[process] Added default security for manual roles
authorAsier Lostalé <asier.lostale@openbravo.com>
Thu, 03 May 2012 08:50:49 +0200
changeset 16377 1e0a83f6548b
parent 16376 010686dd7d4d
child 16378 b788d30fea13
[process] Added default security for manual roles
modules/org.openbravo.client.application/src-db/database/model/functions/OBUIAPP_UPDATE_ACCESS.xml
modules/org.openbravo.client.application/src-db/database/model/triggers/OBUIAPP_AD_ROLE_TRG.xml
modules/org.openbravo.client.application/src-db/database/model/triggers/OBUIAPP_PROCESS_TRG.xml
modules/org.openbravo.client.application/src-db/database/sourcedata/AD_EP_PROCEDURES.xml
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/modules/org.openbravo.client.application/src-db/database/model/functions/OBUIAPP_UPDATE_ACCESS.xml	Thu May 03 08:50:49 2012 +0200
@@ -0,0 +1,52 @@
+<?xml version="1.0"?>
+  <database name="FUNCTION OBUIAPP_UPDATE_ACCESS">
+    <function name="OBUIAPP_UPDATE_ACCESS" type="NULL">
+      <parameter name="p_ep_instance_id" type="VARCHAR" mode="in">
+        <default/>
+      </parameter>
+      <body><![CDATA[/*************************************************************************
+* The contents of this file are subject to the Openbravo  Public  License
+* Version  1.1  (the  "License"),  being   the  Mozilla   Public  License
+* Version 1.1  with a permitted attribution clause; you may not  use this
+* file except in compliance with the License. You  may  obtain  a copy of
+* the License at http://www.openbravo.com/legal/license.html
+* Software distributed under the License  is  distributed  on  an "AS IS"
+* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
+* License for the specific  language  governing  rights  and  limitations
+* under the License.
+* The Original Code is Openbravo ERP.
+* The Initial Developer of the Original Code is Openbravo SLU
+* All portions are Copyright (C) 2012 Openbravo SLU
+* All Rights Reserved.
+* Contributor(s):  ______________________________________.
+************************************************************************/
+
+BEGIN
+
+  INSERT INTO OBUIAPP_Process_Access
+    (
+      OBUIAPP_Process_Access_ID, OBUIAPP_Process_ID, AD_Role_ID, AD_Client_ID,
+      AD_Org_ID, IsActive, Created,
+      CreatedBy, Updated, UpdatedBy
+    )
+  SELECT get_uuid(), P.OBUIAPP_Process_ID, R.AD_ROLE_ID, R.AD_CLIENT_ID,
+    R.AD_ORG_ID, 'Y', now(),
+    '0', now(), '0'
+  FROM OBUIAPP_Process P, AD_ROLE R
+  WHERE R.ISMANUAL = 'N'
+  AND P.IsActive='Y'
+    AND (
+      (R.USERLEVEL = 'S' AND P.ACCESSLEVEL IN ('4','7','6'))
+      OR
+      (R.USERLEVEL IN (' CO', ' C') AND P.ACCESSLEVEL IN ('7','6','3','1'))
+      OR
+      (R.USERLEVEL = '  O' AND P.ACCESSLEVEL IN ('3','1','7'))
+    )
+    AND NOT EXISTS (SELECT 1
+                     FROM OBUIAPP_Process_Access
+                    WHERE OBUIAPP_Process_ID = P.OBUIAPP_Process_ID
+                      AND AD_ROLE_ID = R.AD_ROLE_ID);
+END OBUIAPP_UPDATE_ACCESS
+]]></body>
+    </function>
+  </database>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/modules/org.openbravo.client.application/src-db/database/model/triggers/OBUIAPP_AD_ROLE_TRG.xml	Thu May 03 08:50:49 2012 +0200
@@ -0,0 +1,86 @@
+<?xml version="1.0"?>
+  <database name="TRIGGER OBUIAPP_AD_ROLE_TRG">
+    <trigger name="OBUIAPP_AD_ROLE_TRG" table="AD_ROLE" fires="after" insert="true" update="true" delete="false" foreach="row">
+      <body><![CDATA[
+/*************************************************************************
+* The contents of this file are subject to the Openbravo  Public  License
+* Version  1.1  (the  "License"),  being   the  Mozilla   Public  License
+* Version 1.1  with a permitted attribution clause; you may not  use this
+* file except in compliance with the License. You  may  obtain  a copy of
+* the License at http://www.openbravo.com/legal/license.html
+* Software distributed under the License  is  distributed  on  an "AS IS"
+* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
+* License for the specific  language  governing  rights  and  limitations
+* under the License.
+* The Original Code is Openbravo ERP.
+* The Initial Developer of the Original Code is Openbravo SLU
+* All portions are Copyright (C) 2012 Openbravo SLU
+* All Rights Reserved.
+* Contributor(s):  ______________________________________.
+************************************************************************/
+    
+BEGIN
+    
+    IF AD_isTriggerEnabled()='N' THEN RETURN;
+    END IF;
+
+
+IF (UPDATING) THEN
+ IF NOT(COALESCE(:OLD.UserLevel,'.')<>COALESCE(:NEW.UserLevel,'.')) THEN
+  RETURN;
+ END IF;
+ END IF;
+
+
+ IF (INSERTING) THEN
+  NULL;
+ ELSIF (:new.IsManual = 'Y') THEN
+  RETURN;
+ ELSE
+  DELETE FROM OBKMO_Widget_Class_Access
+  WHERE AD_Role_ID = :new.AD_Role_ID;
+ END IF;
+
+
+ -- System
+ IF (:new.UserLevel='S') AND (:new.IsManual <> 'Y') THEN
+  INSERT INTO OBUIAPP_Process_Access
+   (OBUIAPP_Process_Access_ID, OBUIAPP_Process_ID, AD_Role_ID,
+   AD_Client_ID, AD_Org_ID, IsActive, Created, CreatedBy, Updated, UpdatedBy)
+  SELECT get_uuid(), p.OBUIAPP_Process_ID, :new.AD_Role_ID,
+   :new.AD_CLIENT_ID, :new.AD_ORG_ID, 'Y', now(), :new.UpdatedBy, now(), :new.UpdatedBy
+  FROM (select distinct p.OBUIAPP_Process_ID
+  from OBUIAPP_Process p
+  WHERE p.AccessLevel IN ('4','7','6')
+    AND p.IsActive = 'Y') p;
+
+ -- Client/Org
+ ELSIF (:new.UserLevel=' CO' OR :new.UserLevel=' C') AND (:new.IsManual <> 'Y') THEN
+  INSERT INTO OBUIAPP_Process_Access
+   (OBUIAPP_Process_Access_ID, OBUIAPP_Process_ID, AD_Role_ID,
+   AD_Client_ID, AD_Org_ID, IsActive, Created, CreatedBy, Updated, UpdatedBy)
+  SELECT get_uuid(), p.OBUIAPP_Process_ID, :new.AD_Role_ID,
+   :new.AD_CLIENT_ID, :new.AD_ORG_ID, 'Y', now(), :new.UpdatedBy, now(), :new.UpdatedBy
+  FROM (select distinct p.OBUIAPP_Process_ID
+  from OBUIAPP_Process p
+  WHERE p.AccessLevel IN ('7','6','3','1')
+    AND p.IsActive = 'Y') p;
+
+ -- Organization
+ ELSIF (:new.UserLevel='  O') AND (:new.IsManual <> 'Y') THEN
+  INSERT INTO OBUIAPP_Process_Access
+   (OBUIAPP_Process_Access_ID, OBUIAPP_Process_ID, AD_Role_ID,
+   AD_Client_ID, AD_Org_ID, IsActive, Created, CreatedBy, Updated, UpdatedBy)
+  SELECT get_uuid(), p.OBUIAPP_Process_ID, :new.AD_Role_ID,
+   :new.AD_CLIENT_ID, :new.AD_ORG_ID, 'Y', now(), :new.UpdatedBy, now(), :new.UpdatedBy
+  FROM (select distinct p.OBUIAPP_Process_ID
+  from OBUIAPP_Process p
+  WHERE p.AccessLevel IN ('3','1','7')
+    AND p.IsActive = 'Y') p;
+
+ END IF;
+
+END OBUIAPP_AD_ROLE_TRG
+]]></body>
+    </trigger>
+  </database>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/modules/org.openbravo.client.application/src-db/database/model/triggers/OBUIAPP_PROCESS_TRG.xml	Thu May 03 08:50:49 2012 +0200
@@ -0,0 +1,51 @@
+<?xml version="1.0"?>
+  <database name="TRIGGER OBUIAPP_PROCESS_TRG">
+    <trigger name="OBUIAPP_PROCESS_TRG" table="OBUIAPP_PROCESS" fires="after" insert="true" update="true" delete="false" foreach="row">
+      <body><![CDATA[
+
+/*************************************************************************
+* The contents of this file are subject to the Openbravo  Public  License
+* Version  1.1  (the  "License"),  being   the  Mozilla   Public  License
+* Version 1.1  with a permitted attribution clause; you may not  use this
+* file except in compliance with the License. You  may  obtain  a copy of
+* the License at http://www.openbravo.com/legal/license.html
+* Software distributed under the License  is  distributed  on  an "AS IS"
+* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
+* License for the specific  language  governing  rights  and  limitations
+* under the License.
