details: https://code.openbravo.com/erp/devel/pi/rev/e8c0df5664de
changeset: 29363:e8c0df5664de
user: Inigo Sanchez <inigo.sanchez <at> openbravo.com>
date: Thu Apr 28 13:52:52 2016 +0200
summary: Related with issue 32795: G/L Item does not works properly.
The problem was how entities were getting from selectors. It has been refactor
checkFetchDatasourceAccess() to solved this problem. Now
checkFetchDatasourceAccess
obtain entities from selectors in two ways:
* By using getEntity() method.
* By using table of the selector.
Besides it has been added a test case in DataSourceSecurity to take into
account this case.
diffstat:
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
| 40 +++------
src-test/src/org/openbravo/test/datasource/DataSourceSecurity.java
| 18 +++-
2 files changed, 28 insertions(+), 30 deletions(-)
diffs (100 lines):
diff -r e945590dce38 -r e8c0df5664de
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
---
a/modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Wed Apr 27 19:45:36 2016 +0200
+++
b/modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Thu Apr 28 13:52:52 2016 +0200
@@ -29,7 +29,6 @@
import org.openbravo.base.exception.OBSecurityException;
import org.openbravo.base.model.Entity;
import org.openbravo.base.model.ModelProvider;
-import org.openbravo.base.model.Property;
import org.openbravo.client.application.CachedPreference;
import
org.openbravo.client.application.window.ApplicationDictionaryCachedStructures;
import org.openbravo.client.kernel.Template;
@@ -39,6 +38,7 @@
import org.openbravo.model.ad.ui.Tab;
import org.openbravo.model.common.order.Order;
import org.openbravo.service.json.JsonConstants;
+import org.openbravo.userinterface.selector.Selector;
import org.openbravo.userinterface.selector.SelectorConstants;
/**
@@ -154,31 +154,21 @@
String selectorId =
parameters.get(SelectorConstants.DS_REQUEST_SELECTOR_ID_PARAMETER);
if (StringUtils.isNotBlank(selectorId)) {
// selectors
- String processId =
parameters.get(SelectorConstants.DS_REQUEST_PROCESS_DEFINITION_ID);
- if (StringUtils.isNotBlank(processId)) {
- // selectors defined in a process definition
- if (entityToCheck != null) {
- try {
-
obContext.getEntityAccessChecker().checkDerivedAccess(entityToCheck);
- } catch (OBSecurityException e) {
- handleExceptionUnsecuredDSAccess(e);
- }
+ if (entityToCheck == null) {
+ OBContext.setAdminMode(true);
+ try {
+ Selector sel = OBDal.getInstance().get(Selector.class, selectorId);
+ entityToCheck = ModelProvider.getInstance().getEntityByTableId(
+ (String) DalUtil.getId(sel.getTable()));
+ } finally {
+ OBContext.restorePreviousMode();
}
- } else {
- // rest of the selectors
- String tableId = parameters.get("inpTableId");
- String targetPropertyName =
parameters.get(SelectorConstants.PARAM_TARGET_PROPERTY_NAME);
- if (StringUtils.isNotBlank(targetPropertyName)) {
- try {
- Entity parentEntity =
ModelProvider.getInstance().getEntityByTableId(tableId);
- Property p = parentEntity.getProperty(targetPropertyName);
- Entity entitySelector = p.getReferencedProperty().getEntity();
- if (entitySelector != null) {
-
obContext.getEntityAccessChecker().checkDerivedAccess(entitySelector);
- }
- } catch (OBSecurityException e) {
- handleExceptionUnsecuredDSAccess(e);
- }
+ }
+ if (entityToCheck != null) {
+ try {
+ obContext.getEntityAccessChecker().checkDerivedAccess(entityToCheck);
+ } catch (OBSecurityException e) {
+ handleExceptionUnsecuredDSAccess(e);
}
}
} else if (entityToCheck != null) {
diff -r e945590dce38 -r e8c0df5664de
src-test/src/org/openbravo/test/datasource/DataSourceSecurity.java
--- a/src-test/src/org/openbravo/test/datasource/DataSourceSecurity.java
Wed Apr 27 19:45:36 2016 +0200
+++ b/src-test/src/org/openbravo/test/datasource/DataSourceSecurity.java
Thu Apr 28 13:52:52 2016 +0200
@@ -170,6 +170,14 @@
put("targetProperty", "businessPartner");
}
}), //
+ SelectorGLItemDatasource("FinancialMgmtGLItem", new HashMap<String,
String>() {
+ {
+ // Payment In > Add Details process > GLItem section > Selector GLItem
+ put("_selectorDefinitionId", "9FAD469CE4414A25974CF45C0AD22D35");
+ put("inpTableId", "D1A97202E832470285C9B1EB026D54E2");
+ put("targetProperty", "gLItem");
+ }
+ }), //
QuickLaunch("99B9CC42FDEA4CA7A4EE35BC49D61E0E"), //
QuickCreate("C17951F970E942FD9F3771B7BE91D049"), //
HQLDataSource("3C1148C0AB604DE1B51B7EA4112C325F", new HashMap<String,
String>() {
@@ -280,11 +288,11 @@
// Note ds is accessible if current role has access to entity of the
notes. This note is
// invocated from a record in Windows, Tabs and Fields.
- testCases.add(new Object[] {
- type,
- DataSource.Note,
- type == RoleType.NO_ACCESS_ROLE ?
JsonConstants.RPCREQUEST_STATUS_VALIDATION_ERROR
- : JsonConstants.RPCREQUEST_STATUS_SUCCESS });
+ testCases.add(new Object[] { type, DataSource.Note,
accessForAdminAndSystemOnly });
+
+ // Selector into a datasource into a P&E Window.
+ testCases.add(new Object[] { type, DataSource.SelectorGLItemDatasource,
+ accessForAdminAndSystemOnly });
}
// testing a problem detected in how properties are initialized.
testCases.add(new Object[] { RoleType.ADMIN_ROLE,
DataSource.ProductByPriceAndWarehouse,
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
