details: https://code.openbravo.com/erp/devel/pi/rev/a6b455bb80fc
changeset: 19085:a6b455bb80fc
user: Antonio Moreno <antonio.moreno <at> openbravo.com>
date: Thu Dec 20 13:27:34 2012 +0100
summary: Fixed issue 22644. Now a role can be restricted from accessing the
backend.
- A new check has been added to the role window. If this check is set, then the
role cannot be used to log in the backend, but can be used to log in other
applications (such as the WebPOS), if this restriction is overwritten in the
corresponding login handler.
diffstat:
modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoWidgetActionHandler.java
| 2 +-
src-db/database/model/tables/AD_ROLE.xml
| 5 +
src-db/database/sourcedata/AD_COLUMN.xml
| 35 ++++++++++
src-db/database/sourcedata/AD_ELEMENT.xml
| 14 ++++
src-db/database/sourcedata/AD_FIELD.xml
| 29 ++++++++
src-db/database/sourcedata/AD_MESSAGE.xml
| 22 ++++++
src-db/database/sourcedata/AD_REF_LIST.xml
| 12 +++
src/org/openbravo/base/secureApp/DefaultOptions_data.xsql
| 4 +-
src/org/openbravo/base/secureApp/LoginHandler.java
| 19 +++++-
9 files changed, 138 insertions(+), 4 deletions(-)
diffs (266 lines):
diff -r adca7213b9d7 -r a6b455bb80fc
modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoWidgetActionHandler.java
---
a/modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoWidgetActionHandler.java
Wed Dec 19 11:10:33 2012 +0100
+++
b/modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoWidgetActionHandler.java
Thu Dec 20 13:27:34 2012 +0100
@@ -308,7 +308,7 @@
// " AND A_U_R.AD_USER_ID = ?" +
// " ORDER BY A_R.NAME";
final OBQuery<UserRoles> rolesQuery =
OBDal.getInstance().createQuery(UserRoles.class,
- " userContact.id=? and role.active=true");
+ " userContact.id=? and role.active=true and
role.isrestrictbackend=false");
rolesQuery.setFilterOnReadableClients(false);
rolesQuery.setFilterOnReadableOrganization(false);
rolesQuery.setParameters(Collections.singletonList((Object)
OBContext.getOBContext().getUser()
diff -r adca7213b9d7 -r a6b455bb80fc src-db/database/model/tables/AD_ROLE.xml
--- a/src-db/database/model/tables/AD_ROLE.xml Wed Dec 19 11:10:33 2012 +0100
+++ b/src-db/database/model/tables/AD_ROLE.xml Thu Dec 20 13:27:34 2012 +0100
@@ -81,6 +81,10 @@
<default><![CDATA[Y]]></default>
<onCreateDefault><![CDATA['Y']]></onCreateDefault>
</column>
+ <column name="ISRESTRICTBACKEND" primaryKey="false" required="true"
type="CHAR" size="1" autoIncrement="false">
+ <default><![CDATA[N]]></default>
+ <onCreateDefault/>
+ </column>
<foreign-key foreignTable="AD_TREE" name="AD_ROLE_AD_TREE_MENU">
<reference local="AD_TREE_MENU_ID" foreign="AD_TREE_ID"/>
</foreign-key>
@@ -100,5 +104,6 @@
<check name="AD_ROLE_ADV_CHECK"><![CDATA[ISADVANCED IN ('Y',
'N')]]></check>
<check name="AD_ROLE_ISACTIVE_CHECK"><![CDATA[ISACTIVE IN ('Y',
'N')]]></check>
<check name="AD_ROLE_ISCLIENTADMIN_CHECK"><![CDATA[IS_CLIENT_ADMIN IN
('Y', 'N')]]></check>
+ <check name="AD_ROLE_RESTRICTBACKEND"><![CDATA[ISRESTRICTBACKEND IN
('Y', 'N')]]></check>
</table>
</database>
diff -r adca7213b9d7 -r a6b455bb80fc src-db/database/sourcedata/AD_COLUMN.xml
--- a/src-db/database/sourcedata/AD_COLUMN.xml Wed Dec 19 11:10:33 2012 +0100
+++ b/src-db/database/sourcedata/AD_COLUMN.xml Thu Dec 20 13:27:34 2012 +0100
@@ -304982,6 +304982,41 @@
<!--D44EC8E368A74AEA8AD7EFF13B1FBA6A-->
<ISUSEDSEQUENCE><![CDATA[N]]></ISUSEDSEQUENCE>
