📄 mrole.java
字号:
String tableName = "";
if (ti.length > 0)
{
tableName = ti[0].getSynonym();
if (tableName.length() == 0)
tableName = ti[0].getTableName();
}
if (TableNameIn != null && !tableName.equals(TableNameIn))
{
String msg = "TableName not correctly parsed - TableNameIn="
+ TableNameIn + " - " + asp;
if (ti.length > 0)
msg += " - #1 " + ti[0];
msg += "\n = " + SQL;
log.log(Level.SEVERE, msg);
Trace.printStack();
tableName = TableNameIn;
}
// Client Access
if (fullyQualified)
retSQL.append(tableName).append(".");
retSQL.append(getClientWhere(rw));
// Org Access
if (!isAccessAllOrgs())
{
retSQL.append(" AND ");
if (fullyQualified)
retSQL.append(tableName).append(".");
retSQL.append(getOrgWhere(rw));
}
// ** Data Access **
for (int i = 0; i < ti.length; i++)
{
String TableName = ti[i].getTableName();
int AD_Table_ID = getAD_Table_ID (TableName);
// Data Table Access
if (AD_Table_ID != 0 && !isTableAccess(AD_Table_ID, !rw))
{
retSQL.append(" AND 1=3"); // prevent access at all
log.fine("No access to AD_Table_ID=" + AD_Table_ID
+ " - " + TableName + " - " + retSQL);
break; // no need to check further
}
// Data Column Access
// Data Record Access
String keyColumnName = "";
if (fullyQualified)
{
keyColumnName = ti[i].getSynonym(); // table synonym
if (keyColumnName.length() == 0)
keyColumnName = TableName;
keyColumnName += ".";
}
keyColumnName += TableName + "_ID"; // derived from table
// log.fine("addAccessSQL - " + TableName + "(" + AD_Table_ID + ") " + keyColumnName);
String recordWhere = getRecordWhere (AD_Table_ID, keyColumnName, rw);
if (recordWhere.length() > 0)
{
retSQL.append(" AND ").append(recordWhere);
log.finest("Record access - " + recordWhere);
}
} // for all table info
// Dependent Records (only for main SQL)
String mainSql = asp.getMainSql();
loadRecordAccess(false);
int AD_Table_ID = 0;
String whereColumnName = null;
ArrayList<Integer> includes = new ArrayList<Integer>();
ArrayList<Integer> excludes = new ArrayList<Integer>();
for (int i = 0; i < m_recordDependentAccess.length; i++)
{
String columnName = m_recordDependentAccess[i].getKeyColumnName
(asp.getTableInfo(asp.getMainSqlIndex()) );
if (columnName == null)
continue; // no key column
int posColumn = mainSql.indexOf(columnName);
if (posColumn == -1)
continue;
// we found the column name - make sure it's a clumn name
char charCheck = mainSql.charAt(posColumn-1); // before
if (!(charCheck == ',' || charCheck == '.' || charCheck == ' ' || charCheck == '('))
continue;
charCheck = mainSql.charAt(posColumn+columnName.length()); // after
if (!(charCheck == ',' || charCheck == ' ' || charCheck == ')'))
continue;
if (AD_Table_ID != 0 && AD_Table_ID != m_recordDependentAccess[i].getAD_Table_ID())
retSQL.append(getDependentAccess(whereColumnName, includes, excludes));
AD_Table_ID = m_recordDependentAccess[i].getAD_Table_ID();
// *** we found the column in the main query
if (m_recordDependentAccess[i].isExclude())
{
excludes.add(m_recordDependentAccess[i].getRecord_ID());
log.fine("Exclude " + columnName + " - " + m_recordDependentAccess[i]);
}
else if (!rw || !m_recordDependentAccess[i].isReadOnly())
{
includes.add(m_recordDependentAccess[i].getRecord_ID());
log.fine("Include " + columnName + " - " + m_recordDependentAccess[i]);
}
whereColumnName = getDependentRecordWhereColumn (mainSql, columnName);
} // for all dependent records
retSQL.append(getDependentAccess(whereColumnName, includes, excludes));
//
retSQL.append(orderBy);
log.finest(retSQL.toString());
return retSQL.toString();
} // addAccessSQL
/**
* Get Dependent Access
