access.java

Java写的ERP系统

/******************************************************************************
 * The contents of this file are subject to the   Compiere License  Version 1.1
 * ("License"); You may not use this file except in compliance with the License
 * You may obtain a copy of the License at http://www.compiere.org/license.html
 * Software distributed under the License is distributed on an  "AS IS"  basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
 * the specific language governing rights and limitations under the License.
 * The Original Code is                  Compiere  ERP & CRM  Business Solution
 * The Initial Developer of the Original Code is Jorg Janke  and ComPiere, Inc.
 * Portions created by Jorg Janke are Copyright (C) 1999-2001 Jorg Janke, parts
 * created by ComPiere are Copyright (C) ComPiere, Inc.;   All Rights Reserved.
 * Contributor(s): ______________________________________.
 *****************************************************************************/
package org.compiere.util;

import java.util.*;
import java.sql.*;
import java.security.*;
import java.io.*;

/**
 *	Data Access and Security - No Instances.
 *  <pre>
 *  Security Levels:
 *	a)	Client/Org		{can I read/update/insert (shared) data in this table}
 *			Input:		User definition, Table.AccessLevel, Data record
 *			When:		Accessing any table
 *  b)	Function		{can I perform this function}
 *			Input:		Function Security	{<user> AD_Menu <function> <r|rw>}
 *			When:		Menu creation & Zoom enabled
 *  c)	Data Security	{can I access this record}
 *			Input:		Table.IsSecurityEnabled
 *						Data Security		{<user> <table> <data> <r|rw>)
 *			When:		Acessing monitored Tables
 *
 * ---------------------------------------------------------------------------
 *
 *	Table Definition	AccessLevel			SCO#		//	for (a)
 *						IsSecurityEnabled	false		//	for (c)
 *
 *	Each Data record:	Client				0 | id
 *						Organization		0 | id
 *
 *	User definition:	Level				'SCO'
 *						ClientList			c1, c2, ...
 *						OrgList				o1, o2, ...
 *
 *	SCO# Levels			S__ 100		4	System info
 *						SCO	111		7	System shared info
 *						SC_ 110		6	System/Client info
 *						_CO	011		3	Client shared info
 *						__O	001		1	Organization info
 *
 * ---------------------------------------------------------------------------
 *
 *	User.Level	Client	Org			Access
 *	----------	------	------		-------
 *	S			0		0				r/w
 *	  C			0		0			r/o
 *	  C			id		0				r/w
 *	    O		0		0			r/o
 *		O		id		0			r/o
 *	    O		id		id				r/w
 *
 *  </pre>
 *
 *  @author Jorg Janke
 *  @version  $Id: Access.java,v 1.3 2003/04/24 06:14:17 jjanke Exp $
 */
public final class Access implements Serializable
{
	public static final String	l1_Org			= "1";
	public static final String	l3_ClientOrg	= "3";
	public static final String	l4_System		= "4";
	public static final String	l6_SystemClient	= "6";
	public static final String	l7_All			= "7";

	/*************************************************************************
	 *	Appends RW where clause to SQL statement for Table (not fully qualified)
	 *  @param ctx			context to get User Client/Org
	 *	@param SQL			existing SQL statement
	 *	@param TableName	Table Name
	 *	@return				updated SQL statement
	 */
	public static String addRWAccessSQL (Properties ctx, String SQL, String TableName)
	{
		return addAccessSQL (ctx, SQL, TableName, false, false);
	}

	/*************************************************************************
	 *	Appends RW where clause to SQL statement for Table
	 *  @param ctx			context to get User Client/Org
	 *	@param SQL			existing SQL statement
	 *	@param TableName	Table Name
	 *	@param fullyQualified	fullyQualified names
	 *	@return				updated SQL statement
	 */
	public static String addRWAccessSQL (Properties ctx, String SQL, String TableName, boolean fullyQualified)
	{
		return addAccessSQL (ctx, SQL, TableName, fullyQualified, false);
	}

	/*************************************************************************
	 *	READ/Only - appends RO where clause to SQL statement for Table
	 *  @param ctx			context to get User Client/Org
	 *	@param SQL			existing SQL statement
	 *	@param TableName	Table Name
	 *	@param fullyQualified	fullyQualified names
	 *	@return				updated SQL statement
	 */
	public static String addROAccessSQL (Properties ctx, String SQL, String TableName, boolean fullyQualified)
	{
		return addAccessSQL (ctx, SQL, TableName, fullyQualified, true);
	}