<!--D44EC8E368A74AEA8AD7EFF13B1FBA6A--></AD_COLUMN>
+<!--D45692C2890144AFBB6F139CDC38457A--><AD_COLUMN>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<AD_COLUMN_ID><![CDATA[D45692C2890144AFBB6F139CDC38457A]]></AD_COLUMN_ID>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--D45692C2890144AFBB6F139CDC38457A--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<NAME><![CDATA[Isrestrictbackend]]></NAME>
+<!--D45692C2890144AFBB6F139CDC38457A--> <DESCRIPTION><![CDATA[If checked,
this role will not have access to the backend (ERP). It will however have
access to other applications (such as the WebPOS)]]></DESCRIPTION>
+<!--D45692C2890144AFBB6F139CDC38457A--> <HELP><![CDATA[If checked, this role
will not have access to the backend (ERP). It will however have access to other
applications (such as the WebPOS)]]></HELP>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<COLUMNNAME><![CDATA[Isrestrictbackend]]></COLUMNNAME>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<AD_TABLE_ID><![CDATA[156]]></AD_TABLE_ID>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<AD_REFERENCE_ID><![CDATA[20]]></AD_REFERENCE_ID>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<FIELDLENGTH><![CDATA[1]]></FIELDLENGTH>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISKEY><![CDATA[N]]></ISKEY>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISPARENT><![CDATA[N]]></ISPARENT>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<ISMANDATORY><![CDATA[N]]></ISMANDATORY>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<ISUPDATEABLE><![CDATA[Y]]></ISUPDATEABLE>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<ISIDENTIFIER><![CDATA[N]]></ISIDENTIFIER>
+<!--D45692C2890144AFBB6F139CDC38457A--> <SEQNO><![CDATA[51]]></SEQNO>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<ISTRANSLATED><![CDATA[N]]></ISTRANSLATED>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<ISENCRYPTED><![CDATA[N]]></ISENCRYPTED>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<ISSELECTIONCOLUMN><![CDATA[N]]></ISSELECTIONCOLUMN>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<AD_ELEMENT_ID><![CDATA[9C8C7BB9DEB84E3A9B8E4A1C3F200F99]]></AD_ELEMENT_ID>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<ISSESSIONATTR><![CDATA[N]]></ISSESSIONATTR>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<ISSECONDARYKEY><![CDATA[N]]></ISSECONDARYKEY>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<ISDESENCRYPTABLE><![CDATA[N]]></ISDESENCRYPTABLE>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<DEVELOPMENTSTATUS><![CDATA[RE]]></DEVELOPMENTSTATUS>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
+<!--D45692C2890144AFBB6F139CDC38457A--> <POSITION><![CDATA[21]]></POSITION>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<ISTRANSIENT><![CDATA[N]]></ISTRANSIENT>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISAUTOSAVE><![CDATA[Y]]></ISAUTOSAVE>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<VALIDATEONNEW><![CDATA[Y]]></VALIDATEONNEW>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<IMAGESIZEVALUESACTION><![CDATA[N]]></IMAGESIZEVALUESACTION>
+<!--D45692C2890144AFBB6F139CDC38457A-->
<ISUSEDSEQUENCE><![CDATA[N]]></ISUSEDSEQUENCE>
+<!--D45692C2890144AFBB6F139CDC38457A--></AD_COLUMN>
+
<!--D463F52ACB6611DD87FACF0742499ECD--><AD_COLUMN>
<!--D463F52ACB6611DD87FACF0742499ECD-->
<AD_COLUMN_ID><![CDATA[D463F52ACB6611DD87FACF0742499ECD]]></AD_COLUMN_ID>
<!--D463F52ACB6611DD87FACF0742499ECD-->
<AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
diff -r adca7213b9d7 -r a6b455bb80fc src-db/database/sourcedata/AD_ELEMENT.xml
--- a/src-db/database/sourcedata/AD_ELEMENT.xml Wed Dec 19 11:10:33 2012 +0100
+++ b/src-db/database/sourcedata/AD_ELEMENT.xml Thu Dec 20 13:27:34 2012 +0100
@@ -28159,6 +28159,20 @@
<!--9C8C523F49F4BD9DE040007F0100646F--> <ISGLOSSARY><![CDATA[N]]></ISGLOSSARY>
<!--9C8C523F49F4BD9DE040007F0100646F--></AD_ELEMENT>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--><AD_ELEMENT>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99-->
<AD_ELEMENT_ID><![CDATA[9C8C7BB9DEB84E3A9B8E4A1C3F200F99]]></AD_ELEMENT_ID>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99-->
<AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99-->
<COLUMNNAME><![CDATA[Isrestrictbackend]]></COLUMNNAME>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <NAME><![CDATA[Restrict backend
access]]></NAME>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <PRINTNAME><![CDATA[Restrict backend
access]]></PRINTNAME>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <DESCRIPTION><![CDATA[If checked,
this role will not have access to the backend (ERP). It will however have
access to other applications (such as the WebPOS)]]></DESCRIPTION>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <HELP><![CDATA[If checked, this role
will not have access to the backend (ERP). It will however have access to other
applications (such as the WebPOS)]]></HELP>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99-->
<AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <ISGLOSSARY><![CDATA[N]]></ISGLOSSARY>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--></AD_ELEMENT>
+
<!--9D15D8B5B341423585BC661594C01822--><AD_ELEMENT>
<!--9D15D8B5B341423585BC661594C01822-->
<AD_ELEMENT_ID><![CDATA[9D15D8B5B341423585BC661594C01822]]></AD_ELEMENT_ID>
<!--9D15D8B5B341423585BC661594C01822-->
<AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
diff -r adca7213b9d7 -r a6b455bb80fc src-db/database/sourcedata/AD_FIELD.xml
--- a/src-db/database/sourcedata/AD_FIELD.xml Wed Dec 19 11:10:33 2012 +0100
+++ b/src-db/database/sourcedata/AD_FIELD.xml Thu Dec 20 13:27:34 2012 +0100
@@ -189725,6 +189725,35 @@
<!--4B09CBC5D0D54D36A585EA8F863D9CF1-->
<EM_OBUIAPP_SHOWSUMMARY><![CDATA[N]]></EM_OBUIAPP_SHOWSUMMARY>
<!--4B09CBC5D0D54D36A585EA8F863D9CF1--></AD_FIELD>
+<!--4B110273A12A48FD8E4952044C628050--><AD_FIELD>
+<!--4B110273A12A48FD8E4952044C628050-->
<AD_FIELD_ID><![CDATA[4B110273A12A48FD8E4952044C628050]]></AD_FIELD_ID>
+<!--4B110273A12A48FD8E4952044C628050-->
<AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--4B110273A12A48FD8E4952044C628050--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--4B110273A12A48FD8E4952044C628050--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--4B110273A12A48FD8E4952044C628050--> <NAME><![CDATA[Restrict backend
access]]></NAME>
+<!--4B110273A12A48FD8E4952044C628050--> <DESCRIPTION><![CDATA[If checked,
this role will not have access to the backend (ERP). It will however have
access to other applications (such as the WebPOS)]]></DESCRIPTION>
+<!--4B110273A12A48FD8E4952044C628050--> <HELP><![CDATA[If checked, this role
will not have access to the backend (ERP). It will however have access to other
applications (such as the WebPOS)]]></HELP>
