extract code from MRolePermRequest to make it simpler

Handle incorrect AD_Window_ID in URL #603
metasfresh · Sep 20, 2017 · c00d904 · c00d904
1 parent 0b10fda
commit c00d904
Show file tree

Hide file tree

Showing 7 changed files with 303 additions and 210 deletions.
diff --git a/...compiere/model/I_AD_Role_PermRequest.java → ...compiere/model/I_AD_Role_PermRequest.java b/...compiere/model/I_AD_Role_PermRequest.java → ...compiere/model/I_AD_Role_PermRequest.java
diff --git a/...compiere/model/X_AD_Role_PermRequest.java → ...compiere/model/X_AD_Role_PermRequest.java b/...compiere/model/X_AD_Role_PermRequest.java → ...compiere/model/X_AD_Role_PermRequest.java
diff --git a/...tas.adempiere.adempiere/base/src/main/java/org/adempiere/service/RolePermGrandAccess.java b/...tas.adempiere.adempiere/base/src/main/java/org/adempiere/service/RolePermGrandAccess.java
@@ -0,0 +1,177 @@
+package org.adempiere.service;
+
+import static org.adempiere.model.InterfaceWrapperHelper.getCtx;
+
+import org.adempiere.ad.security.IUserRolePermissionsDAO;
+import org.adempiere.ad.service.IADReferenceDAO;
+import org.adempiere.ad.service.IADReferenceDAO.ADRefListItem;
+import org.adempiere.exceptions.AdempiereException;
+import org.adempiere.model.InterfaceWrapperHelper;
+import org.adempiere.util.Check;
+import org.adempiere.util.Loggables;
+import org.adempiere.util.Services;
+import org.compiere.model.I_AD_Form;
+import org.compiere.model.I_AD_Process;
+import org.compiere.model.I_AD_Role_PermRequest;
+import org.compiere.model.I_AD_Task;
+import org.compiere.model.I_AD_Window;
+import org.compiere.model.I_AD_Workflow;
+import org.compiere.model.I_C_DocType;
+import org.compiere.model.X_C_Invoice;
+import org.compiere.util.Env;
+import org.slf4j.Logger;
+
+import com.google.common.base.Preconditions;
+
+import ch.qos.logback.classic.Level;
+import de.metas.i18n.IMsgBL;
+import de.metas.logging.LogManager;
+import de.metas.process.IADProcessDAO;
+import lombok.NonNull;
+import lombok.experimental.UtilityClass;
+
+/*
+ * #%L
+ * de.metas.adempiere.adempiere.base
+ * %%
+ * Copyright (C) 2017 metas GmbH
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, either version 2 of the
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public
+ * License along with this program. If not, see
+ * <http://www.gnu.org/licenses/gpl-2.0.html>.
+ * #L%
+ */
+
+@UtilityClass
+public class RolePermGrandAccess
+{
+	private static final Logger logger = LogManager.getLogger(RolePermGrandAccess.class);
+
+	public void grantAccess(@NonNull final I_AD_Role_PermRequest request)
+	{
+		if (request.getAD_Window_ID() > 0)
+		{
+			grantWindowAccess(request);
+		}
+		else if (request.getAD_Process_ID() > 0)
+		{
+			grantProcessAccess(request);
+		}
+		else if (request.getAD_Form_ID() > 0)
+		{
+			grantFormAccess(request);
+		}
+		else if (request.getAD_Task_ID() > 0)
+		{
+			grantTaskAccess(request);
+		}
+		else if (request.getAD_Workflow_ID() > 0)
+		{
+			grantWorkflowAccess(request);
+		}
+		else if (request.getDocAction() != null)
+		{
+			grantDocActionAccess(request);
+		}
+		else
+		{
+			throw new AdempiereException("Can not identify what permissions to grant");
+		}
+
+		request.setIsPermissionGranted(true);
+	}
+
+	private void grantWindowAccess(@NonNull final I_AD_Role_PermRequest request)
+	{
+		final int AD_Window_ID = request.getAD_Window_ID();
+
+		Preconditions.checkArgument(AD_Window_ID > 0, "invalid AD_Window_ID");
+		final I_AD_Window window = InterfaceWrapperHelper.loadOutOfTrx(AD_Window_ID, I_AD_Window.class);
+
+		Services.get(IUserRolePermissionsDAO.class).createWindowAccess(request.getAD_Role(), AD_Window_ID, request.isReadWrite());
+		logGranted(I_AD_Window.COLUMNNAME_AD_Window_ID, window.getName());
+	}
+
+	private void grantProcessAccess(@NonNull final I_AD_Role_PermRequest request)
