Permalink
Browse files

Reworked security level implementation and minor changes to record fi…

…ltering.
  • Loading branch information...
1 parent dc42d9f commit cfe14ca10a0f1e5fcb139bb698185578d5d516eb @ciyam committed Jun 11, 2012
View
@@ -3426,6 +3426,8 @@ void Meta_Model::impl::impl_Generate( )
string new_select_dfenum_id;
string new_select_extras;
+ bool has_security_level_field = false;
+
vector< string > restrict_field_ids;
vector< string > restrict_field_names;
vector< string > restrict_field_types;
@@ -3868,31 +3870,8 @@ void Meta_Model::impl::impl_Generate( )
column_extras.push_back( extras );
- if( get_obj( ).child_List( ).child_List_Field( ).Source_Field( ).Extra( ) == 17 ) // i.e. "permission"
- {
- // NOTE: If the field belongs to an aliased class then need to instead use
- // the Source Field in order to locate the filter.
- Meta_Field* p_sfield( &get_obj( ).child_List( ).child_List_Field( ).Source_Field( ) );
-
- if( !is_null( get_obj( ).child_List( ).child_List_Field( ).Source_Field( ).Source_Field( ) ) )
- p_sfield = &get_obj( ).child_List( ).child_List_Field( ).Source_Field( ).Source_Field( );
-
- if( p_sfield->child_Specification( ).iterate_forwards( ) )
- {
- do
- {
- if( p_sfield->child_Specification( ).Specification_Type( ) == "filter_perm_restricted" )
- {
- if( !filters.empty( ) )
- filters += ",";
- filters += p_sfield->child_Specification( ).Id( );
-
- p_sfield->child_Specification( ).iterate_stop( );
- break;
- }
- } while( p_sfield->child_Specification( ).iterate_next( ) );
- }
- }
+ if( get_obj( ).child_List( ).child_List_Field( ).Source_Field( ).Extra( ) == 18 ) // i.e. "security_level"
+ has_security_level_field = true;
// NOTE: Index determination will be made after all columns have been processed
// so that unique indexes that span multiple columns can be used as well as for
@@ -4743,13 +4722,17 @@ void Meta_Model::impl::impl_Generate( )
if( !is_null( p_sclass->Source_Class( ) ) )
p_sclass = &p_sclass->Source_Class( );
+ // FUTURE: It would be more efficient if this query were restricted to the "filter" records.
if( p_sclass->child_Specification( ).iterate_forwards( ) )
{
do
{
- if( ( !get_obj( ).child_List( ).Ignore_User_Id_Filter( )
- && p_sclass->child_Specification( ).Specification_Type( ) == "filter_non_uid" )
- || p_sclass->child_Specification( ).Specification_Type( ) == "filter_field_value" )
+ string specification_type( p_sclass->child_Specification( ).Specification_Type( ) );
+
+ if( specification_type == "filter_field_value"
+ || specification_type == "filter_perm_restricted"
+ || ( !has_security_level_field && specification_type == "filter_security_level" )
+ || ( !get_obj( ).child_List( ).Ignore_User_Id_Filter( ) && specification_type == "filter_non_uid" ) )
{
if( !filters.empty( ) )
filters += ",";
View
@@ -130,6 +130,7 @@ perform_create sys 20120102 Meta 114100 field_values_from_updating_graph_parent
perform_create sys 20120102 Meta 114100 filter_field_value "114101=filter_field_value,114102=filter_{class}if_{field}is_{value_label}[and_]{tfield},114103=filter_field_value,114104=1,114124=1,114105=1,114135=1,114110=1,114126=1,114120=Use Test Field as an optional precondition.,114158=class={class}\r\nfield={field}\r\nvalue={value}\r\ntfield={tfield}\r\nsections=is_filtered get_required_field_names"
