details: /erp/devel/pi/rev/1f1c212343cc
changeset: 7429:1f1c212343cc
user: Martin Taal <martin.taal <at> openbravo.com>
date: Wed May 26 07:52:02 2010 +0200
summary: fixes issue 13350: The entity access checker is initialized in the
context of the user, gives access denied exception
diffstat:
src/org/openbravo/dal/security/EntityAccessChecker.java | 135 ++++++++-------
1 files changed, 70 insertions(+), 65 deletions(-)
diffs (157 lines):
diff -r a7646b38b75a -r 1f1c212343cc
src/org/openbravo/dal/security/EntityAccessChecker.java
--- a/src/org/openbravo/dal/security/EntityAccessChecker.java Tue May 25
21:08:27 2010 +0200
+++ b/src/org/openbravo/dal/security/EntityAccessChecker.java Wed May 26
07:52:02 2010 +0200
@@ -100,83 +100,88 @@
*/
public void initialize() {
- final ModelProvider mp = ModelProvider.getInstance();
- final String userLevel = obContext.getUserLevel();
+ OBContext.setAdminMode();
+ try {
+ final ModelProvider mp = ModelProvider.getInstance();
+ final String userLevel = obContext.getUserLevel();
- // Don't use dal because otherwise we can end up in infinite loops
- final String qryStr = "select wa from " + WindowAccess.class.getName() + "
wa where role.id='"
- + getRoleId() + "'";
- final Query qry = SessionHandler.getInstance().createQuery(qryStr);
- @SuppressWarnings("unchecked")
- final List<WindowAccess> was = qry.list();
- for (final WindowAccess wa : was) {
- final Window w = wa.getWindow();
- final boolean writeAccess = wa.isEditableField();
- // get the ttabs
- final String tfQryStr = "select t from " + Tab.class.getName() + " t
where window.id='"
- + w.getId() + "'";
+ // Don't use dal because otherwise we can end up in infinite loops
+ final String qryStr = "select wa from " + WindowAccess.class.getName()
+ + " wa where role.id='" + getRoleId() + "'";
+ final Query qry = SessionHandler.getInstance().createQuery(qryStr);
@SuppressWarnings("unchecked")
- final List<Tab> ts =
SessionHandler.getInstance().createQuery(tfQryStr).list();
- for (final Tab t : ts) {
- final String tableName = t.getTable().getDBTableName();
- final Entity e = mp.getEntityByTableName(tableName);
- if (e == null) { // happens for AD_Client_Info and views
- continue;
- }
+ final List<WindowAccess> was = qry.list();
+ for (final WindowAccess wa : was) {
+ final Window w = wa.getWindow();
+ final boolean writeAccess = wa.isEditableField();
+ // get the ttabs
+ final String tfQryStr = "select t from " + Tab.class.getName() + " t
where window.id='"
+ + w.getId() + "'";
+ @SuppressWarnings("unchecked")
+ final List<Tab> ts =
SessionHandler.getInstance().createQuery(tfQryStr).list();
+ for (final Tab t : ts) {
+ final String tableName = t.getTable().getDBTableName();
+ final Entity e = mp.getEntityByTableName(tableName);
+ if (e == null) { // happens for AD_Client_Info and views
+ continue;
+ }
- final String accessLevel = t.getTable().getDataAccessLevel();
- if (!hasCorrectAccessLevel(userLevel, accessLevel)) {
- continue;
- }
+ final String accessLevel = t.getTable().getDataAccessLevel();
+ if (!hasCorrectAccessLevel(userLevel, accessLevel)) {
+ continue;
+ }
- if (writeAccess) {
- writableEntities.add(e);
- readableEntities.add(e);
- } else {
- readableEntities.add(e);
+ if (writeAccess) {
+ writableEntities.add(e);
+ readableEntities.add(e);
+ } else {
+ readableEntities.add(e);
+ }
}
}
- }
- // and take into account table access
- final String tafQryStr = "select ta from " + TableAccess.class.getName()
- + " ta where role.id='" + getRoleId() + "'";
- @SuppressWarnings("unchecked")
- final List<TableAccess> tas =
SessionHandler.getInstance().createQuery(tafQryStr).list();
- for (final TableAccess ta : tas) {
- final String tableName = ta.getTable().getName();
- final Entity e = mp.getEntity(tableName);
+ // and take into account table access
+ final String tafQryStr = "select ta from " + TableAccess.class.getName()
+ + " ta where role.id='" + getRoleId() + "'";
+ @SuppressWarnings("unchecked")
+ final List<TableAccess> tas =
SessionHandler.getInstance().createQuery(tafQryStr).list();
+ for (final TableAccess ta : tas) {
+ final String tableName = ta.getTable().getName();
+ final Entity e = mp.getEntity(tableName);
- if (ta.isExclude()) {
- readableEntities.remove(e);
- writableEntities.remove(e);
- nonReadableEntities.add(e);
- } else if (ta.isReadOnly()) {
- writableEntities.remove(e);
- readableEntities.add(e);
- nonReadableEntities.remove(e);
- } else {
- if (!writableEntities.contains(e)) {
- writableEntities.add(e);
- }
- if (!readableEntities.contains(e)) {
+ if (ta.isExclude()) {
+ readableEntities.remove(e);
+ writableEntities.remove(e);
+ nonReadableEntities.add(e);
+ } else if (ta.isReadOnly()) {
+ writableEntities.remove(e);
readableEntities.add(e);
- }
- nonReadableEntities.remove(e);
- }
- }
-
- // and compute the derived readable
- for (final Entity e : readableEntities) {
- for (final Property p : e.getProperties()) {
- if (p.getTargetEntity() != null &&
!readableEntities.contains(p.getTargetEntity())) {
- derivedReadableEntities.add(p.getTargetEntity());
- addDerivedReadableIdentifierProperties(p.getTargetEntity());
+ nonReadableEntities.remove(e);
+ } else {
+ if (!writableEntities.contains(e)) {
+ writableEntities.add(e);
+ }
+ if (!readableEntities.contains(e)) {
+ readableEntities.add(e);
+ }
+ nonReadableEntities.remove(e);
}
}
+
+ // and compute the derived readable
+ for (final Entity e : readableEntities) {
+ for (final Property p : e.getProperties()) {
+ if (p.getTargetEntity() != null &&
!readableEntities.contains(p.getTargetEntity())) {
+ derivedReadableEntities.add(p.getTargetEntity());
+ addDerivedReadableIdentifierProperties(p.getTargetEntity());
+ }
+ }
+ }
+
+ isInitialized = true;
+ } finally {
+ OBContext.restorePreviousMode();
}
-
- isInitialized = true;
}
/**
------------------------------------------------------------------------------
_______________________________________________
Openbravo-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