+	{
+		final int AD_Process_ID = request.getAD_Process_ID();
+
+		request.setIsReadWrite(true); // we always need read write access to processes
+
+		final IADProcessDAO adProcessDAO = Services.get(IADProcessDAO.class);
+		final I_AD_Process adProcess = adProcessDAO.retrieveProcessById(getCtx(request), AD_Process_ID);
+
+		Services.get(IUserRolePermissionsDAO.class).createProcessAccess(request.getAD_Role(), AD_Process_ID, request.isReadWrite());
+		logGranted(I_AD_Process.COLUMNNAME_AD_Process_ID, adProcess.getName());
+
+		//
+		// Recursively grant access to child elements:
+		if (adProcess.getAD_Form_ID() > 0)
+		{
+			grantFormAccess(request);
+		}
+		if (adProcess.getAD_Workflow_ID() > 0)
+		{
+			grantWorkflowAccess(request);
+		}
+	}
+
+	private void grantFormAccess(@NonNull final I_AD_Role_PermRequest request)
+	{
+		final int AD_Form_ID = request.getAD_Form_ID();
+
+		final I_AD_Form form = InterfaceWrapperHelper.loadOutOfTrx(AD_Form_ID, I_AD_Form.class);
+		Services.get(IUserRolePermissionsDAO.class).createFormAccess(request.getAD_Role(), AD_Form_ID, request.isReadWrite());
+		logGranted(I_AD_Form.COLUMNNAME_AD_Form_ID, form.getName());
+	}
+
+	private void grantWorkflowAccess(@NonNull final I_AD_Role_PermRequest request)
+	{
+		final int AD_Workflow_ID = request.getAD_Workflow_ID();
+
+		final I_AD_Workflow wf = InterfaceWrapperHelper.loadOutOfTrx(AD_Workflow_ID, I_AD_Workflow.class);
+		Services.get(IUserRolePermissionsDAO.class).createWorkflowAccess(request.getAD_Role(), AD_Workflow_ID, request.isReadWrite());
+		logGranted(I_AD_Workflow.COLUMNNAME_AD_Workflow_ID, wf.getName());
+	}
+
+	private void grantTaskAccess(@NonNull final I_AD_Role_PermRequest request)
+	{
+		final int AD_Task_ID = request.getAD_Task_ID();
+		final I_AD_Task task = InterfaceWrapperHelper.loadOutOfTrx(AD_Task_ID, I_AD_Task.class);
+		Services.get(IUserRolePermissionsDAO.class).createTaskAccess(request.getAD_Role(), AD_Task_ID, request.isReadWrite());
+		logGranted(I_AD_Task.COLUMNNAME_AD_Task_ID, task.getName());
+	}
+
+	private void grantDocActionAccess(@NonNull final I_AD_Role_PermRequest request)
+	{
+		final int C_DocType_ID = request.getC_DocType_ID();
+		final String docAction = request.getDocAction();
+
+		final I_C_DocType docType = InterfaceWrapperHelper.loadOutOfTrx(C_DocType_ID, I_C_DocType.class);
+
+		final ADRefListItem docActionItem = Services.get(IADReferenceDAO.class).retrieveListItemOrNull(X_C_Invoice.DOCACTION_AD_Reference_ID, docAction);
+		Check.assumeNotNull(docActionItem, "docActionItem is missing for {}", docAction);
+		final int docActionRefListId = docActionItem.getRefListId();
+
+		Services.get(IUserRolePermissionsDAO.class).createDocumentActionAccess(request.getAD_Role(), C_DocType_ID, docActionRefListId);
+		logGranted(I_C_DocType.COLUMNNAME_C_DocType_ID, docType.getName() + "/" + docAction);
+	}
+
+	private void logGranted(final String type, final String name)
+	{
+		Loggables
+				.getLoggableOrLogger(logger, Level.INFO)
+				.addLog("Access granted: " + Services.get(IMsgBL.class).translate(Env.getCtx(), type) + ":" + name);
+
+	}
+}
diff --git a/...as.adempiere.adempiere/base/src/main/java/org/adempiere/service/RolePermRevokeAccess.java b/...as.adempiere.adempiere/base/src/main/java/org/adempiere/service/RolePermRevokeAccess.java
@@ -0,0 +1,114 @@
+package org.adempiere.service;
+
+import org.adempiere.ad.security.IUserRolePermissionsDAO;
+import org.adempiere.ad.service.IADReferenceDAO;
+import org.adempiere.ad.service.IADReferenceDAO.ADRefListItem;
+import org.adempiere.exceptions.AdempiereException;
+import org.adempiere.model.InterfaceWrapperHelper;
+import org.adempiere.util.Check;
+import org.adempiere.util.Loggables;
+import org.adempiere.util.Services;
+import org.compiere.model.I_AD_Form;