* @param whereColumnName column
* @param includes ids to include
* @param excludes ids to exclude
* @return where clause starting with AND or ""
*/
private String getDependentAccess(String whereColumnName,
ArrayList<Integer> includes, ArrayList<Integer> excludes)
{
if (includes.size() == 0 && excludes.size() == 0)
return "";
if (includes.size() != 0 && excludes.size() != 0)
log.warning("Mixing Include and Excluse rules - Will not return values");
StringBuffer where = new StringBuffer(" AND ");
if (includes.size() == 1)
where.append(whereColumnName).append("=").append(includes.get(0));
else if (includes.size() > 1)
{
where.append(whereColumnName).append(" IN (");
for (int ii = 0; ii < includes.size(); ii++)
{
if (ii > 0)
where.append(",");
where.append(includes.get(ii));
}
where.append(")");
}
else if (excludes.size() == 1)
where.append(whereColumnName).append("<>").append(excludes.get(0));
else if (excludes.size() > 1)
{
where.append(whereColumnName).append(" NOT IN (");
for (int ii = 0; ii < excludes.size(); ii++)
{
if (ii > 0)
where.append(",");
where.append(excludes.get(ii));
}
where.append(")");
}
log.finest(where.toString());
return where.toString();
} // getDependentAccess
/**
* Get Dependent Record Where clause
* @param mainSql sql to examine
* @param columnName columnName
* @return where clause column "x.columnName"
*/
private String getDependentRecordWhereColumn (String mainSql, String columnName)
{
String retValue = columnName; // if nothing else found
int index = mainSql.indexOf(columnName);
// see if there are table synonym
int offset = index - 1;
char c = mainSql.charAt(offset);
if (c == '.')
{
StringBuffer sb = new StringBuffer();
while (c != ' ' && c != ',' && c != '(') // delimeter
{
sb.insert(0, c);
c = mainSql.charAt(--offset);
}
sb.append(columnName);
return sb.toString();
}
return retValue;
} // getDependentRecordWhereColumn
/**
* UPADATE - Can I Update the record.
* Access error info (AccessTableNoUpdate) is saved in the log
*
* @param AD_Client_ID comntext to derive client/org/user level
* @param AD_Org_ID number of the current window to retrieve context
* @param AD_Table_ID int
* @param createError boolean
* @return true if you can update
* see org.compiere.model.MTable#dataSave(boolean)
**/
public boolean canUpdate (int AD_Client_ID, int AD_Org_ID,
int AD_Table_ID, int Record_ID, boolean createError)
{
String userLevel = getUserLevel(); // Format 'SCO'
if (userLevel.indexOf("S") != -1) // System cannot change anything
return true;
boolean retValue = true;
String whatMissing = "";
// System == Client=0 & Org=0
if (AD_Client_ID == 0 && AD_Org_ID == 0
&& userLevel.charAt(0) != 'S')
{
retValue = false;
whatMissing += "S";
}
// Client == Client!=0 & Org=0
else if (AD_Client_ID != 0 && AD_Org_ID == 0
&& userLevel.charAt(1) != 'C')
{
if (userLevel.charAt(2) == 'O' && isOrgAccess(AD_Org_ID, true))
; // Client+Org with access to *
else
{
retValue = false;
whatMissing += "C";
}
}
// Organization == Client!=0 & Org!=0
else if (AD_Client_ID != 0 && AD_Org_ID != 0
&& userLevel.charAt(2) != 'O')
{
retValue = false;
whatMissing += "O";
}
// Data Access
if (retValue)
retValue = isTableAccess(AD_Table_ID, false);
if (retValue && Record_ID != 0)
retValue = isRecordAccess(AD_Table_ID, Record_ID, false);
if (!retValue && createError)
{
log.saveError("AccessTableNoUpdate",
"AD_Client_ID=" + AD_Client_ID
+ ", AD_Org_ID=" + AD_Org_ID + ", UserLevel=" + userLevel
+ " => missing=" + whatMissing);
log.warning (toString());
}
return retValue;
} // canUpdate
/**
* VIEW - Can I view record in Table with given TableLevel.
