1036804 Berechtigung - Entitätsübersicht

application/_____SYSTEM_APPLICATION_NEON/_____SYSTEM_APPLICATION_NEON.aod

-<?xml version="1.0" encoding="UTF-8"?>
-<application xmlns="http://www.adito.de/2018/ao/Model" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" VERSION="1.2.0" xsi:schemaLocation="http://www.adito.de/2018/ao/Model adito://models/xsd/application/1.2.0">
-  <name>_____SYSTEM_APPLICATION_NEON</name>
-  <majorModelMode>DISTRIBUTED</majorModelMode>
-  <entityNode name="_____SYSTEM_COMPANY" kind="200">
-    <node name="CONTACTS" kind="123" title="Contactmanagement">
-      <icon>VAADIN:CONNECT</icon>
-      <node name="Group1" kind="123" title="">
-        <node name="Person" kind="10077" />
-        <node name="Organisation" kind="10077" />
-        <node name="Activity" kind="10077" />
-        <node name="Task" kind="10077" />
-        <node name="INTERNAL_ADMINISTRATOR" kind="159" />
-      </node>
-    </node>
-    <node name="SALES" kind="123" title="Sales">
-      <icon>VAADIN:BRIEFCASE</icon>
-      <node name="Group2" kind="123" title="">
-        <node name="Vertriebsdashboard" kind="10090" />
-        <node name="Salesproject" kind="10077" />
-        <node name="Offer" kind="10077" />
-        <node name="Order" kind="10077" />
-        <node name="Contract" kind="10077" />
-        <node name="Product" kind="10077" />
-        <node name="Turnover" kind="10077" />
-        <node name="INTERNAL_ADMINISTRATOR" kind="159" />
-      </node>
-    </node>
-    <node name="ADMINISTRATION" kind="123" title="Administration">
-      <icon>VAADIN:CONTROLLER</icon>
-      <node name="Group3" kind="123" title="">
-        <node name="Attribute" kind="10077" />
-        <node name="KeywordEntry" kind="10077" />
-        <node name="KeywordAttribute" kind="10077" />
-        <node name="Employee" kind="10077" />
-        <node name="ObjectRelationType" kind="10077" />
-        <node name="INTERNAL_ADMINISTRATOR" kind="159" />
-      </node>
-    </node>
-  </entityNode>
-  <company>
-    <name>company</name>
-    <title></title>
-  </company>
-</application>
+<?xml version="1.0" encoding="UTF-8"?>
+<application xmlns="http://www.adito.de/2018/ao/Model" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" VERSION="1.2.0" xsi:schemaLocation="http://www.adito.de/2018/ao/Model adito://models/xsd/application/1.2.0">
+  <name>_____SYSTEM_APPLICATION_NEON</name>
+  <majorModelMode>DISTRIBUTED</majorModelMode>
+  <entityNode name="_____SYSTEM_COMPANY" kind="200">
+    <node name="CONTACTS" kind="123" title="Contactmanagement">
+      <icon>VAADIN:CONNECT</icon>
+      <node name="Group1" kind="123" title="">
+        <node name="Person" kind="10077" />
+        <node name="Organisation" kind="10077" />
+        <node name="Activity" kind="10077" />
+        <node name="Task" kind="10077" />
+        <node name="INTERNAL_ADMINISTRATOR" kind="159" />
+      </node>
+    </node>
+    <node name="SALES" kind="123" title="Sales">
+      <icon>VAADIN:BRIEFCASE</icon>
+      <node name="Group2" kind="123" title="">
+        <node name="Vertriebsdashboard" kind="10090" />
+        <node name="Salesproject" kind="10077" />
+        <node name="Offer" kind="10077" />
+        <node name="Order" kind="10077" />
+        <node name="Contract" kind="10077" />
+        <node name="Product" kind="10077" />
+        <node name="Turnover" kind="10077" />
+        <node name="INTERNAL_ADMINISTRATOR" kind="159" />
+      </node>
+    </node>
+    <node name="ADMINISTRATION" kind="123" title="Administration">
+      <icon>VAADIN:CONTROLLER</icon>
+      <node name="Group3" kind="123" title="">
+        <node name="Attribute" kind="10077" />
+        <node name="KeywordEntry" kind="10077" />
+        <node name="KeywordAttribute" kind="10077" />
+        <node name="Employee" kind="10077" />
+        <node name="ObjectRelationType" kind="10077" />
+        <node name="Role" kind="10077" />
+        <node name="PermissionMetaData" kind="10077" />
+        <node name="PermissionAdmin" kind="10077" />
+        <node name="INTERNAL_ADMINISTRATOR" kind="159" />
+      </node>
+    </node>
+  </entityNode>
+  <company>
+    <name>company</name>
+    <title></title>
+  </company>
+</application>

entity/PermissionAction_entity/PermissionAction_entity.aod

+<?xml version="1.0" encoding="UTF-8"?>
+<entity xmlns="http://www.adito.de/2018/ao/Model" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" VERSION="1.3.1" xsi:schemaLocation="http://www.adito.de/2018/ao/Model adito://models/xsd/entity/1.3.1">
+  <name>PermissionAction_entity</name>
+  <majorModelMode>DISTRIBUTED</majorModelMode>
+  <iconId>VAADIN:SHIELD</iconId>
+  <recordContainer>db</recordContainer>
+  <entityFields>
+    <entityProvider>
+      <name>#PROVIDER</name>
+      <dependencies>
+        <entityDependency>
+          <name>754e3cfc-7bc8-4dfa-a56e-1a4d12570fb2</name>
+          <entityName>PermissionDetail_entity</entityName>
+          <fieldName>PermissionActions</fieldName>
+          <isConsumer v="false" />
+        </entityDependency>
+      </dependencies>
+    </entityProvider>
+    <entityField>
+      <name>AB_PERMISSIONACTIONID</name>
+      <title>Permission Action</title>
+      <valueProcess>%aditoprj%/entity/PermissionAction_entity/entityfields/ab_permissionactionid/valueProcess.js</valueProcess>
+    </entityField>
+    <entityField>
+      <name>AB_PERMISSION_ID</name>
+      <title>Parent Permission Action</title>
+    </entityField>
+    <entityField>
+      <name>ACTION</name>
+      <title>Action</title>
+    </entityField>
+    <entityProvider>
+      <name>PermissionActions</name>
+      <fieldType>DEPENDENCY_IN</fieldType>
+      <recordContainer>db</recordContainer>
+      <dependencies>
+        <entityDependency>
+          <name>504fe751-0e93-4ce3-aed7-26a669fd8ce4</name>
+          <entityName>Permission_entity</entityName>
+          <fieldName>PermissionPermissionActions</fieldName>
+          <isConsumer v="false" />
+        </entityDependency>
+      </dependencies>
+    </entityProvider>
+    <entityParameter>
+      <name>PermissionId_param</name>
+      <expose v="true" />
+      <triggerRecalculation v="true" />
+      <mandatory v="true" />
+      <description>PARAMETER</description>
+    </entityParameter>
+  </entityFields>
+  <recordContainers>
+    <dbRecordContainer>
+      <name>db</name>
+      <alias>Data_alias</alias>
+      <conditionProcess>%aditoprj%/entity/PermissionAction_entity/recordcontainers/db/conditionProcess.js</conditionProcess>
+      <linkInformation>
+        <linkInformation>
+          <name>164b4d98-4458-40ed-8fa9-f29aef333372</name>
+          <tableName>AB_PERMISSIONACTION</tableName>
+          <primaryKey>AB_PERMISSIONACTIONID</primaryKey>
+          <isUIDTable v="false" />
+          <readonly v="false" />
+        </linkInformation>
+      </linkInformation>
+      <recordFieldMappings>
+        <dbRecordFieldMapping>
+          <name>AB_PERMISSION_ID.value</name>
+          <recordfield>AB_PERMISSIONACTION.AB_PERMISSION_ID</recordfield>
+        </dbRecordFieldMapping>
+        <dbRecordFieldMapping>
+          <name>AB_PERMISSIONACTIONID.value</name>
+          <recordfield>AB_PERMISSIONACTION.AB_PERMISSIONACTIONID</recordfield>
+        </dbRecordFieldMapping>
+        <dbRecordFieldMapping>
+          <name>ACTION.value</name>
+          <recordfield>AB_PERMISSIONACTION.ACTION</recordfield>
+        </dbRecordFieldMapping>
+      </recordFieldMappings>
+    </dbRecordContainer>
+  </recordContainers>
+</entity>

entity/PermissionAction_entity/entityfields/ab_permissionactionid/valueProcess.js