+<!--4B110273A12A48FD8E4952044C628050-->
<ISCENTRALLYMAINTAINED><![CDATA[Y]]></ISCENTRALLYMAINTAINED>
+<!--4B110273A12A48FD8E4952044C628050--> <AD_TAB_ID><![CDATA[119]]></AD_TAB_ID>
+<!--4B110273A12A48FD8E4952044C628050-->
<AD_COLUMN_ID><![CDATA[D45692C2890144AFBB6F139CDC38457A]]></AD_COLUMN_ID>
+<!--4B110273A12A48FD8E4952044C628050-->
<IGNOREINWAD><![CDATA[N]]></IGNOREINWAD>
+<!--4B110273A12A48FD8E4952044C628050-->
<ISDISPLAYED><![CDATA[Y]]></ISDISPLAYED>
+<!--4B110273A12A48FD8E4952044C628050-->
<DISPLAYLENGTH><![CDATA[1]]></DISPLAYLENGTH>
+<!--4B110273A12A48FD8E4952044C628050--> <ISREADONLY><![CDATA[N]]></ISREADONLY>
+<!--4B110273A12A48FD8E4952044C628050--> <SEQNO><![CDATA[110]]></SEQNO>
+<!--4B110273A12A48FD8E4952044C628050--> <ISSAMELINE><![CDATA[N]]></ISSAMELINE>
+<!--4B110273A12A48FD8E4952044C628050-->
<ISFIELDONLY><![CDATA[N]]></ISFIELDONLY>
+<!--4B110273A12A48FD8E4952044C628050-->
<ISENCRYPTED><![CDATA[N]]></ISENCRYPTED>
+<!--4B110273A12A48FD8E4952044C628050-->
<SHOWINRELATION><![CDATA[Y]]></SHOWINRELATION>
+<!--4B110273A12A48FD8E4952044C628050-->
<ISFIRSTFOCUSEDFIELD><![CDATA[N]]></ISFIRSTFOCUSEDFIELD>
+<!--4B110273A12A48FD8E4952044C628050-->
<AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
+<!--4B110273A12A48FD8E4952044C628050--> <GRID_SEQNO><![CDATA[0]]></GRID_SEQNO>
+<!--4B110273A12A48FD8E4952044C628050-->
<STARTINODDCOLUMN><![CDATA[N]]></STARTINODDCOLUMN>
+<!--4B110273A12A48FD8E4952044C628050-->
<STARTNEWLINE><![CDATA[N]]></STARTNEWLINE>
+<!--4B110273A12A48FD8E4952044C628050-->
<ISSHOWNINSTATUSBAR><![CDATA[N]]></ISSHOWNINSTATUSBAR>
+<!--4B110273A12A48FD8E4952044C628050-->
<EM_OBUIAPP_SHOWSUMMARY><![CDATA[N]]></EM_OBUIAPP_SHOWSUMMARY>
+<!--4B110273A12A48FD8E4952044C628050--></AD_FIELD>
+
<!--4B536D8ED0CB480BA1A0D5526FCE202F--><AD_FIELD>
<!--4B536D8ED0CB480BA1A0D5526FCE202F-->
<AD_FIELD_ID><![CDATA[4B536D8ED0CB480BA1A0D5526FCE202F]]></AD_FIELD_ID>
<!--4B536D8ED0CB480BA1A0D5526FCE202F-->
<AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
diff -r adca7213b9d7 -r a6b455bb80fc src-db/database/sourcedata/AD_MESSAGE.xml
--- a/src-db/database/sourcedata/AD_MESSAGE.xml Wed Dec 19 11:10:33 2012 +0100
+++ b/src-db/database/sourcedata/AD_MESSAGE.xml Thu Dec 20 13:27:34 2012 +0100
@@ -16742,6 +16742,17 @@
<!--4B01F0CD52ED45D78AD503199D5AB1C6-->
<AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
<!--4B01F0CD52ED45D78AD503199D5AB1C6--></AD_MESSAGE>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--><AD_MESSAGE>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6-->
<AD_MESSAGE_ID><![CDATA[4C2EF2784FD449D3A09E71D41F7AD8E6]]></AD_MESSAGE_ID>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6-->
<AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6-->
<VALUE><![CDATA[NON_RESTRICTED_ROLE_TITLE]]></VALUE>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--> <MSGTEXT><![CDATA[All roles
restricted]]></MSGTEXT>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--> <MSGTYPE><![CDATA[I]]></MSGTYPE>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6-->
<AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--></AD_MESSAGE>
+
<!--4C38766399D14E4C96A65E71A5D85F06--><AD_MESSAGE>
<!--4C38766399D14E4C96A65E71A5D85F06-->
<AD_MESSAGE_ID><![CDATA[4C38766399D14E4C96A65E71A5D85F06]]></AD_MESSAGE_ID>
<!--4C38766399D14E4C96A65E71A5D85F06-->
<AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
@@ -22016,6 +22027,17 @@
