📄 crmsfasecurity.java
字号:
if (!"_VIEW".equals(securityOperation) && "SOSTG_CLOSED".equals(opportunity.getString("opportunityStageId"))) { return false; } // check that userLogin can perform this operation on all associated accounts (orthogonal to leads) List accounts = UtilOpportunity.getOpportunityAccountPartyIds(delegator, salesOpportunityId); for (Iterator iter = accounts.iterator(); iter.hasNext(); ) { if (!hasPartyRelationSecurity(security, "CRMSFA_OPP", securityOperation, userLogin, (String) iter.next())) { return false; } } // check that userLogin can perform this operation on all associated leads (orthogonal to accounts) List leads = UtilOpportunity.getOpportunityLeadPartyIds(delegator, salesOpportunityId); for (Iterator iter = leads.iterator(); iter.hasNext(); ) { if (!hasPartyRelationSecurity(security, "CRMSFA_OPP", securityOperation, userLogin, (String) iter.next())) { return false; } } // check that userLogin can perform this operation on all associated contacts List contacts = UtilOpportunity.getOpportunityContactPartyIds(delegator, salesOpportunityId); for (Iterator iter = contacts.iterator(); iter.hasNext(); ) { if (!hasPartyRelationSecurity(security, "CRMSFA_OPP", securityOperation, userLogin, (String) iter.next())) { return false; } } } catch (GenericEntityException e) { Debug.logError(e, "Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_OPP] + [" + securityOperation + "] on salesOpportunityId = [" + salesOpportunityId + "], but permission was denied due to exception: " + e.getMessage(), module); return false; } // everything was passed return true; } /** * Checks if a userLogin has permission to perform an operation on a case. Cases are associated with accounts and contacts. * They also have someone in the role of request taker, but this person cannot do anything. Module CRMSFA_CASE is implied. */ public static boolean hasCasePermission(Security security, String securityOperation, GenericValue userLogin, String custRequestId) { GenericDelegator delegator = userLogin.getDelegator(); try { // check for existance first GenericValue custRequest = delegator.findByPrimaryKeyCache("CustRequest", UtilMisc.toMap("custRequestId", custRequestId)); if (custRequest == null) { return false; } // check for closed cases for actions that are not _VIEW String statusId = custRequest.getString("statusId"); if (!"_VIEW".equals(securityOperation) && UtilCase.caseIsInactive(custRequest)) { return false; } // use the cases helper method to get the PartyRelationshipAndCaseRoles for accounts and contacts of this case List roles = UtilCase.getCaseAccountsAndContacts(delegator, custRequestId); for (Iterator iter = roles.iterator(); iter.hasNext(); ) { GenericValue role = (GenericValue) iter.next(); // we're interested in the partyIdFrom, which is also the partyId of PartyRelationshipAndCaseRole if (hasPartyRelationSecurity(security, "CRMSFA_CASE", securityOperation, userLogin, role.getString("partyId"))) { return true; } } } catch (GenericEntityException e) { Debug.logError(e, "Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_CASE] + [" + securityOperation + "] on custRequestId = [" + custRequestId + "], but permission was denied due to exception: " + e.getMessage(), module); } return false; } /** * Checks if a userLogin has permission to perform an operation on a activity. Activities are workEfforts that have associations to accounts, contacts, leads, * opportunities and cases using various map entities. The user will need to pass all security checks for each association. This is to prevent the user from * doing things when he has access to only one assocation but not all. * * First, the user must pass a general CRMSFA_ACT_${securityOperation} check. * Then, if the internalPartyId is supplied, the user must pass the appropriate CRMSFA_ACCOUNT/CONTACT/LEAD_${securityOperation} check. * Then, if the salesOpportunityId is supplied, the user must pass CRMSFA_OPP_${securityOperation} * Then, if the custRequestId is supplied, the user must pass CRMSFA_CASE_${securityOperation} */ public static boolean hasActivityPermission(Security security, String securityOperation, GenericValue userLogin, String workEffortId, String internalPartyId, String salesOpportunityId, String custRequestId) { // first check general CRMSFA_ACT_${securityOperation} permission if (!security.hasEntityPermission("CRMSFA_ACT", securityOperation, userLogin)) { Debug.logWarning("Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_ACT] + [" + securityOperation + "] in general but permission was denied.", module); return false; } GenericDelegator delegator = userLogin.getDelegator(); try { // check for existance first GenericValue workEffort = delegator.findByPrimaryKeyCache("WorkEffort", UtilMisc.toMap("workEffortId", workEffortId)); if (workEffort == null) { return false; } // check for closed activities for actions that are not _VIEW if (!"_VIEW".equals(securityOperation) && UtilActivity.activityIsInactive(workEffort)) { return false; } // if there is an internalPartyId, check to see if user has permission for a party if ((internalPartyId != null) && !internalPartyId.equals("")) { // determine the security module String securityModule = getSecurityModuleOfInternalParty(internalPartyId, delegator); if (securityModule == null) { Debug.logWarning("Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_ACT] + [" + securityOperation + "] on workEffortId = [" + workEffortId + "] but permission was denied because internalPartyId=[" + internalPartyId + "] has an unknown roleTypeId", module); return false; } // see if user can do this operation on this party if (!hasPartyRelationSecurity(security, securityModule, securityOperation, userLogin, internalPartyId)) { return false; } } // if there is an opportunity, check to see if user has OPP permission if ((salesOpportunityId != null) && !salesOpportunityId.equals("")) { if (!hasOpportunityPermission(security, securityOperation, userLogin, salesOpportunityId)) { return false; } } // if there is a case, check to see if user has CASE permission if ((custRequestId != null) && !custRequestId.equals("")) { if (!hasCasePermission(security, securityOperation, userLogin, custRequestId)) { return false; } } } catch (GenericEntityException e) { Debug.logError(e, "Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_ACT] + [" + securityOperation + "] on workEffortId = [" + workEffortId + "], internalPartyId=[" + internalPartyId + "], salesOpportunityId=[" + salesOpportunityId + "], custRequestId = [" + custRequestId + "], but permission was denied due to an exception: " + e.getMessage(), module); return false; } // the user has passed everything return true; } /** * As above, but checks permission for every single existing association for a work effort. As a short cut, this will only check for parties which are directly * associated with the work effort through WorkEffortPartyAssociations. If the application changes to allow the existance of work efforts without any * party associations, then this method must be changed to relfect that. TODO: comprehensive (check case and opp security) */ public static boolean hasActivityPermission(Security security, String securityOperation, GenericValue userLogin, String workEffortId) { // first check general CRMSFA_ACT_${securityOperation} permission if (!security.hasEntityPermission("CRMSFA_ACT", securityOperation, userLogin)) { Debug.logWarning("Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_ACT] + [" + securityOperation + "] in general but permission was denied.", module); return false; } GenericDelegator delegator = userLogin.getDelegator(); try { // check for existance first GenericValue workEffort = delegator.findByPrimaryKeyCache("WorkEffort", UtilMisc.toMap("workEffortId", workEffortId)); if (workEffort == null) { return false; } // check for closed activities for actions that are not _VIEW if (!"_VIEW".equals(securityOperation) && UtilActivity.activityIsInactive(workEffort)) { return false; } List parties = UtilActivity.getActivityParties(delegator, workEffortId); for (Iterator iter = parties.iterator(); iter.hasNext(); ) { String internalPartyId = ((GenericValue) iter.next()).getString("partyId"); String securityModule = getSecurityModuleOfInternalParty(internalPartyId, delegator); if (!hasPartyRelationSecurity(security, securityModule, securityOperation, userLogin, internalPartyId)) { return false; } } } catch (GenericEntityException e) { Debug.logError(e, "Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_ACT] + [" + securityOperation + "] on all associations with workEffortId=[" + workEffortId + "] but permission was denied due to an exception: " + e.getMessage(), module); return false; } // the user has passed everything return true; } /** * Get the security module relevant to the role of the given internal partyId. * @return The module as a string, such as "CRMSFA_ACCOUNT" for ACCOUNT partyIds or null if the role type is not found */ public static String getSecurityModuleOfInternalParty(String partyId, GenericDelegator delegator) throws GenericEntityException { String roleTypeId = PartyHelper.getFirstValidInternalPartyRoleTypeId(partyId, delegator); if ("ACCOUNT".equals(roleTypeId)) return "CRMSFA_ACCOUNT"; if ("CONTACT".equals(roleTypeId)) return "CRMSFA_CONTACT"; if ("PROSPECT".equals(roleTypeId)) return "CRMSFA_LEAD"; return null; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -