Permissions - bug fix: validation of actions

entity/PermissionAction_entity/PermissionAction_entity.aod

@@ -34,6 +34,7 @@
     </entityProvider>
     <entityConsumer>
       <name>PermissionDetails</name>
+      <onValidation>%aditoprj%/entity/PermissionAction_entity/entityfields/permissiondetails/onValidation.js</onValidation>
       <dependency>
         <name>dependency</name>
         <entityName>PermissionDetail_entity</entityName>

entity/PermissionAction_entity/entityfields/permissiondetails/onValidation.js

+import("system.logging");
+import("Sql_lib");
+import("system.db");
+import("system.vars");
+import("system.translate");
+import("system.result");
+import("Permission_lib");
+
+var alias = SqlUtils.getSystemAlias();
+var actionTitle = vars.get("$field.ACTION");
+var permissionId = vars.get("$param.PermissionId_param");
+var permCondInput = vars.get("$param.PermissionCondition_param");
+
+//var deletedRows = vars.get("$field." + pConsumerField + ".deletedRows");
+var deletedRows = vars.get("$field.PermissionDetails.deletedRows");
+logging.log("deleted rows: " + deletedRows);
+
+if (actionTitle == "null" || actionTitle == undefined || actionTitle == null || actionTitle == "") {
+    result.string(translate.text("Empty actions are not allowed!"));
+} else if (PermissionUtil.existsPermission(permissionId)) {
+    // existing permission
+    // check if action is already in DB
+    var actionsInDb = PermissionUtil.getPermissionAction(permissionId);
+    var sqlStr = "select COND from ASYS_PERMISSION where ASYS_PERMISSIONID='" + permissionId + "'";
+    var permCondDb = db.cell(sqlStr, alias);
+    
+    for each (var action in actionsInDb) {
+        if (PermissionUtil.resolvePermissionActionId(action) == actionTitle && permCondInput == permCondDb) {
+            result.string(translate.text("Action '" + actionTitle + "' already linked to this permission!"));
+            break;
+        }
+    }
+} else {
+    result.string(true);
+}
\ No newline at end of file

entity/PermissionAction_entity/onValidation.js

-import("Sql_lib");
-import("system.db");
 import("system.vars");
 import("system.translate");
 import("system.result");
-import("Permission_lib");
 
-var alias = SqlUtils.getSystemAlias();
 var actionTitle = vars.get("$field.ACTION");
-var permissionId = vars.get("$param.PermissionId_param");
-var permCondInput = vars.get("$param.PermissionCondition_param");
 
 if (actionTitle == "null" || actionTitle == undefined || actionTitle == null || actionTitle == "") {
     result.string(translate.text("Empty actions are not allowed!"));
-} else if (PermissionUtil.existsPermission(permissionId)) {
-    // existing permission
-    // check if action is already in DB
-    var actionsInDb = PermissionUtil.getPermissionAction(permissionId);
-    var sqlStr = "select COND from ASYS_PERMISSION where ASYS_PERMISSIONID='" + permissionId + "'";
-    var permCondDb = db.cell(sqlStr, alias);
-    
-    for each (var action in actionsInDb) {
-        if (PermissionUtil.resolvePermissionActionId(action) == actionTitle && permCondInput == permCondDb) {
-            result.string(translate.text("Action '" + actionTitle + "' already linked to this permission!"));
-            break;
-        }
-    }
-} else {
-    result.string(true);
 }
\ No newline at end of file

entity/PermissionDetail_entity/PermissionDetail_entity.aod

@@ -175,6 +175,7 @@
     </entityConsumer>
     <entityConsumer>
       <name>PermissionActions</name>
+      <onValidation>%aditoprj%/entity/PermissionDetail_entity/entityfields/permissionactions/onValidation.js</onValidation>
       <dependency>
         <name>dependency</name>
         <entityName>PermissionAction_entity</entityName>

entity/PermissionDetail_entity/entityfields/permissionactions/onValidation.js

+import("system.logging");
+import("Sql_lib");
+import("system.db");
+import("system.vars");
+import("system.translate");
+import("system.result");
+import("Permission_lib");
+
+var allowedNumberOfActionsForRecordPermission = 3;
+var allowedNumberOfActionsForEntityPermissions = 2;
+var allowedNumberOfActionsForFieldPermissions = 2;
+
+var entityTitle = vars.get("$field.ENTITY");
+var roleTitle = vars.get("$field.ROLE");
+var fieldTitle = vars.get("$field.FIELD");
+var accesstype = vars.get("$field.ACCESSTYPE");
+var permCondInput = vars.get("$field.CONDITION");
+var permCondType = vars.get("$field.CONDTYPE");
+var permissionId = PermissionUtil.getPermission(roleTitle, entityTitle, fieldTitle, accesstype, permCondInput, permCondType);
+var actionsInDb = PermissionUtil.getPermissionAction(permissionId);
+
+var actionsAsStringArray = vars.get("$field.ACTION").split(","); // only useful while working with already existing permissions
+
+var deletedRows = vars.get("$field.PermissionActions.deletedRows");
+var changedRows = vars.get("$field.PermissionActions.changedRows");
+var insertedRows = vars.get("$field.PermissionActions.insertedRows");
+
+logging.log("del rows: " + deletedRows.toSource());
+logging.log("cha rows: " + changedRows.toSource());
+logging.log("ins rows: " + insertedRows.toSource());
+
+if (PermissionUtil.existsPermission(permissionId)) {
+    // old permission
+    // insert nur möglich, wenn gleiche action auch gelöscht wurde, oder zuvor nicht da war
+    for each (let row in insertedRows) {
+        var actionGotJustDelted = false;
+        if (PermissionUtil.actionExists(row.ACTION, permissionId)) {
+            for each (let delRow in deletedRows) {
+                if (row.ACTION == delRow.ACTION) {
+                    actionGotJustDelted = true;
+                }
+            }
+            if (!actionGotJustDelted) {
+                result.string(translate.text("Action '" + row.ACTION + "' already linked to this permission."));
+            }
+        }
+    }
+    
+    for each (let row in changedRows) {
+        if (PermissionUtil.actionExists(row.ACTION, permissionId) && actionsAsStringArray.indexOf(row.ACTION) == -1) {
+            result.string(translate.text("Action '" + row.ACTION + "' already linked to this permission."));
+        }
+    }
+} else {
+    // new permission
+    if (insertedRows.length > 1) {
+        for (let i = 0; i < insertedRows.length-1; i++) {
+            for (let j = i + 1; j < insertedRows.length; j++) {
+                if (insertedRows[i].ACTION == insertedRows[j].ACTION) {
+                    result.string(translate.text("No duplicates allowed: action '" + insertedRows[i].ACTION + "'"));
+                }
+            }
+        }
+    }
+    
+}
+
+if (insertedRows.length > 0) {
+    switch (accesstype) {
+        case "E":
+            if (actionsInDb.length >= allowedNumberOfActionsForEntityPermissions && !actionGotJustDelted) {
+                result.string(translate.text("Only " + allowedNumberOfActionsForEntityPermissions + " actions allowed for this type of permission."));
+            }
+            break;
+        case "R":
+            if (actionsInDb.length >= allowedNumberOfActionsForRecordPermission && !actionGotJustDelted) {
+                result.string(translate.text("Only " + allowedNumberOfActionsForRecordPermission + " actions allowed for this type of permission."));
+            }
+            break;
+        case "F":
+            if (actionsInDb.length >= allowedNumberOfActionsForFieldPermissions && !actionGotJustDelted) {
+                result.string(translate.text("Only " + allowedNumberOfActionsForFieldPermissions + " actions allowed for this type of permission."));
+            }
+            break;
+        default:
+            result.string(translate.text("This error should never appear - contact administrator."));
+    }
+}
\ No newline at end of file