[OpenbravoERP-commits] devel/pi: fixes bug 36151: org selector in process definition do...

Mon, 18 Sep 2017 03:31:20 -0700 

details:   https://code.openbravo.com/erp/devel/pi/rev/acafcefbd0ae
changeset: 32710:acafcefbd0ae
user:      Carlos Aristu <carlos.aristu <at> openbravo.com>
date:      Mon Sep 18 12:28:51 2017 +0200
summary:   fixes bug 36151: org selector in process definition don't filter by 
role access

  - When filtering by organization, if the organization (ORG_PARAMETER) if not 
specified, then filter the results taking into account just the readable 
organizations of the role
  - When the organization is specified, then add in the filter all the 
organizations in the natural tree of the specified organization but restrict to 
those which can be directly (not derived) accessed by the role. In the case of 
organization selectors, do not apply this criteria but return the readable 
organizations of the role

diffstat:

 
modules/org.openbravo.service.json/src/org/openbravo/service/json/AdvancedQueryBuilder.java
 |  34 ++++++---
 1 files changed, 23 insertions(+), 11 deletions(-)

diffs (64 lines):

diff -r cebdb602a9f1 -r acafcefbd0ae 
modules/org.openbravo.service.json/src/org/openbravo/service/json/AdvancedQueryBuilder.java
--- 
a/modules/org.openbravo.service.json/src/org/openbravo/service/json/AdvancedQueryBuilder.java
       Mon Sep 18 11:40:40 2017 +0200
+++ 
b/modules/org.openbravo.service.json/src/org/openbravo/service/json/AdvancedQueryBuilder.java
       Mon Sep 18 12:28:51 2017 +0200
@@ -22,6 +22,7 @@
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.HashMap;
@@ -333,23 +334,17 @@
 
     // add the organization parameter
     StringBuilder orgPart = new StringBuilder();
-    Set<String> orgs = new HashSet<String>();
     if (filterParameters.containsKey(JsonConstants.ORG_PARAMETER)) {
       final String value = filterParameters.get(JsonConstants.ORG_PARAMETER);
       if (entity.isOrganizationEnabled() && value != null && value.length() > 
0) {
-        orgs = 
OBContext.getOBContext().getOrganizationStructureProvider().getNaturalTree(value);
-        orgPart = buildOrgPartWhereClause(orgs);
+        orgPart = 
buildOrgPartWhereClause(getDirectReadableOrgsInNaturalTree(value));
+      } else if (Organization.TABLE_NAME.equals(entity.getTableName())) {
+        orgPart = buildOrgPartWhereClause(getReadableOrgs());
       }
-      localWhereClause = buildLocalWhereClause(localWhereClause, orgPart);
     } else if (filterParameters.containsKey(JsonConstants.CALCULATE_ORGS)) {
-      // add natural tree of writable organizations
-      final Set<String> orgsWritables = 
OBContext.getOBContext().getWritableOrganizations();
-      for (final String o : orgsWritables) {
-        
orgs.addAll(OBContext.getOBContext().getOrganizationStructureProvider().getNaturalTree(o));
-      }
-      orgPart = buildOrgPartWhereClause(orgs);
-      localWhereClause = buildLocalWhereClause(localWhereClause, orgPart);
+      orgPart = buildOrgPartWhereClause(getReadableOrgs());
     }
+    localWhereClause = buildLocalWhereClause(localWhereClause, orgPart);
 
     // add the special whereParameter
     final String whereParameter = 
filterParameters.get(JsonConstants.WHERE_AND_FILTER_CLAUSE);
@@ -363,6 +358,23 @@
     return localWhereClause;
   }
 
+  private Set<String> getDirectReadableOrgsInNaturalTree(String adOrgId) {
+    Set<String> orgs = 
OBContext.getOBContext().getOrganizationStructureProvider()
+        .getNaturalTree(adOrgId);
+    String userOrgs = 
RequestContext.get().getVariablesSecureApp().getSessionValue("#User_Org");
+    if (StringUtils.isEmpty(userOrgs)) {
+      return orgs;
+    }
+    userOrgs = userOrgs.replaceAll("'", "");
+    Set<String> userOrgsSet = new 
HashSet<>(Arrays.asList(userOrgs.split(",")));
+    orgs.retainAll(userOrgsSet);
+    return orgs;
+  }
+
+  private Set<String> getReadableOrgs() {
+    return new 
HashSet<>(Arrays.asList(OBContext.getOBContext().getReadableOrganizations()));
+  }
+
   private String buildLocalWhereClause(String localWhere, StringBuilder 
orgPart) {
     if (localWhere == null || localWhere.length() == 0) {
       return (orgPart.length() > 0 ? orgPart.toString() : "");

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openbravo-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openbravo-commits

Reply via email to