	/*************************************************************************
	 *	Appends where clause to SQL statement for Table
	 *
	 *  @param ctx			context to get User Client/Org
	 *	@param SQL			existing SQL statement
	 *	@param TableName	Table Name
	 *	@param fullyQualified	fullyQualified names
	 *	@param RO			if true, includes System Data
	 *	@return				updated SQL statement
	 */
	private static String addAccessSQL (Properties ctx, String SQL, String TableName, boolean fullyQualified, boolean RO)
	{
		String retSQL = SQL;

		//	Cut off ORDER BY clause
		String orderBy = "";
		int pos = retSQL.indexOf(" ORDER BY ");
		if (pos != -1)
		{
			orderBy = retSQL.substring(pos);
			retSQL = retSQL.substring(0, pos);
		}

		//  Do we have to add WHERE or AND
		pos = retSQL.lastIndexOf("FROM");
		if (pos == -1)  // should not happen - maybe lower case
			pos = 0;
		//	Is there a WHERE after the last FROM ?
		if (retSQL.substring(pos).indexOf("WHERE") == -1)
			retSQL += " WHERE ";
		else
			retSQL += " AND ";

		//	Multiple tables?	e.g. AAA c, BBB b  - or AAA, BBB
		pos = TableName.indexOf(",");
		//  more than one table and fully qualified
		if (fullyQualified && pos != -1)
		{
			TableName = TableName.substring(0, pos).trim();		//	pick first Table
			pos = TableName.indexOf(" ");
			if (pos != -1)
				TableName = TableName.substring(pos).trim();
		}

		//	Client Access
		String User_Client = Env.getContext(ctx, "#User_Client");	//	Format c1, c2, ...
		if (User_Client.length() == 0)
			User_Client = Env.getContext(ctx, "#AD_Client_ID");
		User_Client = addSystem(User_Client, RO);
		if (fullyQualified)
			retSQL += TableName + ".";
		retSQL += "AD_Client_ID";
		if (User_Client.indexOf(",") == -1)				//	only one client
			retSQL += "=" + User_Client;
		else
			retSQL += " IN (" + User_Client + ")";

		//	Org Access
		String User_Org = Env.getContext(ctx, "#User_Org");		//	Format o1, o2, ...
		if (User_Org.length() == 0)
			User_Org = Env.getContext(ctx, "#AD_Org_ID");
		User_Org = addSystem(User_Org, RO);
		if (fullyQualified)
			retSQL += " AND " + TableName + ".AD_Org_ID";
		else
			retSQL += " AND AD_Org_ID";
		if (User_Org.indexOf(",") == -1)				//	only one org
			retSQL += "=" + User_Org;
		else
			retSQL += " IN (" + User_Org + ")";

		//	Data Access
		//	get Table.IsSecurityEnabled
		//	if yes: get UserAccess info => WHERE Table.TableKey in (List)

		return retSQL + orderBy;
	}	//	accessRead

	/**
	 *	Add System (0) to Access List and remove dupliactes
	 *
	 *  @param list list of entities
	 *  @param RO read only (i.e. add 0)
	 *  @return cleaned list
	 */
	private static String addSystem (String list, boolean RO)
	{
		String retValue = "";

		//	Create Hashtable with initial System
		Hashtable ht = new Hashtable();
		if (RO)
			ht.put("0", "0");

		//	add individual items
		StringTokenizer st = new StringTokenizer(list, ",", false);
		while (st.hasMoreTokens())
			ht.put(st.nextToken(), "x");

		//	Get all keys
		Enumeration e = ht.keys();
		while (e.hasMoreElements())
			retValue += (String)e.nextElement() + ",";

		retValue = retValue.substring(0, retValue.length()-1);
		return retValue;
	}	//	addSystem


	/*************************************************************************
	 *	UPADATE - Can I Update the record (with given Client/Org from context).
	 *  Access error info (AccessTableNoUpdate) is saved in the log
	 *
	 *  @param ctx comntext to derive client/org/user level
	 *	@param	WindowNo	number of the current window to retrieve context
	 *	@return	true if you can update
	 */
	public static boolean canUpdate (Properties ctx, int WindowNo)
	{
		String AD_Client_ID = Env.getContext(ctx, WindowNo, "AD_Client_ID");
		String AD_Org_ID = Env.getContext(ctx, WindowNo, "AD_Org_ID");
		String User_Level = Env.getContext(ctx, "#User_Level");	//	Format 'SCO'

		if (User_Level.indexOf("S") != -1)		//	System can change anything
			return true;

		boolean	retValue = true;
		String whatMissing = "";