+import("system.neon");
+import("system.result");
+import("system.util");
+import("system.vars");
+
+if(vars.get("$sys.operatingstate") == neon.OPERATINGSTATE_NEW)
+    result.string(util.getNewUUID());
\ No newline at end of file

entity/PermissionAction_entity/recordcontainers/db/conditionProcess.js

+import("system.vars");
+import("system.db");
+import("system.result");
+
+if (vars.get("$param.PermissionId_param"))
+    result.string(db.translateCondition("AB_PERMISSION_ID = '" + vars.get("$param.PermissionId_param") + "'"));
\ No newline at end of file

entity/PermissionAdmin_entity/PermissionAdmin_entity.aod

+<?xml version="1.0" encoding="UTF-8"?>
+<entity xmlns="http://www.adito.de/2018/ao/Model" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" VERSION="1.3.1" xsi:schemaLocation="http://www.adito.de/2018/ao/Model adito://models/xsd/entity/1.3.1">
+  <name>PermissionAdmin_entity</name>
+  <title>Permission Admin</title>
+  <majorModelMode>DISTRIBUTED</majorModelMode>
+  <iconId>VAADIN:SHIELD</iconId>
+  <recordContainer>JDito</recordContainer>
+  <entityFields>
+    <entityProvider>
+      <name>#PROVIDER</name>
+    </entityProvider>
+    <entityField>
+      <name>UID</name>
+    </entityField>
+    <entityConsumer>
+      <name>PermissionSets</name>
+      <fieldType>DEPENDENCY_OUT</fieldType>
+      <dependency>
+        <name>dependency</name>
+        <entityName>PermissionSet_entity</entityName>
+        <fieldName>PermissionSets</fieldName>
+      </dependency>
+    </entityConsumer>
+  </entityFields>
+  <recordContainers>
+    <jDitoRecordContainer>
+      <name>JDito</name>
+      <contentProcess>%aditoprj%/entity/PermissionAdmin_entity/recordcontainers/jdito/contentProcess.js</contentProcess>
+      <recordFields>
+        <element>UID.value</element>
+      </recordFields>
+    </jDitoRecordContainer>
+  </recordContainers>
+</entity>