+* The Original Code is Openbravo ERP.
+* The Initial Developer of the Original Code is Openbravo SLU
+* All portions are Copyright (C) 2012 Openbravo SLU
+* All Rights Reserved.
+* Contributor(s):  ______________________________________.
+************************************************************************/
+
+BEGIN
+    IF AD_isTriggerEnabled()='N' THEN RETURN;
+    END IF;
+
+  IF INSERTING THEN 
+      INSERT INTO OBUIAPP_Process_Access
+      (
+        OBUIAPP_Process_Access_ID, OBUIAPP_Process_ID, AD_Role_ID, AD_Client_ID,
+        AD_Org_ID, IsActive, Created,
+        CreatedBy, Updated, UpdatedBy
+      )
+      SELECT get_uuid(), :new.OBUIAPP_Process_ID, R.AD_ROLE_ID, R.AD_CLIENT_ID,
+        R.AD_ORG_ID, 'Y', now(),
+        '0', now(), '0'
+      FROM AD_ROLE R
+      WHERE R.ISMANUAL = 'N'
+        AND (
+          (R.USERLEVEL = 'S' AND :new.ACCESSLEVEL IN ('4','7','6'))
+          OR
+          (R.USERLEVEL IN (' CO', ' C') AND :new.ACCESSLEVEL IN ('7','6','3','1'))
+          OR
+          (R.USERLEVEL = '  O' AND :new.ACCESSLEVEL IN ('3','1','7'))
+        );
+  END IF;
+
+END OBUIAPP_PROCESS_TRG
+]]></body>
+    </trigger>
+  </database>
--- a/modules/org.openbravo.client.application/src-db/database/sourcedata/AD_EP_PROCEDURES.xml	Tue May 01 09:25:25 2012 +0200
+++ b/modules/org.openbravo.client.application/src-db/database/sourcedata/AD_EP_PROCEDURES.xml	Thu May 03 08:50:49 2012 +0200
@@ -20,4 +20,14 @@
 <!--0A50593430F34776A5A167E44B361DB6-->  <AD_MODULE_ID><![CDATA[9BA0836A3CD74EE4AB48753A47211BCC]]></AD_MODULE_ID>
 <!--0A50593430F34776A5A167E44B361DB6--></AD_EP_PROCEDURES>
 
+<!--3BD06D12FD0C42179171273CA4DB8F8E--><AD_EP_PROCEDURES>
+<!--3BD06D12FD0C42179171273CA4DB8F8E-->  <AD_EP_PROCEDURES_ID><![CDATA[3BD06D12FD0C42179171273CA4DB8F8E]]></AD_EP_PROCEDURES_ID>
+<!--3BD06D12FD0C42179171273CA4DB8F8E-->  <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--3BD06D12FD0C42179171273CA4DB8F8E-->  <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--3BD06D12FD0C42179171273CA4DB8F8E-->  <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--3BD06D12FD0C42179171273CA4DB8F8E-->  <AD_EXTENSION_POINTS_ID><![CDATA[8261F79453B64AC7998873A9F81A1E5A]]></AD_EXTENSION_POINTS_ID>
+<!--3BD06D12FD0C42179171273CA4DB8F8E-->  <PROCEDURENAME><![CDATA[OBUIAPP_Update_Access]]></PROCEDURENAME>
+<!--3BD06D12FD0C42179171273CA4DB8F8E-->  <AD_MODULE_ID><![CDATA[9BA0836A3CD74EE4AB48753A47211BCC]]></AD_MODULE_ID>
+<!--3BD06D12FD0C42179171273CA4DB8F8E--></AD_EP_PROCEDURES>
+
 </data>