Fixed issue 29064:There are problems with the organization of the notes.
authorNaroa Iriarte <naroa.iriarte@openbravo.com>
Wed, 22 Apr 2015 16:57:29 +0200
changeset 26338 f919925114f0
parent 26337 0b8b1170fe70
child 26339 347fbcf3401f
Fixed issue 29064:There are problems with the organization of the notes.

There were two problems:
First: When a note was created, it had context organization instead of document organization.
To fix this, a new field which stores the note's organization has been created in the "ob-view-form-notes.js".
Second: If a note was added with an organization and after that the organization of the note
was changed, there were problems to handle it.
A new manual datasource has been created for handling the fetch,add and remove operations of the notes,
making sure that the organization filter is disabled. So, we grant the fact that if a user of one
organization creates a note and after that the organization of the note is changed to another one which
the user has not access, the user will be able to see or delete the note.
modules/org.openbravo.client.application/src-db/database/sourcedata/OBSERDS_DATASOURCE.xml
modules/org.openbravo.client.application/src/org/openbravo/client/application/window/FormInitializationComponent.java
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/form/ob-view-form-notes.js
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/form/ob-view-form.js
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/NoteDataSource.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/DefaultJsonDataService.java
--- a/modules/org.openbravo.client.application/src-db/database/sourcedata/OBSERDS_DATASOURCE.xml	Tue Apr 21 14:18:22 2015 +0200
+++ b/modules/org.openbravo.client.application/src-db/database/sourcedata/OBSERDS_DATASOURCE.xml	Wed Apr 22 16:57:29 2015 +0200
@@ -7,6 +7,7 @@
 <!--090A37D22E61FE94012E621729090048-->  <AD_MODULE_ID><![CDATA[9BA0836A3CD74EE4AB48753A47211BCC]]></AD_MODULE_ID>
 <!--090A37D22E61FE94012E621729090048-->  <NAME><![CDATA[Notes Datasource]]></NAME>
 <!--090A37D22E61FE94012E621729090048-->  <AD_TABLE_ID><![CDATA[090A37D22E61FE94012E620CD15D0030]]></AD_TABLE_ID>
+<!--090A37D22E61FE94012E621729090048-->  <CLASSNAME><![CDATA[org.openbravo.service.datasource.NoteDataSource]]></CLASSNAME>
 <!--090A37D22E61FE94012E621729090048-->  <OBCLKER_TEMPLATE_ID><![CDATA[2BAD445C2A0343C58E455F9BD379C690]]></OBCLKER_TEMPLATE_ID>
 <!--090A37D22E61FE94012E621729090048-->  <ISACTIVE><![CDATA[Y]]></ISACTIVE>
 <!--090A37D22E61FE94012E621729090048-->  <USEASTABLEDATAORIGIN><![CDATA[N]]></USEASTABLEDATAORIGIN>
--- a/modules/org.openbravo.client.application/src/org/openbravo/client/application/window/FormInitializationComponent.java	Tue Apr 21 14:18:22 2015 +0200
+++ b/modules/org.openbravo.client.application/src/org/openbravo/client/application/window/FormInitializationComponent.java	Wed Apr 22 16:57:29 2015 +0200
@@ -352,6 +352,7 @@
   private int computeNoteCount(Tab tab, String rowId) {
     OBQuery<Note> obq = OBDal.getInstance().createQuery(Note.class,
         " table.id=:tableId and record=:recordId");
+    obq.setFilterOnReadableOrganization(false);
     obq.setNamedParameter("tableId", (String) DalUtil.getId(tab.getTable()));
     obq.setNamedParameter("recordId", rowId);
     return obq.count();
--- a/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/form/ob-view-form-notes.js	Tue Apr 21 14:18:22 2015 +0200
+++ b/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/form/ob-view-form-notes.js	Wed Apr 22 16:57:29 2015 +0200
@@ -11,7 +11,7 @@
  * under the License.
  * The Original Code is Openbravo ERP.
  * The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2011-2014 Openbravo SLU
+ * All portions are Copyright (C) 2011-2015 Openbravo SLU
  * All Rights Reserved.
  * Contributor(s): Valery Lezhebokov.
  ************************************************************************
@@ -86,8 +86,8 @@
     return this.noteCanvasItem.canvas;
   },
 
-  setRecordInfo: function (entity, id) {
-    this.getNotePart().setRecordInfo(entity, id);
+  setRecordInfo: function (entity, id, notesForm) {
+    this.getNotePart().setRecordInfo(entity, id, notesForm);
   },
 
   refresh: function () {
@@ -194,14 +194,22 @@
     this.noteDynamicForm.validate();
 
     var noteDS = this.getNoteDataSource();
+    var currentTime = new Date();
+    var organizationOfTheNote;
 
-    var currentTime = new Date();
+    //Here we are checking if the entity is 'Organization' because the way of obtaining the
+    //id of the organization of the form is different depending on the entity
+    if (this.entity === 'Organization') {
+      organizationOfTheNote = this.recordId;
+    } else {
+      organizationOfTheNote = this.notesForm.values.organization;
+    }
 
     noteDS.addData({
       'client': OB.User.clientId,
-      'organization': OB.User.organizationId,
-      'table': this.getForm().view.standardProperties.inpTableId,
-      'record': this.getForm().view.viewGrid.getSelectedRecord().id,
+      'organization': organizationOfTheNote,
+      'table': this.notesForm.view.standardProperties.inpTableId,
+      'record': this.notesForm.view.viewGrid.getSelectedRecord().id,
       'note': note
     }, addNoteCallback);
 
@@ -439,9 +447,10 @@
   /**
    * Sets record information.
    */
-  setRecordInfo: function (entity, id) {
+  setRecordInfo: function (entity, id, notesForm) {
     this.entity = entity;
     this.recordId = id;
+    this.notesForm = notesForm;
   },
 
   refresh: function () {
--- a/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/form/ob-view-form.js	Tue Apr 21 14:18:22 2015 +0200
+++ b/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/form/ob-view-form.js	Wed Apr 22 16:57:29 2015 +0200
@@ -300,7 +300,7 @@
       return;
     }
     if (enable) {
-      this.noteSection.setRecordInfo(this.view.entity, this.getValue(OB.Constants.ID));
+      this.noteSection.setRecordInfo(this.view.entity, this.getValue(OB.Constants.ID), this);
       this.noteSection.collapseSection(true);
       delete this.noteSection.hiddenInForm;
       this.noteSection.refresh();
--- a/modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java	Tue Apr 21 14:18:22 2015 +0200
+++ b/modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java	Wed Apr 22 16:57:29 2015 +0200
@@ -11,7 +11,7 @@
  * under the License. 
  * The Original Code is Openbravo ERP. 
  * The Initial Developer of the Original Code is Openbravo SLU 
- * All portions are Copyright (C) 2010-2014 Openbravo SLU 
+ * All portions are Copyright (C) 2010-2015 Openbravo SLU
  * All Rights Reserved. 
  * Contributor(s):  ______________________________________.
  ************************************************************************
@@ -66,10 +66,15 @@
    * @see org.openbravo.service.datasource.DataSource#fetch(java.util.Map)
    */
   public String fetch(Map<String, String> parameters) {
-    OBContext.setAdminMode(true);
+    return fetch(parameters, true);
+  }
+
+  protected String fetch(Map<String, String> parameters, boolean shouldFilterOnRedeableOrganizations) {
+    OBContext.setAdminMode(shouldFilterOnRedeableOrganizations);
     try {
       addFetchParameters(parameters);
-      return DefaultJsonDataService.getInstance().fetch(parameters);
+      return DefaultJsonDataService.getInstance().fetch(parameters,
+          shouldFilterOnRedeableOrganizations);
     } finally {
       OBContext.restorePreviousMode();
     }
@@ -85,7 +90,7 @@
     }
   }
 
-  private void addFetchParameters(Map<String, String> parameters) {
+  protected void addFetchParameters(Map<String, String> parameters) {
 
     if (getEntity() != null) {
       parameters.put(JsonConstants.ENTITYNAME, getEntity().getName());
@@ -139,7 +144,12 @@
    */
   @Override
   public String remove(Map<String, String> parameters) {
-    OBContext.setAdminMode(true);
+    return remove(parameters, true);
+  }
+
+  protected String remove(Map<String, String> parameters,
+      boolean shouldFilterOnRedeableOrganizations) {
+    OBContext.setAdminMode(shouldFilterOnRedeableOrganizations);
     try {
       parameters.put(JsonConstants.ENTITYNAME, getEntity().getName());
       return DefaultJsonDataService.getInstance().remove(parameters);
@@ -155,7 +165,12 @@
    */
   @Override
   public String add(Map<String, String> parameters, String content) {
-    OBContext.setAdminMode(true);
+    return add(parameters, content, true);
+  }
+
+  protected String add(Map<String, String> parameters, String content,
+      boolean shouldFilterOnRedeableOrganizations) {
+    OBContext.setAdminMode(shouldFilterOnRedeableOrganizations);
     try {
       parameters.put(JsonConstants.ENTITYNAME, getEntity().getName());
       testAccessPermissions(parameters, content);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/NoteDataSource.java	Wed Apr 22 16:57:29 2015 +0200
@@ -0,0 +1,124 @@
+/*
+ *************************************************************************
+ * The contents of this file are subject to the Openbravo  Public  License
+ * Version  1.1  (the  "License"),  being   the  Mozilla   Public  License
+ * Version 1.1  with a permitted attribution clause; you may not  use this
+ * file except in compliance with the License. You  may  obtain  a copy of
+ * the License at http://www.openbravo.com/legal/license.html
+ * Software distributed under the License  is  distributed  on  an "AS IS"
+ * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
+ * License for the specific  language  governing  rights  and  limitations
+ * under the License.
+ * The Original Code is Openbravo ERP.
+ * The Initial Developer of the Original Code is Openbravo SLU
+ * All portions are Copyright (C) 2015 Openbravo SLU
+ * All Rights Reserved.
+ * Contributor(s):  ______________________________________.
+ ************************************************************************
+ */
+
+package org.openbravo.service.datasource;
+
+import java.util.Map;
+
+import org.codehaus.jettison.json.JSONArray;
+import org.codehaus.jettison.json.JSONException;
+import org.codehaus.jettison.json.JSONObject;
+import org.openbravo.base.exception.OBException;
+import org.openbravo.base.model.Entity;
+import org.openbravo.base.model.ModelProvider;
+import org.openbravo.base.structure.OrganizationEnabled;
+import org.openbravo.client.application.Note;
+import org.openbravo.dal.core.OBContext;
+import org.openbravo.dal.security.SecurityChecker;
+import org.openbravo.dal.service.OBDal;
+import org.openbravo.model.ad.datamodel.Table;
+import org.openbravo.service.json.JsonUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * A data source for the notes which manages the security. Checks if a user has access to the record
+ * of the note.
+ * 
+ * @author NaroaIriarte
+ * 
+ */
+public class NoteDataSource extends DefaultDataSourceService {
+  private static final Logger log = LoggerFactory.getLogger(NoteDataSource.class);
+
+  @Override
+  public String fetch(Map<String, String> parameters) {
+    String noteFetch = "";
+    try {
+      JSONObject jsonCriteria = JsonUtils.buildCriteria(parameters);
+      JSONArray notesCriteria;
+      String tableId;
+      String recordId;
+      notesCriteria = jsonCriteria.getJSONArray("criteria");
+      tableId = notesCriteria.getJSONObject(0).getString("value");
+      recordId = notesCriteria.getJSONObject(1).getString("value");
+      readableAccesForUser(tableId, recordId);
+      noteFetch = super.fetch(parameters, false);
+    } catch (JSONException ex) {
+      log.error("Exception while trying to perform a fetch", ex);
+      throw new OBException(ex);
+    }
+    return noteFetch;
+  }
+
+  @Override
+  public String add(Map<String, String> parameters, String content) {
+    String noteAdd = "";
+    try {
+      JSONObject noteData;
+      String tableId;
+      String recordId;
+
+      final JSONObject jsonObject = new JSONObject(content);
+      noteData = jsonObject.getJSONObject("data");
+      tableId = noteData.getString("table");
+      recordId = noteData.getString("record");
+      readableAccesForUser(tableId, recordId);
+      noteAdd = super.add(parameters, content, false);
+    } catch (JSONException ex) {
+      log.error("Exception while trying to add a new note", ex);
+      throw new OBException(ex);
+    }
+    return noteAdd;
+  }
+
+  @Override
+  public String remove(Map<String, String> parameters) {
+    String noteRemove = "";
+    OBContext.setAdminMode(false);
+    try {
+      String noteId = parameters.get("id");
+      Note note = (Note) OBDal.getInstance().get(Note.class, noteId);
+      Table table = note.getTable();
+      String tableId = table.getId();
+      String recordId = note.getRecord();
+      readableAccesForUser(tableId, recordId);
+      noteRemove = super.remove(parameters, false);
+    } catch (Exception ex) {
+      log.error("Exception while trying to remove a note", ex);
+      throw new OBException(ex);
+    } finally {
+      OBContext.restorePreviousMode();
+    }
+    return noteRemove;
+  }
+
+  /**
+   * Checks if the user has readable access to the record where the note is
+   */
+  private void readableAccesForUser(String tableId, String recordId) {
+    Entity entity = ModelProvider.getInstance().getEntityByTableId(tableId);
+    if (entity != null) {
+      Object object = OBDal.getInstance().get(entity.getMappingClass(), recordId);
+      if (object instanceof OrganizationEnabled) {
+        SecurityChecker.getInstance().checkReadableAccess((OrganizationEnabled) object);
+      }
+    }
+  }
+}
\ No newline at end of file
--- a/modules/org.openbravo.service.json/src/org/openbravo/service/json/DefaultJsonDataService.java	Tue Apr 21 14:18:22 2015 +0200
+++ b/modules/org.openbravo.service.json/src/org/openbravo/service/json/DefaultJsonDataService.java	Wed Apr 22 16:57:29 2015 +0200
@@ -83,6 +83,10 @@
    * @see org.openbravo.service.json.JsonDataService#fetch(java.util.Map)
    */
   public String fetch(Map<String, String> parameters) {
+    return fetch(parameters, true);
+  }
+
+  public String fetch(Map<String, String> parameters, boolean filterOnReadableOrganizations) {
     try {
       final String entityName = parameters.get(JsonConstants.ENTITYNAME);
       Check.isNotNull(entityName, "The name of the service/entityname should not be null");
@@ -165,7 +169,8 @@
           jsonResponse.put(JsonConstants.RESPONSE_TOTALROWS, count);
           return jsonResponse.toString();
         }
-        queryService = createSetQueryService(parameters, false);
+        queryService = createSetQueryService(parameters, false, false,
+            filterOnReadableOrganizations);
 
         if (parameters.containsKey(JsonConstants.SUMMARY_PARAMETER)) {
           final JSONObject singleResult = new JSONObject();
@@ -300,11 +305,11 @@
 
   protected DataEntityQueryService createSetQueryService(Map<String, String> parameters,
       boolean forCountOperation) {
-    return createSetQueryService(parameters, forCountOperation, false);
+    return createSetQueryService(parameters, forCountOperation, false, true);
   }
 
   private DataEntityQueryService createSetQueryService(Map<String, String> parameters,
-      boolean forCountOperation, boolean forSubEntity) {
+      boolean forCountOperation, boolean forSubEntity, boolean filterOnReadableOrganizations) {
     boolean hasSubentity = false;
     String entityName = parameters.get(JsonConstants.ENTITYNAME);
     final DataEntityQueryService queryService = OBProvider.getInstance().get(
@@ -375,11 +380,13 @@
       queryService.setFilterOnActive(false);
 
       // create now subentity
-      queryService.setSubEntity(entityName,
-          createSetQueryService(paramSubCriteria, forCountOperation, true), distinctProperty,
-          distinctPropertyPath);
+      queryService.setSubEntity(
+          entityName,
+          createSetQueryService(paramSubCriteria, forCountOperation, true,
+              filterOnReadableOrganizations), distinctProperty, distinctPropertyPath);
     } else {
       queryService.setEntityName(entityName);
+      queryService.setFilterOnReadableOrganizations(filterOnReadableOrganizations);
       if (parameters.containsKey(JsonConstants.USE_ALIAS)) {
         queryService.setUseAlias();
       }