details: https://code.openbravo.com/erp/devel/pi/rev/19f445d28fd2
changeset: 16558:19f445d28fd2
user: Augusto Mauch <augusto.mauch <at> openbravo.com>
date: Wed May 16 17:50:36 2012 +0200
summary: Fixes issue 20530: AccessibleEntities does not contain inaccessible
entities
OB.AccessibleEntities is used to check if there should be a link in a title
field. If a user does not have access to the window that will be opened when
the link is clicked, that entity should not be contained in AccessibleEntities.
The initialization of AccessibleEntities has been modified, so if the window
related to an entity is not accessible by the current role, it won't be
contained in the list.
diffstat:
modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/ApplicationDynamicComponent.java
| 44 +++++++++-
1 files changed, 43 insertions(+), 1 deletions(-)
diffs (69 lines):
diff -r 98e1448a4505 -r 19f445d28fd2
modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/ApplicationDynamicComponent.java
---
a/modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/ApplicationDynamicComponent.java
Wed May 16 16:51:48 2012 +0200
+++
b/modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/ApplicationDynamicComponent.java
Wed May 16 17:50:36 2012 +0200
@@ -18,6 +18,8 @@
*/
package org.openbravo.client.kernel;
+import java.util.HashSet;
+import java.util.List;
import java.util.Set;
import org.openbravo.base.model.Entity;
@@ -25,7 +27,10 @@
import org.openbravo.dal.service.OBDal;
import org.openbravo.model.ad.access.Role;
import org.openbravo.model.ad.access.User;
+import org.openbravo.model.ad.access.WindowAccess;
+import org.openbravo.model.ad.datamodel.Table;
import org.openbravo.model.ad.system.Client;
+import org.openbravo.model.ad.ui.Window;
import org.openbravo.model.common.enterprise.Organization;
/**
@@ -39,7 +44,44 @@
final Set<Entity> entities =
OBContext.getOBContext().getEntityAccessChecker()
.getReadableEntities();
entities.addAll(OBContext.getOBContext().getEntityAccessChecker().getWritableEntities());
- return entities;
+ return removeInaccessibleEntities(entities);
+ }
+
+ // entities may contain entities not accessible by the current role, this
function removes them
+ // see issue 20530
+ private Set<Entity> removeInaccessibleEntities(Set<Entity> entities) {
+ Role role = OBContext.getOBContext().getRole();
+ Role initializedRole = OBDal.getInstance().get(Role.class, role.getId());
+ List<WindowAccess> windowAccessList =
initializedRole.getADWindowAccessList();
+ Set<Entity> accessibleEntities = new HashSet<Entity>();
+ for (Entity entity : entities) {
+ String tableId = entity.getTableId();
+ Table table = OBDal.getInstance().get(Table.class, tableId);
+ if ("800018".equals(table.getId()) || "203".equals(table.getId())) {
+ // Special cases, may not link to its window/poWindow
+ // See [email protected]
+ continue;
+ }
+ Window window = table.getWindow();
+ Window poWindow = table.getPOWindow();
+ if (windowAccessible(windowAccessList, window)
+ || windowAccessible(windowAccessList, poWindow)) {
+ accessibleEntities.add(entity);
+ }
+ }
+ return accessibleEntities;
+ }
+
+ private boolean windowAccessible(List<WindowAccess> windowAccessList, Window
window) {
+ if (window == null) {
+ return false;
+ }
+ for (WindowAccess wa : windowAccessList) {
+ if (wa.getWindow().getId().equals(window.getId())) {
+ return true;
+ }
+ }
+ return false;
}
@Override
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Openbravo-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