perform_create sys 20120102 Meta 114100 filter_non_uid "114101=filter_non_uid,114102=filter_{class}if_{spfield}{scfield}does_not_contain_uid,114103=non_uid_filter,114104=1,114125=1,114112=1,114119=52,114121=1,114122=1,114130=0,114120=Source Child Field is expected to contain a comma separated list of User keys (\"transient_field_from_child_concat\" can be used to create a transient for this purpose).,114158=class={class}\r\npclass={spclass}\r\npfield={spfield}\r\ncfield={scfield}\r\nsections=is_filtered"
perform_create sys 20120102 Meta 114100 filter_perm_restricted "114101=filter_perm_restricted,114102=filter_{class}if_{field}is_restricted,114103=filter_perm_restricted,114104=1,114124=1,114105=1,114111=20,114158=class={class}\r\nfield={field}\r\nsections=is_filtered get_required_field_names"
+perform_create sys 20120102 Meta 114100 filter_security_level "114101=filter_security_level,114102=filter_{class}if_{field}is_insufficient,114103=filter_security_level,114104=1,114124=1,114105=1,114111=20,114158=class={class}\r\nslevel={field}\r\nsections=is_filtered get_required_field_names"
perform_create sys 20120102 Meta 114100 for_acyclic "114101=for_acyclic,114102=for_{class}acyclic,114103=acyclic,114104=1,114125=1,114112=1,114119=51,114120=Source Parent is the self relationship parent.,114158=class={class}\r\nfield={spfield}\r\nsections=validate"
perform_create sys 20120102 Meta 114100 for_audit_fields "114101=for_audit_fields,114102=for_{class}audit_fields,114103=audit_fields,114104=1,114124=1,114105=1,114174=1,114125=1,114126=1,114120=Field is the \"Created By\" field\\, Other_Field is \"Created On\"\\, Source_Parent is \"Modified By\" and Test_Field is \"Modified On\".,114158=class={class}\r\ncusrfield={field}\r\ncdtmfield={ofield}\r\nmusrfield={spfield}\r\nmdtmfield={tfield}\r\nsections=value_will_be_provided for_store"
perform_create sys 20120102 Meta 114100 for_calc_interest "114101=for_calc_interest,114102=for_{class}{procedure},114103=interest,114104=1,114124=1,114105=1,114111=4,114128=1,114113=1,114130=2,114126=1,114114=1,114131=4,114171=1,114106=1,114132=1,114133=2,114120=Field is the \"balance\"\\, Source Field is the \"last calculation date\" and Test Field is the \"interest rate\". Procedure Arg is the \"new calculation date\"."
@@ -145,7 +146,7 @@ perform_create sys 20120102 Meta 114100 gen_execute "114101=gen_execute,114102=g
perform_create sys 20120102 Meta 114100 gen_pdf_child_list "114101=gen_pdf_child_list,114102=gen_{child}pdf_list,114103=gen_script,114104=1,114124=1,114105=1,114135=1,114110=1,114171=1,114106=1,114191=1,114138=1,114120=Field is for \"order\"\\, Value is the PDF \"list ext\"\\, Procedure is for \"generate\" and Child Relationship for the child list itself.,114158=class={class}\r\nofield={field}\r\nlist_ext={value}\r\ngen_proc={procedure}\r\nchild={child}\r\ncclass={cclass}\r\nmodel={model}\r\nscript={model}_{class}_{procedure}.cin\r\nvars={model}_{cclass}.{value}.pdf.vars.xrep\r\nsections=unused"
perform_create sys 20120102 Meta 114100 home_message_stats "114101=home_message_stats,114102=home_message,114103=home_message_stats,114104=1,114125=1,114140=115433$115100.301405,301710=home_message_secondary,114163=1,114120=Class is the primary source for statistics with Source Parent being an optional secondary source (typically the primary source would be the \"user\" and the secondary the \"group\").,114158=type=stats\r\ncommand={model}_Home_Message\r\ncmd_args=-p=$perms $user\r\nprimary_class={class}\r\nsecondary_class={spfield},114165=secondary_stats1_cclass=\r\nprimary_stats1_cfield=\r\nprimary_stats1_class1=\r\nprimary_stats1_field1=\r\nprimary_stats1_value1=\r\nprimary_stats1_class2=\r\nprimary_stats1_field2=\r\nprimary_stats1_value2=\r\nprimary_stats2_cclass=\r\nprimary_stats2_cfield=\r\nprimary_stats2_perm=\r\nprimary_stats2_class1=\r\nprimary_stats2_field1=\r\nprimary_stats2_value1=\r\nprimary_stats2_class2=\r\nprimary_stats2_field2=\r\nprimary_stats2_value2=\r\nsecondary_perm=\r\nsecondary_stats1_cfield=\r\nsecondary_stats1_class1=\r\nsecondary_stats1_field1=\r\nsecondary_stats1_value1=\r\nsecondary_stats1_class2=\r\nsecondary_stats1_field2=\r\nsecondary_stats1_value2=\r\nsecondary_stats2_cclass=\r\nsecondary_stats2_cfield=\r\nsecondary_stats2_perm=\r\nsecondary_stats2_class1=\r\nsecondary_stats2_field1=\r\nsecondary_stats2_value1=\r\nsecondary_stats2_class2=\r\nsecondary_stats2_field2=\r\nsecondary_stats2_value2="
perform_create sys 20120102 Meta 114100 home_message_primary "114101=home_message_primary,114102=primary,114103=n/a,114104=1,114139=1,114146=1,301700=home_message_stats,114140=115434$115100.301405,301710=home_message_stats_1,114147=1,114151=1,114164=primary"
-perform_create sys 20120102 Meta 114100 home_message_top_n "114101=home_message_top_n,114102=home_message,114103=home_message_top_n,114104=1,114124=1,114105=1,114128=1,114113=1,114135=1,114110=1,114120=Field is what will be output and Source Field is used for ordering. Value is the number of records to output.,114158=type=top_n\r\nlimit={value}\r\nclass={class}\r\nfield={field}\r\nofield={sfield}\r\ncommand={model}_{class}_Home_Message"
+perform_create sys 20120102 Meta 114100 home_message_top_n "114101=home_message_top_n,114102=home_message,114103=home_message_top_n,114104=1,114124=1,114105=1,114128=1,114113=1,114135=1,114110=1,114120=Field is what will be output and Source Field is used for ordering. Value is the number of records to output.,114158=type=top_n\r\nlimit={value}\r\nclass={class}\r\nfield={field}\r\nofield={sfield}\r\ncommand={model}_{class}_Home_Message\r\ncmd_args=-p=$perms $user"
perform_create sys 20120102 Meta 114100 modifier_date_alert "114101=modifier_date_alert,114102=modifier_{class}{modifier}if_{field}is_within_{value_label},114103=modifier_date_notification,114104=1,114124=1,114105=1,114197=1,114107=1,114111=2,114135=1,114110=1,114117=1,114120=Use option \"-annual\" for an annual event.,114158=class={class}\r\nfield={field}\r\nmodifier={modifier}\r\nperiod={value_leftpart}\r\ntype={value_rightpart}\r\nannual={?-annual}\r\nsections=get_state get_always_required_field_names"
perform_create sys 20120102 Meta 114100 modifier_datetime_was_prior "114101=modifier_datetime_was_prior,114102=modifier_{class}{modifier}if_{field}was_prior_to_{value_label}[and_]{tfield}[is_]{tvalue},114103=modifier_past_date_time,114104=1,114124=1,114105=1,114111=41,114197=1,114107=1,114126=1,114135=1,114110=1,114115=1,114120=Test Field [== Test Value] is an optional precondition. Use Value \"now\" or \"today\" for current comparison or provide a number and a type (e.g. 3 hours).,114158=class={class}\r\ndfield={field}\r\ndfprim={primitive}\r\nvalue={value}\r\nmodifier={modifier}\r\ntfield={tfield}\r\ntvalue={tvalue}\r\nfuture=\r\nsections=get_state get_always_required_field_names"
perform_create sys 20120102 Meta 114100 modifier_datetime_will_follow "114101=modifier_datetime_will_follow,114102=modifier_{class}{modifier}if_{field}will_be_after_{value_label}[and_]{tfield}[is_]{tvalue},114103=modifier_past_date_time,114104=1,114124=1,114105=1,114111=41,114197=1,114107=1,114126=1,114135=1,114110=1,114115=1,114120=Test Field [== Test Value] is an optional precondition. Use Value \"now\" or \"today\" for current comparison or provide a number and a type (e.g. 3 hours).,114158=class={class}\r\ndfield={field}\r\ndfprim={primitive}\r\nvalue={value}\r\nmodifier={modifier}\r\ntfield={tfield}\r\ntvalue={tvalue}\r\nfuture=true\r\nsections=get_state get_always_required_field_names"