<!--FE88E1D0FB204477983A77FE42C1297A-->
<AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
<!--FE88E1D0FB204477983A77FE42C1297A--></AD_MESSAGE>
+<!--FE92320A1F4D4569A3AF41C6F263E786--><AD_MESSAGE>
+<!--FE92320A1F4D4569A3AF41C6F263E786-->
<AD_MESSAGE_ID><![CDATA[FE92320A1F4D4569A3AF41C6F263E786]]></AD_MESSAGE_ID>
+<!--FE92320A1F4D4569A3AF41C6F263E786-->
<AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--FE92320A1F4D4569A3AF41C6F263E786--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--FE92320A1F4D4569A3AF41C6F263E786--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--FE92320A1F4D4569A3AF41C6F263E786-->
<VALUE><![CDATA[NON_RESTRICTED_ROLE]]></VALUE>
+<!--FE92320A1F4D4569A3AF41C6F263E786--> <MSGTEXT><![CDATA[All roles for this
user have their access to the backend restricted]]></MSGTEXT>
+<!--FE92320A1F4D4569A3AF41C6F263E786--> <MSGTYPE><![CDATA[I]]></MSGTYPE>
+<!--FE92320A1F4D4569A3AF41C6F263E786-->
<AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
+<!--FE92320A1F4D4569A3AF41C6F263E786--></AD_MESSAGE>
+
<!--FEC463B86D204D7982180B6C134F1E8A--><AD_MESSAGE>
<!--FEC463B86D204D7982180B6C134F1E8A-->
<AD_MESSAGE_ID><![CDATA[FEC463B86D204D7982180B6C134F1E8A]]></AD_MESSAGE_ID>
<!--FEC463B86D204D7982180B6C134F1E8A-->
<AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
diff -r adca7213b9d7 -r a6b455bb80fc src-db/database/sourcedata/AD_REF_LIST.xml
--- a/src-db/database/sourcedata/AD_REF_LIST.xml Wed Dec 19 11:10:33
2012 +0100
+++ b/src-db/database/sourcedata/AD_REF_LIST.xml Thu Dec 20 13:27:34
2012 +0100
@@ -8496,6 +8496,18 @@
<!--26BD84560ADA416E8D00B7A07BAB2B23-->
<AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
<!--26BD84560ADA416E8D00B7A07BAB2B23--></AD_REF_LIST>
+<!--2726618D177C401C8D764380FD6DA765--><AD_REF_LIST>
+<!--2726618D177C401C8D764380FD6DA765-->
<AD_REF_LIST_ID><![CDATA[2726618D177C401C8D764380FD6DA765]]></AD_REF_LIST_ID>
+<!--2726618D177C401C8D764380FD6DA765-->
<AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--2726618D177C401C8D764380FD6DA765--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--2726618D177C401C8D764380FD6DA765--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--2726618D177C401C8D764380FD6DA765--> <VALUE><![CDATA[RESTR]]></VALUE>
+<!--2726618D177C401C8D764380FD6DA765--> <NAME><![CDATA[All available roles
restricted]]></NAME>
+<!--2726618D177C401C8D764380FD6DA765--> <DESCRIPTION><![CDATA[User doesn't
have non-restricted roles]]></DESCRIPTION>
+<!--2726618D177C401C8D764380FD6DA765-->
<AD_REFERENCE_ID><![CDATA[86086D70DDBC42B09E2BEB51D25C159F]]></AD_REFERENCE_ID>
+<!--2726618D177C401C8D764380FD6DA765-->
<AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
+<!--2726618D177C401C8D764380FD6DA765--></AD_REF_LIST>
+
<!--28F1C8DD5F5746C5928626525EC81BB2--><AD_REF_LIST>
<!--28F1C8DD5F5746C5928626525EC81BB2-->
<AD_REF_LIST_ID><![CDATA[28F1C8DD5F5746C5928626525EC81BB2]]></AD_REF_LIST_ID>
<!--28F1C8DD5F5746C5928626525EC81BB2-->
<AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
diff -r adca7213b9d7 -r a6b455bb80fc
src/org/openbravo/base/secureApp/DefaultOptions_data.xsql
--- a/src/org/openbravo/base/secureApp/DefaultOptions_data.xsql Wed Dec 19
11:10:33 2012 +0100
+++ b/src/org/openbravo/base/secureApp/DefaultOptions_data.xsql Thu Dec 20
13:27:34 2012 +0100
@@ -37,7 +37,7 @@
INNER JOIN AD_ROLE role ON users.DEFAULT_AD_ROLE_ID =
role.AD_ROLE_ID
WHERE users.AD_USER_ID = ?
AND NOT users.DEFAULT_AD_ROLE_ID IS NULL
- AND role.ISACTIVE = 'Y'
+ AND role.ISACTIVE = 'Y' and role.isrestrictbackend='N'
]]></Sql>
<Parameter name="aduserid"/>
</SqlMethod>
@@ -127,7 +127,7 @@
INNER JOIN AD_ROLE role
ON userRoles.AD_ROLE_ID = role.AD_ROLE_ID
WHERE userRoles.AD_USER_ID = ?
- AND role.ISACTIVE = 'Y'
+ AND role.ISACTIVE = 'Y' and role.isrestrictbackend='N'
]]></Sql>
<Parameter name="aduserid"/>
</SqlMethod>
diff -r adca7213b9d7 -r a6b455bb80fc
src/org/openbravo/base/secureApp/LoginHandler.java
--- a/src/org/openbravo/base/secureApp/LoginHandler.java Wed Dec 19
11:10:33 2012 +0100
+++ b/src/org/openbravo/base/secureApp/LoginHandler.java Thu Dec 20
13:27:34 2012 +0100
@@ -33,6 +33,8 @@
import org.openbravo.erpCommon.utility.OBVersion;
import org.openbravo.erpCommon.utility.Utility;
import org.openbravo.model.ad.access.Session;
+import org.openbravo.model.ad.access.User;
+import org.openbravo.model.ad.access.UserRoles;
import org.openbravo.model.ad.module.Module;
import org.openbravo.model.ad.system.Client;
import org.openbravo.model.ad.system.SystemInformation;
@@ -63,7 +65,7 @@
final VariablesSecureApp vars = new VariablesSecureApp(req);
// Empty session
- vars.removeSessionValue("#Authenticated_user");
+ req.getSession().removeAttribute("#Authenticated_user");
vars.removeSessionValue("#AD_Role_ID");
vars.setSessionObject("#loggingIn", "Y");
@@ -228,6 +230,21 @@
break;
}
+ boolean hasNonRestrictedRole = false;
+ User user = OBDal.getInstance().get(User.class, strUserAuth);
+ for (UserRoles userrole : user.getADUserRolesList()) {
+ if (!userrole.getRole().isRestrictbackend()) {
+ hasNonRestrictedRole = true;
+ }
+ }
+ if (!hasNonRestrictedRole) {
+ String msg = Utility.messageBD(myPool, "NON_RESTRICTED_ROLE",
vars.getLanguage());
+ String title = Utility.messageBD(myPool, "NON_RESTRICTED_ROLE_TITLE",
vars.getLanguage());
+ updateDBSession(sessionId, false, "RESTR");
+ goToRetry(res, vars, msg, title, "Error", action, doRedirect);
+ return;
+ }
+
// Build checks
SystemInformation sysInfo =
OBDal.getInstance().get(SystemInformation.class, "0");
if (sysInfo.getSystemStatus() == null ||
sysInfo.getSystemStatus().equals("RB70")
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Openbravo-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