		//	System == Client=0 & Org=0
		if (AD_Client_ID.equals("0") && AD_Org_ID.equals("0")
			&& User_Level.indexOf("S") == -1)
		{
			retValue = false;
			whatMissing += "S";
		}

		//	Client == Client!=0 & Org=0
		else if (!AD_Client_ID.equals("0") && AD_Org_ID.equals("0")
			&& User_Level.indexOf("C") == -1)
		{
			retValue = false;
			whatMissing += "C";
		}

		//	Organization == Client!=0 & Org!=0
		else if (!AD_Client_ID.equals("0") && !AD_Org_ID.equals("0")
			&& User_Level.indexOf("O") == -1)
		{
			retValue = false;
			whatMissing += "O";
		}

		//	Data Access
		//	get Table.IsSecurityEnabled
		//	if yes: get UserAcess info => Where Table.TableKey in (List)
		//									and Access=r/w

		if (!retValue)
			Log.saveError("AccessTableNoUpdate",
				"AD_Client_ID=" + AD_Client_ID + ", AD_Org_ID=" + AD_Org_ID + ", UserLevel=" + User_Level
				+ " => missing=" + whatMissing);

		return retValue;
	}	//	canUpdate

	/**
	 *	View/Insert - Can I view or insert record in Table with given TableLevel
	 *  <code>
	 *	TableLevel			S__ 100		4	System info
	 *						SCO	111		7	System shared info
	 *						SC_ 110		6	System/Client info
	 *						_CO	011		3	Client shared info
	 *						__O	001		1	Organization info
	 *  </code>
	 *  @param ctx	context
	 *	@param TableLevel	AccessLevel
	 *	@param forInsert	true for Insert, false for View
	 *	@return	true/false
	 *  Access error info (AccessTableNoUpdate, AccessTableNoView) is saved in the log
	 */
	public static boolean canViewInsert(Properties ctx, String TableLevel, boolean forInsert)
	{
		String User_Level = Env.getContext(ctx, "#User_Level");	//	Format 'SCO'

		boolean retValue = true;

		//	4 - System data requires S
		if (TableLevel.equals(l4_System) && User_Level.indexOf("S") == -1)
			retValue = false;

		//	1 - Organization data requires O
		else if (TableLevel.equals(l1_Org) && User_Level.indexOf("O") == -1)
			retValue = false;

		//	3 - Client Shared requires C or O
		else if (TableLevel.equals(l3_ClientOrg)
			&& (!(User_Level.indexOf("C")!=-1 || User_Level.indexOf("O")!=-1)) )
				retValue = false;

		//	6 - System/Client requires S or C
		else if (TableLevel.equals(l6_SystemClient)
			&& (!(User_Level.indexOf("S")!=-1 || User_Level.indexOf("C")!=-1)) )
			retValue = false;

		//	7 - System shared data has no requirements

		if (retValue)
			return retValue;

		//  Notification
		if (forInsert)
			Log.saveError("AccessTableNoUpdate",
				"(Required=" + TableLevel + "("
				+ getTableLevel(Env.getAD_Language(ctx), TableLevel)
				+ ") != UserLevel=" + User_Level);
		else
			Log.saveError("AccessTableNoView",
				"Required=" + TableLevel + "("
				+ getTableLevel(Env.getAD_Language(ctx), TableLevel)
				+ ") != UserLevel=" + User_Level);

		return retValue;
	}	//	canInsert


	/**
	 *	Returns clear text String of TableLevel
	 *  @param AD_Language language
	 *  @param TableLevel level
	 *  @return info
	 */
	private static String getTableLevel(String AD_Language, String TableLevel)
	{
		String level = TableLevel + "??";
		if (TableLevel.equals(l1_Org))
			level = "AccessOrg";
		else if (TableLevel.equals(l3_ClientOrg))
			level = "AccessClientOrg";
		else if (TableLevel.equals(l4_System))
			level = "AccessSystem";
		else if (TableLevel.equals(l6_SystemClient))
			level = "AccessSystemClient";
		else if (TableLevel.equals(l7_All))
			level = "AccessShared";

		return Msg.getMsg(AD_Language, level);
	}	//	getTableLevel

}	//	Access