+
+      if (securedProcess) {
+        OBQuery<Field> q = OBDal.getInstance().createQuery(
+            Field.class,
+            " as f where  tab.window = :window " + "and ( (column.oBUIAPPProcess is not null"
+                + " and not exists (select 1 from " + " OBUIAPP_Process_Access a"
+                + " where a.obuiappProcess = f.column.oBUIAPPProcess"
+                + " and a.role.id = :role and a.active=true))" + "or (column.process is not null))"
+                + " order by f.tab");
+
+        q.setNamedParameter("window", window);
+        q.setNamedParameter("role", OBContext.getOBContext().getRole().getId());
+
+        final JSONArray processes = new JSONArray();
+        json.put("notAccessibleProcesses", processes);
+        Tab tab = null;
+        JSONObject t;
+        JSONArray ps = null;
+        for (Field f : q.list()) {
+          if (tab == null || !tab.getId().equals(f.getTab().getId())) {
+            t = new JSONObject();
+            tab = f.getTab();
+            ps = new JSONArray();
+            t.put("tabId", tab.getId());
+            t.put("processes", ps);
+            processes.put(t);
+          }
+          final Entity entity = ModelProvider.getInstance().getEntityByTableId(
+              f.getTab().getTable().getId());
+          ps.put(entity.getPropertyByColumnName(f.getColumn().getDBColumnName().toLowerCase())
+              .getName());
+        }
+      }
+
       return json;
     } catch (Exception e) {
       throw new OBException(e);
--- a/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/main/ob-standard-window.js	Tue May 01 08:38:55 2012 +0200
+++ b/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/main/ob-standard-window.js	Tue May 01 08:46:23 2012 +0200
@@ -209,7 +209,9 @@
 
   // set window specific user settings, purposely set on class level
   setWindowSettings: function (data) {
-    var i, defaultView, persDefaultValue, views, length, t, tab, view, field, button, alwaysReadOnly, st, stView, stBtns, stBtn, disabledFields, personalization;
+    var i, defaultView, persDefaultValue, views, length, t, tab, view, field, button, st, stView, stBtns, stBtn, disabledFields, personalization, notAccessibleProcesses, alwaysReadOnly = function (view, record, context) {
+        return true;
+        };
 
     if (data) {
       this.getClass().autoSave = data.autoSave;
@@ -238,11 +240,37 @@
       this.views[i].toolBar.updateButtonState(true);
     }
 
+    // set as readonly not accessible processes
+    if (data && data.notAccessibleProcesses) {
+      for (t = 0; t < data.notAccessibleProcesses.length; t++) {
+        notAccessibleProcesses = data.notAccessibleProcesses[t];
+        view = this.getView(notAccessibleProcesses.tabId);
+        for (i = 0; i < view.toolBar.rightMembers.length; i++) {
+          button = view.toolBar.rightMembers[i];
+          if (notAccessibleProcesses.tabId === button.contextView.tabId && button.property && notAccessibleProcesses.processes.contains(button.property)) {
+            button.readOnlyIf = alwaysReadOnly;
+            // looking for this button in subtabs
+            for (st = 0; st < this.views.length; st++) {
+              stView = this.views[st];
+              if (stView === view) {
+                continue;
+              }
+              for (stBtns = 0; stBtns < stView.toolBar.rightMembers.length; stBtns++) {
+                stBtn = stView.toolBar.rightMembers[stBtns];
+                if (stBtn.contextView === button.contextView && stBtn.property && notAccessibleProcesses.processes.contains(stBtn.property)) {
+                  stBtn.readOnlyIf = alwaysReadOnly;
+                  break;
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+
     // Field level permissions
     if (data && data.tabs) {
-      alwaysReadOnly = function (view, record, context) {
-        return true;
-      };
+
       for (t = 0; t < data.tabs.length; t++) {
         tab = data.tabs[t];
         view = this.getView(tab.tabId);