* <code>
* TableLevel S__ 100 4 System info
* SCO 111 7 System shared info
* SC_ 110 6 System/Client info
* _CO 011 3 Client shared info
* _C_ 011 2 Client shared info
* __O 001 1 Organization info
* </code>
*
* @param ctx context
* @param TableLevel AccessLevel
* @return true/false
* Access error info (AccessTableNoUpdate, AccessTableNoView) is saved in the log
* see org.compiere.model.MTabVO#loadTabDetails(MTabVO, ResultSet)
**/
public boolean canView(Properties ctx, String TableLevel)
{
String userLevel = getUserLevel(); // Format 'SCO'
boolean retValue = true;
// 7 - All
if (X_AD_Table.ACCESSLEVEL_All.equals(TableLevel))
retValue = true;
// 4 - System data requires S
else if (X_AD_Table.ACCESSLEVEL_SystemOnly.equals(TableLevel)
&& userLevel.charAt(0) != 'S')
retValue = false;
// 2 - Client data requires C
else if (X_AD_Table.ACCESSLEVEL_ClientOnly.equals(TableLevel)
&& userLevel.charAt(1) != 'C')
retValue = false;
// 1 - Organization data requires O
else if (X_AD_Table.ACCESSLEVEL_Organization.equals(TableLevel)
&& userLevel.charAt(2) != 'O')
retValue = false;
// 3 - Client Shared requires C or O
else if (X_AD_Table.ACCESSLEVEL_ClientPlusOrganization.equals(TableLevel)
&& (!(userLevel.charAt(1) == 'C' || userLevel.charAt(2) == 'O')) )
retValue = false;
// 6 - System/Client requires S or C
else if (X_AD_Table.ACCESSLEVEL_SystemPlusClient.equals(TableLevel)
&& (!(userLevel.charAt(0) == 'S' || userLevel.charAt(1) == 'C')) )
retValue = false;
if (retValue)
return retValue;
// Notification
/**
if (forInsert)
log.saveError("AccessTableNoUpdate",
"(Required=" + TableLevel + "("
+ getTableLevelString(Env.getAD_Language(ctx), TableLevel)
+ ") != UserLevel=" + userLevel);
else
**/
log.saveError("AccessTableNoView",
"Required=" + TableLevel + "("
+ getTableLevelString(Env.getAD_Language(ctx), TableLevel)
+ ") != UserLevel=" + userLevel);
log.info (toString());
return retValue;
} // canView
/**
* Returns clear text String of TableLevel
* @param AD_Language language
* @param TableLevel level
* @return info
*/
private String getTableLevelString (String AD_Language, String TableLevel)
{
String level = TableLevel + "??";
if (TableLevel.equals("1"))
level = "AccessOrg";
else if (TableLevel.equals("2"))
level = "AccessClient";
else if (TableLevel.equals("3"))
level = "AccessClientOrg";
else if (TableLevel.equals("4"))
level = "AccessSystem";
else if (TableLevel.equals("6"))
level = "AccessSystemClient";
else if (TableLevel.equals("7"))
level = "AccessShared";
return Msg.getMsg(AD_Language, level);
} // getTableLevelString
/**
* Get Table ID from name
* @param tableName table name
* @return AD_Table_ID or 0
*/
private int getAD_Table_ID (String tableName)
{
loadTableInfo(false);
Integer ii = (Integer)m_tableName.get(tableName);
if (ii != null)
return ii.intValue();
// log.log(Level.WARNING,"getAD_Table_ID - not found (" + tableName + ")");
return 0;
} // getAD_Table_ID
/**
* Return Where clause for Record Access
* @param AD_Table_ID table
* @param keyColumnName (fully qualified) key column name
* @param rw true if read write