+import org.compiere.model.I_AD_Process;
+import org.compiere.model.I_AD_Role_PermRequest;
+import org.compiere.model.I_AD_Task;
+import org.compiere.model.I_AD_Window;
+import org.compiere.model.I_AD_Workflow;
+import org.compiere.model.I_C_DocType;
+import org.compiere.model.X_C_Invoice;
+import org.compiere.util.Env;
+import org.slf4j.Logger;
+
+import ch.qos.logback.classic.Level;
+import de.metas.i18n.IMsgBL;
+import de.metas.logging.LogManager;
+import lombok.NonNull;
+import lombok.experimental.UtilityClass;
+
+/*
+ * #%L
+ * de.metas.adempiere.adempiere.base
+ * %%
+ * Copyright (C) 2017 metas GmbH
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, either version 2 of the
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public
+ * License along with this program. If not, see
+ * <http://www.gnu.org/licenses/gpl-2.0.html>.
+ * #L%
+ */
+@UtilityClass
+public class RolePermRevokeAccess
+{
+
+	private static final Logger logger = LogManager.getLogger(RolePermRevokeAccess.class);
+
+	public void revokeAccess(@NonNull final I_AD_Role_PermRequest request)
+	{
+		final IUserRolePermissionsDAO permissionsDAO = Services.get(IUserRolePermissionsDAO.class);
+		if (request.getAD_Window_ID() > 0)
+		{
+			final I_AD_Window window = request.getAD_Window();
+			permissionsDAO.deleteWindowAccess(request.getAD_Role(), window.getAD_Window_ID());
+			logRevoked(I_AD_Window.COLUMNNAME_AD_Window_ID, window.getName());
+		}
+		else if (request.getAD_Process_ID() > 0)
+		{
+			final I_AD_Process process = request.getAD_Process();
+			permissionsDAO.deleteProcessAccess(request.getAD_Role(), process.getAD_Process_ID());
+			logRevoked(I_AD_Process.COLUMNNAME_AD_Process_ID, process.getName());
+		}
+		else if (request.getAD_Form_ID() > 0)
+		{
+			final I_AD_Form form = request.getAD_Form();
+			permissionsDAO.deleteFormAccess(request.getAD_Role(), form.getAD_Form_ID());
+			logRevoked(I_AD_Form.COLUMNNAME_AD_Form_ID, form.getName());
+		}
+		else if (request.getAD_Task_ID() > 0)
+		{
+			final I_AD_Task task = request.getAD_Task();
+			permissionsDAO.deleteTaskAccess(request.getAD_Role(), task.getAD_Task_ID());
+			logRevoked(I_AD_Task.COLUMNNAME_AD_Task_ID, task.getName());
+		}
+		else if (request.getAD_Workflow_ID() > 0)
+		{
+			final I_AD_Workflow wf = request.getAD_Workflow();
+			permissionsDAO.deleteWorkflowAccess(request.getAD_Role(), wf.getAD_Workflow_ID());
+			logRevoked(I_AD_Workflow.COLUMNNAME_AD_Workflow_ID, wf.getName());
+		}
+		else if (request.getDocAction() != null)
+		{
+			final I_C_DocType docType = InterfaceWrapperHelper.loadOutOfTrx(request.getC_DocType_ID(), I_C_DocType.class);
+
+			final String docAction = request.getDocAction();
+			final ADRefListItem docActionItem = Services.get(IADReferenceDAO.class).retrieveListItemOrNull(X_C_Invoice.DOCACTION_AD_Reference_ID, docAction);
+			Check.assumeNotNull(docActionItem, "docActionItem is missing for {}", docAction);
+			final int docActionRefListId = docActionItem.getRefListId();
+
+			permissionsDAO.deleteDocumentActionAccess(request.getAD_Role(), docType.getC_DocType_ID(), docActionRefListId);
+			logRevoked(I_C_DocType.COLUMNNAME_C_DocType_ID, docType.getName());
+		}
+		else
+		{
+			throw new AdempiereException("Can not identify what permissions to revoke");
+		}
+		//
+		request.setIsPermissionGranted(false);
+	}
+
+	private void logRevoked(final String type, final String name)
+	{
+		Loggables
+				.getLoggableOrLogger(logger, Level.INFO)
+				.addLog("Access revoked: " + Services.get(IMsgBL.class).translate(Env.getCtx(), type) + ":" + name);
+	}
+}
diff --git a/....swat/de.metas.swat.base/src/main/java/org/adempiere/process/AD_Role_GrantPermission.java b/....swat/de.metas.swat.base/src/main/java/org/adempiere/process/AD_Role_GrantPermission.java
@@ -29,6 +29,7 @@
 
 
 import org.adempiere.exceptions.FillMandatoryException;
+import org.adempiere.service.RolePermGrandAccess;
 import org.adempiere.util.Services;
 import org.compiere.model.MRolePermRequest;
 
@@ -70,13 +71,14 @@ protected String doIt() throws Exception
 		if (p_AD_Role_PermRequest_ID <= 0)
 			throw new FillMandatoryException(MRolePermRequest.COLUMNNAME_AD_Role_PermRequest_ID);
 		//
-		MRolePermRequest req = new MRolePermRequest(getCtx(), p_AD_Role_PermRequest_ID, get_TrxName());
-		req.setCaller(this);
+		final MRolePermRequest req = new MRolePermRequest(getCtx(), p_AD_Role_PermRequest_ID, get_TrxName());
 		if (p_IsReadWrite != null)
+		{
 			req.setIsReadWrite(p_IsReadWrite);
-		req.grantAccess();
+		}
+		RolePermGrandAccess.grantAccess(req);
 		req.saveEx();
-		//
+
 		return "Ok";
 	}
 

diff --git a/...swat/de.metas.swat.base/src/main/java/org/adempiere/process/AD_Role_RevokePermission.java b/...swat/de.metas.swat.base/src/main/java/org/adempiere/process/AD_Role_RevokePermission.java
@@ -29,6 +29,7 @@
 
 
 import org.adempiere.exceptions.FillMandatoryException;
+import org.adempiere.service.RolePermRevokeAccess;
 import org.adempiere.util.Services;
 import org.compiere.model.MRolePermRequest;
 
@@ -57,9 +58,9 @@ protected String doIt() throws Exception
 		if (p_AD_Role_PermRequest_ID <= 0)
 			throw new FillMandatoryException(MRolePermRequest.COLUMNNAME_AD_Role_PermRequest_ID);
 		//
-		MRolePermRequest req = new MRolePermRequest(getCtx(), p_AD_Role_PermRequest_ID, get_TrxName());
-		req.setCaller(this);
-		req.revokeAccess();
+		final MRolePermRequest req = new MRolePermRequest(getCtx(), p_AD_Role_PermRequest_ID, get_TrxName());
+
+		RolePermRevokeAccess.revokeAccess(req);
 		req.saveEx();
 		//
 		return "Ok";