details: https://code.openbravo.com/erp/devel/pi/rev/0c8047a2daa3
changeset: 32692:0c8047a2daa3
user: Augusto Mauch <augusto.mauch <at> openbravo.com>
date: Fri Sep 15 12:27:06 2017 +0200
summary: Fixes issue 36725: Check role write access to organization of parent
record
If the current role does not have writable access to the record selected in a
tab, the user should not be allowed to create records in its subtabs.
Now this is taken into account in order to enable/disable the toolbar buttons
that create new records, and also in the logic that creates a link to create
new records in a tab if the gr
id is currently empty.
Now it will not be possible to enter records in a subtab if:
- The subtab has an editable organization field
- The user's role does not have writable access to the organization of the
record selected in the parent tab.
Now the list of the current role of the user writable organizations is
available in OB.User.writableOrganizations.
diffstat:
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
| 2 +-
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/main/ob-standard-view.js
| 18 ++++++++++
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/toolbar/ob-toolbar.js
| 8 +--
modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/ApplicationDynamicComponent.java
| 4 ++
modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/templates/application-dynamic-js.ftl
| 8 +++-
5 files changed, 32 insertions(+), 8 deletions(-)
diffs (112 lines):
diff -r 91336238169f -r 0c8047a2daa3
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
---
a/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
Fri Sep 15 10:19:40 2017 +0200
+++
b/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
Fri Sep 15 12:27:06 2017 +0200
@@ -1698,7 +1698,7 @@
var noSetSession, changeEvent, forceUpdate;
// do this now, to replace the loading message
// TODO: add dynamic part of readonly (via setWindowSettings: see issue
17441)
- if (this.uiPattern === 'SR' || this.uiPattern === 'RO' || this.uiPattern
=== 'ED') {
+ if (this.uiPattern === 'SR' || this.uiPattern === 'RO' || this.uiPattern
=== 'ED' || !this.view.roleCanCreateRecords()) {
this.noDataEmptyMessage = '<span class="' + this.emptyMessageStyle +
'">' + OB.I18N.getLabel('OBUIAPP_NoDataInGrid') + '</span>';
} else {
this.noDataEmptyMessage = '<span class="' + this.emptyMessageStyle +
'">' + OB.I18N.getLabel('OBUIAPP_GridNoRecords') + '</span>' + '<span
onclick="this.onclick = new Function(); setTimeout(function() { window[\'' +
this.ID + '\'].view.newRow(); }, 50); return false;" class="' +
this.emptyMessageLinkStyle + '">' + OB.I18N.getLabel('OBUIAPP_GridCreateOne') +
'</span>';
diff -r 91336238169f -r 0c8047a2daa3
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/main/ob-standard-view.js
---
a/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/main/ob-standard-view.js
Fri Sep 15 10:19:40 2017 +0200
+++
b/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/main/ob-standard-view.js
Fri Sep 15 12:27:06 2017 +0200
@@ -3146,5 +3146,23 @@
});
return result;
+ },
+
+ roleCanCreateRecords: function () {
+ return this.organizationFieldIsEditable() ||
this.roleHasWriteAccessToParentRecordOrg();
+ },
+
+ organizationFieldIsEditable: function () {
+ var organizationField = this.fields.find('name', 'organization');
+ return organizationField !== null && !organizationField.disabled;
+ },
+
+ roleHasWriteAccessToParentRecordOrg: function () {
+ var parentRecordOrganization;
+ if (this.parentView === null ||
this.parentView.viewGrid.getSelectedRecord() === null) {
+ return true;
+ }
+ parentRecordOrganization =
this.parentView.viewGrid.getSelectedRecord().organization;
+ return OB.User.writableOrganizations.contains(parentRecordOrganization);
}
});
\ No newline at end of file
diff -r 91336238169f -r 0c8047a2daa3
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/toolbar/ob-toolbar.js
---
a/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/toolbar/ob-toolbar.js
Fri Sep 15 10:19:40 2017 +0200
+++
b/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/toolbar/ob-toolbar.js
Fri Sep 15 12:27:06 2017 +0200
@@ -123,7 +123,7 @@
updateState: function () {
var view = this.view,
selectedRecords = view.viewGrid.getSelectedRecords();
- this.setDisabled(view.viewGrid.isGrouped || view.isShowingForm ||
view.readOnly || view.editOrDeleteOnly || view.singleRecord ||
!view.hasValidState() || (selectedRecords && selectedRecords.length > 1) ||
view.isShowingTree);
+ this.setDisabled(view.viewGrid.isGrouped || view.isShowingForm ||
view.readOnly || view.editOrDeleteOnly || view.singleRecord ||
!view.hasValidState() || (selectedRecords && selectedRecords.length > 1) ||
view.isShowingTree || !view.roleCanCreateRecords());
},
keyboardShortcutId: 'ToolBar_NewRow'
},
@@ -140,9 +140,9 @@
var view = this.view,
form = view.viewForm;
if (view.isShowingForm) {
- this.setDisabled(form.isSaving || view.readOnly || view.singleRecord
|| !view.hasValidState() || view.editOrDeleteOnly);
+ this.setDisabled(form.isSaving || view.readOnly || view.singleRecord
|| !view.hasValidState() || view.editOrDeleteOnly ||
!view.roleCanCreateRecords());
} else {
- this.setDisabled(view.readOnly || view.singleRecord ||
!view.hasValidState() || view.editOrDeleteOnly);
+ this.setDisabled(view.readOnly || view.singleRecord ||
!view.hasValidState() || view.editOrDeleteOnly || !view.roleCanCreateRecords());
}
},
keyboardShortcutId: 'ToolBar_NewDoc'
@@ -1557,8 +1557,6 @@
}
},
-
-
addMembers: 'null',
leftMembers: [],
diff -r 91336238169f -r 0c8047a2daa3
modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/ApplicationDynamicComponent.java
---
a/modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/ApplicationDynamicComponent.java
Fri Sep 15 10:19:40 2017 +0200
+++
b/modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/ApplicationDynamicComponent.java
Fri Sep 15 12:27:06 2017 +0200
@@ -142,6 +142,10 @@
return Boolean.toString(getActivationKey().isGolden());
}
+ public Set<String> getWritableOrganizations() {
+ return OBContext.getOBContext().getWritableOrganizations();
+ }
+
public String getActiveInstanceStringValue() {
if (SessionFactoryController.isRunningInWebContainer()) {
return Boolean.toString(ActivationKey.isActiveInstance());
diff -r 91336238169f -r 0c8047a2daa3
modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/templates/application-dynamic-js.ftl
---
a/modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/templates/application-dynamic-js.ftl
Fri Sep 15 10:19:40 2017 +0200
+++
b/modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/templates/application-dynamic-js.ftl
Fri Sep 15 12:27:06 2017 +0200
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2009-2013 Openbravo SLU
+ * All portions are Copyright (C) 2009-2017 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -47,7 +47,11 @@
clientId: '${data.client.id}',
clientName: '${data.client.name?js_string}',
organizationId: '${data.organization.id}',
- organizationName: '${data.organization.name?js_string}'
+ organizationName: '${data.organization.name?js_string}',
+ writableOrganizations: [
+ <#list data.writableOrganizations as property>
+ '${property?js_string}'<#if property_has_next>,</#if>
+ </#list>]
};
OB.AccessibleEntities = {
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openbravo-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
