Skip to content

Commit

Permalink
DocumentPermissionsHelper minor refactoring
Browse files Browse the repository at this point in the history
  • Loading branch information
teosarca committed Jul 22, 2017
1 parent 50c30f5 commit fee3b83
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 18 deletions.
3 changes: 1 addition & 2 deletions src/main/java/de/metas/ui/web/view/ViewsRepository.java
Original file line number Diff line number Diff line change
Expand Up @@ -350,8 +350,7 @@ public IView getViewIfExists(final ViewId viewId)
throw new EntityNotFoundException("No view found for viewId=" + viewId);
}

final String windowName = viewId.getViewId(); // used only for error reporting
DocumentPermissionsHelper.assertWindowAccess(viewId.getWindowId(), windowName, UserSession.getCurrentPermissions());
DocumentPermissionsHelper.assertViewAccess(viewId.getWindowId(), viewId.getViewId(), UserSession.getCurrentPermissions());

return view;
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
package de.metas.ui.web.window.controller;

import javax.annotation.Nullable;

import org.adempiere.ad.security.IUserRolePermissions;
import org.adempiere.ad.security.permissions.ElementPermission;
import org.adempiere.ad.table.api.IADTableDAO;
Expand Down Expand Up @@ -57,30 +59,39 @@ public static ElementPermission checkWindowAccess(@NonNull final DocumentEntityD

final Boolean readWriteAccess = null; // none
Services.get(IRolePermLoggingBL.class).logWindowAccess(permissions.getAD_Role_ID(), adWindowId, readWriteAccess, ex.getLocalizedMessage());

throw ex;
}

return windowPermission;
}

public static void assertWindowAccess(final WindowId windowId, final String windowName, final IUserRolePermissions permissions)
/**
* Asserts view access
*
* @param windowId
* @param viewId optional viewId, used only for error reporting
* @param permissions
*/
public static void assertViewAccess(final WindowId windowId, @Nullable final String viewId, final IUserRolePermissions permissions)
{
final int adWindowId = windowId.toIntOr(-1);
if(adWindowId < 0)
if (adWindowId < 0)
{
// cannot apply window access if the WindowId is not integer.
// usually those are special window placeholders.
return; // accept it
}


//
// Check AD_Window_ID access
final ElementPermission windowPermission = permissions.checkWindowPermission(adWindowId);
if (!windowPermission.hasReadAccess())
{
final AdempiereException ex = DocumentPermissionException.of(DocumentPermission.WindowAccess, "@NoAccess@")
.setParameter("Role", permissions.getName())
.setParameter("ViewId", windowName)
.setParameter("AD_Window_ID", adWindowId);
.setParameter("roleName", permissions.getName())
.setParameter("view", viewId)
.setParameter("windowId", adWindowId);

final Boolean readWriteAccess = null; // none
Services.get(IRolePermLoggingBL.class).logWindowAccess(permissions.getAD_Role_ID(), adWindowId, readWriteAccess, ex.getLocalizedMessage());
Expand All @@ -96,15 +107,14 @@ public static void assertCanView(@NonNull final Document document, @NonNull fina
{
return; // OK
}

// Check if we have window read permission
final WindowId windowId = document.getDocumentPath().getWindowId();
final int windowIdInt = windowId.toIntOr(-1);
if(windowIdInt > 0 && !permissions.checkWindowPermission(windowIdInt).hasReadAccess())
if (windowIdInt > 0 && !permissions.checkWindowPermission(windowIdInt).hasReadAccess())
{
throw DocumentPermissionException.of(DocumentPermission.View, "no window read permission");
}


final String tableName = document.getEntityDescriptor().getTableNameOrNull();
if (tableName == null)
Expand Down Expand Up @@ -136,13 +146,13 @@ public static void assertCanEdit(final Document document, final IUserRolePermiss
throw DocumentPermissionException.of(DocumentPermission.Update, errmsg);
}
}

public static boolean canEdit(final Document document, final IUserRolePermissions permissions)
{
final String errmsg = checkCanEdit(document, permissions);
return errmsg == null;
}

private static String checkCanEdit(@NonNull final Document document, @NonNull final IUserRolePermissions permissions)
{
// In case document type is not Window, return OK because we cannot validate
Expand All @@ -151,23 +161,23 @@ private static String checkCanEdit(@NonNull final Document document, @NonNull fi
{
return null; // OK
}

// Check if we have window write permission
final WindowId windowId = documentPath.getWindowId();
final int windowIdInt = windowId.toIntOr(-1);
if(windowIdInt > 0 && !permissions.checkWindowPermission(windowIdInt).hasWriteAccess())
if (windowIdInt > 0 && !permissions.checkWindowPermission(windowIdInt).hasWriteAccess())
{
return "no window edit permission";
}

final String tableName = document.getEntityDescriptor().getTableNameOrNull();
if (tableName == null)
{
// cannot apply security because this is not table based
return null; // OK
}
final int adTableId = Services.get(IADTableDAO.class).retrieveTableId(tableName);

int adClientId = document.getAD_Client_ID();
int adOrgId = document.getAD_Org_ID();
final int recordId = document.getDocumentId().toIntOr(-1);
Expand Down

0 comments on commit fee3b83

Please sign in to comment.