* @return where clause or ""
*/
private String getRecordWhere (int AD_Table_ID, String keyColumnName, boolean rw)
{
loadRecordAccess(false);
//
StringBuffer sbInclude = new StringBuffer();
StringBuffer sbExclude = new StringBuffer();
// Role Access
for (int i = 0; i < m_recordAccess.length; i++)
{
if (m_recordAccess[i].getAD_Table_ID() == AD_Table_ID)
{
// NOT IN (x)
if (m_recordAccess[i].isExclude())
{
if (sbExclude.length() == 0)
sbExclude.append(keyColumnName)
.append(" NOT IN (");
else
sbExclude.append(",");
sbExclude.append(m_recordAccess[i].getRecord_ID());
}
// IN (x)
else if (!rw || !m_recordAccess[i].isReadOnly()) // include
{
if (sbInclude.length() == 0)
sbInclude.append(keyColumnName)
.append(" IN (");
else
sbInclude.append(",");
sbInclude.append(m_recordAccess[i].getRecord_ID());
}
}
} // for all Table Access
StringBuffer sb = new StringBuffer();
if (sbExclude.length() > 0)
sb.append(sbExclude).append(")");
if (sbInclude.length() > 0)
{
if (sb.length() > 0)
sb.append(" AND ");
sb.append(sbInclude).append(")");
}
// Don't ignore Privacy Access
if (!isPersonalAccess())
{
String lockedIDs = MPrivateAccess.getLockedRecordWhere(AD_Table_ID, m_AD_User_ID);
if (lockedIDs != null)
{
if (sb.length() > 0)
sb.append(" AND ");
sb.append(keyColumnName).append(lockedIDs);
}
}
//
return sb.toString();
} // getRecordWhere
/**
* Show (Value) Preference Menu
* @return true if preference type is not None
*/
public boolean isShowPreference()
{
return !MRole.PREFERENCETYPE_None.equals(getPreferenceType());
} // isShowPreference
/**
* Org Access Summary
*/
class OrgAccess
{
/**
* Org Access constructor
* @param AD_Client_ID client
* @param AD_Org_ID org
* @param readOnly r/o
*/
public OrgAccess (int AD_Client_ID, int AD_Org_ID, boolean readOnly)
{
this.AD_Client_ID = AD_Client_ID;
this.AD_Org_ID = AD_Org_ID;
this.readOnly = readOnly;
}
/** Client */
public int AD_Client_ID = 0;
/** Organization */
public int AD_Org_ID = 0;
/** Read Only */
public boolean readOnly = true;
/**
* Equals
* @param obj object to compare
* @return true if equals
*/
public boolean equals (Object obj)
{
if (obj != null && obj instanceof OrgAccess)
{
OrgAccess comp = (OrgAccess)obj;
return comp.AD_Client_ID == AD_Client_ID
&& comp.AD_Org_ID == AD_Org_ID;
}
return false;
} // equals
/**
* Hash Code
* @return hash Code
*/
public int hashCode ()
{
return (AD_Client_ID*7) + AD_Org_ID;
} // hashCode
/**
* Extended String Representation
* @return extended info
*/
public String toString ()
{
String clientName = "System";
if (AD_Client_ID != 0)
clientName = MClient.get(getCtx(), AD_Client_ID).getName();
String orgName = "*";
if (AD_Org_ID != 0)
orgName = MOrg.get(getCtx(), AD_Org_ID).getName();
StringBuffer sb = new StringBuffer();
sb.append(Msg.translate(getCtx(), "AD_Client_ID")).append("=")
.append(clientName).append(" - ")
.append(Msg.translate(getCtx(), "AD_Org_ID")).append("=")
.append(orgName);
if (readOnly)
sb.append(" r/o");
return sb.toString();
} // toString
} // OrgAccess
} // MRole
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -