details: /erp/devel/pi/rev/0edb9a09c255 changeset: 6722:0edb9a09c255 user: Martin Taal <martin.taal <at> openbravo.com> date: Tue Mar 16 07:13:11 2010 +0100 summary: fixes issue 12660: OBContext enableAsAdminContext - resetAsAdminContext should use an stack
diffstat: src-test/org/openbravo/test/dal/IssuesTest.java | 40 +++++++++++++++++++++++++ src/org/openbravo/dal/core/OBContext.java | 36 +++++++++++++++++++++- 2 files changed, 74 insertions(+), 2 deletions(-) diffs (151 lines): diff -r 1232be2520b1 -r 0edb9a09c255 src-test/org/openbravo/test/dal/IssuesTest.java --- a/src-test/org/openbravo/test/dal/IssuesTest.java Mon Mar 15 20:36:52 2010 +0100 +++ b/src-test/org/openbravo/test/dal/IssuesTest.java Tue Mar 16 07:13:11 2010 +0100 @@ -23,6 +23,7 @@ import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; +import java.util.ArrayList; import java.util.List; import org.apache.log4j.Logger; @@ -44,6 +45,8 @@ import org.openbravo.model.common.businesspartner.Location; import org.openbravo.model.common.enterprise.Organization; import org.openbravo.model.common.invoice.InvoiceLine; +import org.openbravo.model.common.order.Order; +import org.openbravo.service.db.CallStoredProcedure; import org.openbravo.test.base.BaseTest; /** @@ -66,6 +69,9 @@ * - https://issues.openbravo.com/view.php?id=12106: record identifier returned from dal uses ' ' as * separator of columns, but normal pl-version uses ' - ' * + * - https://issues.openbravo.com/view.php?id=12594: Make setting of administrator mode less + * vulnerable for wrong usage + * * @author mtaal * @author iperdomo */ @@ -78,6 +84,17 @@ */ public void test12106() { setSystemAdministratorContext(); + final List<Object> params = new ArrayList<Object>(); + final String orderId = "1000001"; + params.add("C_ORDER"); + params.add(orderId); + params.add("en_US"); + final String sqlIdentifier = (String) CallStoredProcedure.getInstance().call( + "AD_COLUMN_IDENTIFIER", params, null); + final Order order = OBDal.getInstance().get(Order.class, orderId); + final String dalIdentifier = IdentifierProvider.getInstance().getIdentifier(order); + assertEquals(sqlIdentifier, dalIdentifier); + final List<Module> modules = OBDal.getInstance().createCriteria(Module.class).list(); for (Module module : modules) { assertTrue(module.getIdentifier().contains(IdentifierProvider.SEPARATOR)); @@ -224,4 +241,27 @@ Location bpLoc = OBProvider.getInstance().get(Location.class); assertTrue(bpLoc.isActive()); } + + /** + * Tests https://issues.openbravo.com/view.php?id=12594 + */ + public void test12594() { + OBContext.enableAsAdminContext(); + OBContext.enableAsAdminContext(); + OBContext.enableAsAdminContext(); + assertTrue(OBContext.getOBContext().isInAdministratorMode()); + OBContext.resetAsAdminContext(); + assertTrue(OBContext.getOBContext().isInAdministratorMode()); + OBContext.resetAsAdminContext(); + assertTrue(OBContext.getOBContext().isInAdministratorMode()); + OBContext.resetAsAdminContext(); + assertFalse(OBContext.getOBContext().isInAdministratorMode()); + + OBContext.enableAsAdminContext(); + assertTrue(OBContext.getOBContext().isInAdministratorMode()); + OBContext.resetAsAdminContext(); + assertFalse(OBContext.getOBContext().isInAdministratorMode()); + OBContext.resetAsAdminContext(); + assertFalse(OBContext.getOBContext().isInAdministratorMode()); + } } \ No newline at end of file diff -r 1232be2520b1 -r 0edb9a09c255 src/org/openbravo/dal/core/OBContext.java --- a/src/org/openbravo/dal/core/OBContext.java Mon Mar 15 20:36:52 2010 +0100 +++ b/src/org/openbravo/dal/core/OBContext.java Tue Mar 16 07:13:11 2010 +0100 @@ -27,6 +27,7 @@ import java.util.List; import java.util.Map; import java.util.Set; +import java.util.Stack; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; @@ -114,7 +115,8 @@ } else if (OBContext.getOBContext() == adminContext) { return; } else { - OBContext.getOBContext().setInAdministratorMode(true); + OBContext.getOBContext().pushCurrentAdminModeOnStack(); + OBContext.getOBContext().setAdministratorMode(true); } } @@ -132,7 +134,7 @@ if (OBContext.getOBContext() == adminContext) { OBContext.setOBContext((OBContext) null); } else { - OBContext.getOBContext().setInAdministratorMode(false); + OBContext.getOBContext().setAdminModeBackToPrevious(); } } @@ -286,6 +288,23 @@ private String serializedUserId; private boolean serialized = false; + private Stack<Boolean> administratorModeStack = new Stack<Boolean>(); + + private void setAdminModeBackToPrevious() { + if (administratorModeStack.isEmpty()) { + // warning not printed for now as this situation correctly occurs in certain login + // situations + // log.warn("Unbalanced admin mode calls", new IllegalStateException( + // "Unbalanced admin mode calls")); + } else { + setAdministratorMode(administratorModeStack.pop()); + } + } + + private void pushCurrentAdminModeOnStack() { + administratorModeStack.push(isInAdministratorMode()); + } + public String getUserLevel() { return userLevel; } @@ -743,6 +762,19 @@ return this == adminContext; } + private boolean setAdministratorMode(boolean inAdministratorMode) { + final boolean prevMode = isInAdministratorMode(); + if (inAdministratorMode) { + adminModeSet.set(this); + } else { + adminModeSet.set(null); + } + return prevMode; + } + + /** + * @deprecated use OBContext.enableAsAdminContext and OBContext.resetAsAdminContext + */ public boolean setInAdministratorMode(boolean inAdministratorMode) { final boolean prevMode = isInAdministratorMode(); if (inAdministratorMode) { ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Openbravo-commits mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openbravo-commits