View
@@ -137,6 +137,7 @@ const char* const c_script_dummy_filename = "*script*";
const char* const c_system_variable_storage = "@storage";
const char* const c_session_variable_dtm = "@dtm";
+const char* const c_session_variable_sec = "@sec";
const char* const c_session_variable_uid = "@uid";
const char* const c_session_variable_none = "@none";
const char* const c_session_variable_class = "@class";
@@ -217,8 +218,9 @@ struct session
size_t id;
size_t slot;
- string uid;
string dtm;
+ string uid;
+ string sec;
string tz_abbr;
@@ -5219,8 +5221,31 @@ string get_uid( bool remove_display_name )
void set_uid( const string& uid )
{
- gtp_session->uid = uid;
- set_session_variable( c_session_variable_uid, uid );
+ string s( uid );
+
+ string::size_type pos = uid.find( ':' );
+ string::size_type spos = uid.find( '!' );
+
+ gtp_session->sec.erase( );
+ set_session_variable( c_session_variable_sec, "" );
+
+ if( spos != string::npos )
+ {
+ if( pos == string::npos || pos > spos )
+ {
+ string sec = uid.substr( spos + 1, pos == string::npos ? pos : pos - spos - 1 );
+
+ gtp_session->sec = sec;
+ set_session_variable( c_session_variable_sec, sec );
+
+ s = uid.substr( 0, spos );
+ if( pos != string::npos )
+ s += uid.substr( pos );
+ }
+ }
+
+ gtp_session->uid = s;
+ set_session_variable( c_session_variable_uid, s );
}
bool is_admin_uid( )
@@ -5244,6 +5269,15 @@ bool is_admin_uid_key( const string& key )
return key == "admin";
}
+bool has_sec_level( const string& level )
+{
+ // NOTE: Security level strings (e.g. XXXX) are shorter for higher.
+ if( gtp_session->sec.empty( ) || gtp_session->sec <= level )
+ return true;
+ else
+ return false;
+}
+
string get_dtm( )
{
return gtp_session->dtm;
View
@@ -241,6 +241,8 @@ bool CIYAM_BASE_DECL_SPEC is_system_uid( );
bool CIYAM_BASE_DECL_SPEC is_admin_uid_key( const std::string& key );
+bool CIYAM_BASE_DECL_SPEC has_sec_level( const std::string& level );
+
std::string CIYAM_BASE_DECL_SPEC get_dtm( );
void CIYAM_BASE_DECL_SPEC set_dtm( const std::string& dtm );
@@ -1851,6 +1851,10 @@ bool `{`$full_class_name`}::impl::is_filtered( ) const
`{`#filter_perm_restricted.spec.xrep section=is_filtered arg_name=\0\
arg_id=$specification_\0_id arg_field=$specification_\0_field`}
`,\
+`@eq`(`'\1`'`,`'filter_security_level`'`)\
+`{`#filter_security_level.spec.xrep section=is_filtered arg_name=\0\
+ arg_id=$specification_\0_id arg_slevel=$specification_\0_slevel`}
+`,\
`@eq`(`'\1`'`,`'non_uid_filter`'`)\
`{`#non_uid_filter.spec.xrep section=is_filtered class_name=$class_name module_name=$module_name\
arg_name=\0 arg_id=$specification_\0_id arg_pclass=$specification_\0_pclass arg_cfield=$specification_\0_cfield`}
@@ -2595,6 +2599,10 @@ void `{`$full_class_name`}::get_required_field_names(
`{`#filter_perm_restricted.spec.xrep section=get_required_field_names arg_name=\0\
arg_id=$specification_\0_id arg_field=$specification_\0_field`}\
`,\
+`@eq`(`'\1`'`,`'filter_security_level`'`)
+`{`#filter_security_level.spec.xrep section=get_required_field_names arg_name=\0\
+ arg_id=$specification_\0_id arg_slevel=$specification_\0_slevel`}\
+`,\
`@eq`(`'\1`'`,`'meta_relationship_child_name`'`)
`{`#meta_relationship_child_name.spec.xrep section=get_required_field_names\
arg_field=$specification_\0_field arg_sfield=$specification_\0_sfield\
Oops, something went wrong.

0 comments on commit cfe14ca

Please sign in to comment.