Related with issue 32795: G/L Item does not works properly.
authorInigo Sanchez <inigo.sanchez@openbravo.com>
Thu, 28 Apr 2016 13:52:52 +0200
changeset 29363 e8c0df5664de
parent 29362 e945590dce38
child 29364 5438c3739fa2
Related with issue 32795: G/L Item does not works properly.
The problem was how entities were getting from selectors. It has been refactor
checkFetchDatasourceAccess() to solved this problem. Now checkFetchDatasourceAccess
obtain entities from selectors in two ways:
* By using getEntity() method.
* By using table of the selector.

Besides it has been added a test case in DataSourceSecurity to take into account this case.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
src-test/src/org/openbravo/test/datasource/DataSourceSecurity.java
--- a/modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java	Wed Apr 27 19:45:36 2016 +0200
+++ b/modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java	Thu Apr 28 13:52:52 2016 +0200
@@ -29,7 +29,6 @@
 import org.openbravo.base.exception.OBSecurityException;
 import org.openbravo.base.model.Entity;
 import org.openbravo.base.model.ModelProvider;
-import org.openbravo.base.model.Property;
 import org.openbravo.client.application.CachedPreference;
 import org.openbravo.client.application.window.ApplicationDictionaryCachedStructures;
 import org.openbravo.client.kernel.Template;
@@ -39,6 +38,7 @@
 import org.openbravo.model.ad.ui.Tab;
 import org.openbravo.model.common.order.Order;
 import org.openbravo.service.json.JsonConstants;
+import org.openbravo.userinterface.selector.Selector;
 import org.openbravo.userinterface.selector.SelectorConstants;
 
 /**
@@ -154,31 +154,21 @@
     String selectorId = parameters.get(SelectorConstants.DS_REQUEST_SELECTOR_ID_PARAMETER);
     if (StringUtils.isNotBlank(selectorId)) {
       // selectors
-      String processId = parameters.get(SelectorConstants.DS_REQUEST_PROCESS_DEFINITION_ID);
-      if (StringUtils.isNotBlank(processId)) {
-        // selectors defined in a process definition
-        if (entityToCheck != null) {
-          try {
-            obContext.getEntityAccessChecker().checkDerivedAccess(entityToCheck);
-          } catch (OBSecurityException e) {
-            handleExceptionUnsecuredDSAccess(e);
-          }
+      if (entityToCheck == null) {
+        OBContext.setAdminMode(true);
+        try {
+          Selector sel = OBDal.getInstance().get(Selector.class, selectorId);
+          entityToCheck = ModelProvider.getInstance().getEntityByTableId(
+              (String) DalUtil.getId(sel.getTable()));
+        } finally {
+          OBContext.restorePreviousMode();
         }
-      } else {
-        // rest of the selectors
-        String tableId = parameters.get("inpTableId");
-        String targetPropertyName = parameters.get(SelectorConstants.PARAM_TARGET_PROPERTY_NAME);
-        if (StringUtils.isNotBlank(targetPropertyName)) {
-          try {
-            Entity parentEntity = ModelProvider.getInstance().getEntityByTableId(tableId);
-            Property p = parentEntity.getProperty(targetPropertyName);
-            Entity entitySelector = p.getReferencedProperty().getEntity();
-            if (entitySelector != null) {
-              obContext.getEntityAccessChecker().checkDerivedAccess(entitySelector);
-            }
-          } catch (OBSecurityException e) {
-            handleExceptionUnsecuredDSAccess(e);
-          }
+      }
+      if (entityToCheck != null) {
+        try {
+          obContext.getEntityAccessChecker().checkDerivedAccess(entityToCheck);
+        } catch (OBSecurityException e) {
+          handleExceptionUnsecuredDSAccess(e);
         }
       }
     } else if (entityToCheck != null) {
--- a/src-test/src/org/openbravo/test/datasource/DataSourceSecurity.java	Wed Apr 27 19:45:36 2016 +0200
+++ b/src-test/src/org/openbravo/test/datasource/DataSourceSecurity.java	Thu Apr 28 13:52:52 2016 +0200
@@ -170,6 +170,14 @@
         put("targetProperty", "businessPartner");
       }
     }), //
+    SelectorGLItemDatasource("FinancialMgmtGLItem", new HashMap<String, String>() {
+      {
+        // Payment In > Add Details process > GLItem section > Selector GLItem
+        put("_selectorDefinitionId", "9FAD469CE4414A25974CF45C0AD22D35");
+        put("inpTableId", "D1A97202E832470285C9B1EB026D54E2");
+        put("targetProperty", "gLItem");
+      }
+    }), //
     QuickLaunch("99B9CC42FDEA4CA7A4EE35BC49D61E0E"), //
     QuickCreate("C17951F970E942FD9F3771B7BE91D049"), //
     HQLDataSource("3C1148C0AB604DE1B51B7EA4112C325F", new HashMap<String, String>() {
@@ -280,11 +288,11 @@
 
       // Note ds is accessible if current role has access to entity of the notes. This note is
       // invocated from a record in Windows, Tabs and Fields.
-      testCases.add(new Object[] {
-          type,
-          DataSource.Note,
-          type == RoleType.NO_ACCESS_ROLE ? JsonConstants.RPCREQUEST_STATUS_VALIDATION_ERROR
-              : JsonConstants.RPCREQUEST_STATUS_SUCCESS });
+      testCases.add(new Object[] { type, DataSource.Note, accessForAdminAndSystemOnly });
+
+      // Selector into a datasource into a P&E Window.
+      testCases.add(new Object[] { type, DataSource.SelectorGLItemDatasource,
+          accessForAdminAndSystemOnly });
     }
     // testing a problem detected in how properties are initialized.
     testCases.add(new Object[] { RoleType.ADMIN_ROLE, DataSource.ProductByPriceAndWarehouse,