entity/PermissionAdmin_entity/recordcontainers/jdito/contentProcess.js

+import("system.result");
+result.object([["0"]])
\ No newline at end of file

entity/PermissionDetail_entity/PermissionDetail_entity.aod

+<?xml version="1.0" encoding="UTF-8"?>
+<entity xmlns="http://www.adito.de/2018/ao/Model" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" VERSION="1.3.1" xsi:schemaLocation="http://www.adito.de/2018/ao/Model adito://models/xsd/entity/1.3.1">
+  <name>PermissionDetail_entity</name>
+  <majorModelMode>DISTRIBUTED</majorModelMode>
+  <iconIdProcess>%aditoprj%/entity/PermissionDetail_entity/iconIdProcess.js</iconIdProcess>
+  <titleProcess>%aditoprj%/entity/PermissionDetail_entity/titleProcess.js</titleProcess>
+  <recordContainer>jDito</recordContainer>
+  <entityFields>
+    <entityProvider>
+      <name>#PROVIDER</name>
+    </entityProvider>
+    <entityField>
+      <name>CONDITION</name>
+      <title>Condition</title>
+    </entityField>
+    <entityField>
+      <name>ACTION</name>
+      <title>Action</title>
+      <consumer>KeywordAction</consumer>
+      <searchable v="false" />
+    </entityField>
+    <entityField>
+      <name>ROLE</name>
+      <title>Role</title>
+      <consumer>Roles</consumer>
+      <linkedContext>Role</linkedContext>
+      <groupable v="true" />
+    </entityField>
+    <entityField>
+      <name>ENTITY</name>
+      <title>Entity</title>
+      <consumer>MetaData</consumer>
+      <linkedContext>PermissionMetaData</linkedContext>
+      <groupable v="true" />
+    </entityField>
+    <entityField>
+      <name>FIELD</name>
+      <title>Field</title>
+      <groupable v="true" />
+    </entityField>
+    <entityField>
+      <name>UID</name>
+      <title>PermissionId</title>
+    </entityField>
+    <entityField>
+      <name>ICON</name>
+    </entityField>
+    <entityField>
+      <name>ACCESSTYPE</name>
+      <title>Access type</title>
+      <consumer>KeywordAccessType</consumer>
+      <groupable v="true" />
+    </entityField>
+    <entityField>
+      <name>CONDTYPE</name>
+      <title>Condition Type</title>
+      <consumer>KeywordConditionType</consumer>
+      <displayValueProcess>%aditoprj%/entity/PermissionDetail_entity/entityfields/condtype/displayValueProcess.js</displayValueProcess>
+    </entityField>
+    <entityField>
+      <name>PARENT</name>
+      <title>Parent</title>
+    </entityField>
+    <entityProvider>
+      <name>Permissions</name>
+      <fieldType>DEPENDENCY_IN</fieldType>
+      <recordContainer>jDito</recordContainer>
+      <dependencies>
+        <entityDependency>
+          <name>b1a6483c-e7b1-4eb7-aa22-d0e9d0ef0b49</name>
+          <entityName>Role_entity</entityName>
+          <fieldName>Permissions</fieldName>
+          <isConsumer v="false" />
+        </entityDependency>
+        <entityDependency>
+          <name>cc0e9a4d-5d82-4407-bc4e-698dcfae5c86</name>
+          <entityName>PermissionMetaData_entity</entityName>
+          <fieldName>PermissionDetails</fieldName>
+          <isConsumer v="false" />
+        </entityDependency>
+      </dependencies>
+    </entityProvider>
+    <entityParameter>
+      <name>RoleTitle_param</name>
+      <expose v="true" />
+      <description>PARAMETER</description>
+    </entityParameter>
+    <entityConsumer>
+      <name>Roles</name>
+      <fieldType>DEPENDENCY_OUT</fieldType>
+      <dependency>
+        <name>dependency</name>
+        <entityName>Role_entity</entityName>
+        <fieldName>Roles</fieldName>
+      </dependency>
+    </entityConsumer>
+    <entityConsumer>
+      <name>MetaData</name>
+      <fieldType>DEPENDENCY_OUT</fieldType>
+      <dependency>
+        <name>dependency</name>
+        <entityName>PermissionMetaData_entity</entityName>
+        <fieldName>MetaData</fieldName>
+      </dependency>
+    </entityConsumer>
+    <entityParameter>
+      <name>EntityTitle_param</name>
+      <expose v="true" />
+      <description>PARAMETER</description>
+    </entityParameter>
+    <entityConsumer>
+      <name>KeywordConditionType</name>
+      <fieldType>DEPENDENCY_OUT</fieldType>
+      <dependency>
+        <name>dependency</name>
+        <entityName>KeywordEntry_entity</entityName>
+        <fieldName>SpecificContainerKeywords</fieldName>
+      </dependency>
+      <children>
+        <entityParameter>
+          <name>ContainerName_param</name>
+          <valueProcess>%aditoprj%/entity/PermissionDetail_entity/entityfields/keywordconditiontype/children/containername_param/valueProcess.js</valueProcess>
+          <expose v="false" />
+        </entityParameter>
+      </children>
+    </entityConsumer>
+    <entityConsumer>
+      <name>KeywordAccessType</name>
+      <fieldType>DEPENDENCY_OUT</fieldType>
+      <dependency>
+        <name>dependency</name>
+        <entityName>KeywordEntry_entity</entityName>
+        <fieldName>SpecificContainerKeywords</fieldName>
+      </dependency>
+      <children>
+        <entityParameter>
+          <name>ContainerName_param</name>
+          <valueProcess>%aditoprj%/entity/PermissionDetail_entity/entityfields/keywordaccesstype/children/containername_param/valueProcess.js</valueProcess>
+          <expose v="false" />
+        </entityParameter>
+      </children>
+    </entityConsumer>
+    <entityConsumer>
+      <name>KeywordAction</name>
+      <fieldType>DEPENDENCY_OUT</fieldType>
+      <dependency>
+        <name>dependency</name>
+        <entityName>KeywordEntry_entity</entityName>
+        <fieldName>SpecificContainerKeywords</fieldName>
+      </dependency>
+      <children>
+        <entityParameter>
+          <name>ContainerName_param</name>
+          <valueProcess>%aditoprj%/entity/PermissionDetail_entity/entityfields/keywordaction/children/containername_param/valueProcess.js</valueProcess>
+          <expose v="false" />
+        </entityParameter>
+      </children>
+    </entityConsumer>
+  </entityFields>
+  <recordContainers>
+    <jDitoRecordContainer>
+      <name>jDito</name>
+      <jDitoRecordAlias>Data_alias</jDitoRecordAlias>
+      <contentProcess>%aditoprj%/entity/PermissionDetail_entity/recordcontainers/jdito/contentProcess.js</contentProcess>
+      <onInsert>%aditoprj%/entity/PermissionDetail_entity/recordcontainers/jdito/onInsert.js</onInsert>
+      <onUpdate>%aditoprj%/entity/PermissionDetail_entity/recordcontainers/jdito/onUpdate.js</onUpdate>
+      <onDelete>%aditoprj%/entity/PermissionDetail_entity/recordcontainers/jdito/onDelete.js</onDelete>
+      <recordFields>
+        <element>UID.value</element>
+        <element>ENTITY.value</element>
+        <element>ROLE.value</element>
+        <element>FIELD.value</element>
+        <element>CONDITION.value</element>
+        <element>ACTION.value</element>
+        <element>ACCESSTYPE.value</element>
+        <element>CONDTYPE.value</element>
+        <element>PARENT.value</element>
+      </recordFields>
+    </jDitoRecordContainer>
+  </recordContainers>
+</entity>

entity/PermissionDetail_entity/entityfields/condtype/displayValueProcess.js

+import("system.logging");
+import("system.result");
+import("system.vars");
+import("Keyword_lib");
+import("KeywordRegistry_basic");
+
+logging.log("condtype: " + vars.get("$field.CONDTYPE"));
+logging.log("getViewValue: " + KeywordUtils.getViewValue($KeywordRegistry.permissionConditionType(), vars.get("$field.CONDTYPE")));
+result.string(KeywordUtils.getViewValue($KeywordRegistry.permissionConditionType(), vars.get("$field.CONDTYPE")));

entity/PermissionDetail_entity/entityfields/keywordaccesstype/children/containername_param/valueProcess.js

+import("system.result");
+import("Keyword_lib");
+import("KeywordRegistry_basic");
+
+result.string($KeywordRegistry.permissionAccessType());

entity/PermissionDetail_entity/entityfields/keywordaction/children/containername_param/valueProcess.js

+import("system.result");
+import("Keyword_lib");
+import("KeywordRegistry_basic");
+
+result.string($KeywordRegistry.permissionAction());

entity/PermissionDetail_entity/entityfields/keywordconditiontype/children/containername_param/valueProcess.js

+import("system.result");
+import("Keyword_lib");
+import("KeywordRegistry_basic");
+
+result.string($KeywordRegistry.permissionConditionType());

entity/PermissionDetail_entity/iconIdProcess.js

+import("system.vars");
+import("system.result");
+
+switch (vars.get("$field.ACCESSTYPE")) {
+    case "E":
+        if (vars.exists("$param.RoleTitle_param") && vars.get("$param.RoleTitle_param")) {
+            result.string("VAADIN:CONNECT");
+        } else if (vars.exists("$param.EntityTitle_param") && vars.get("$param.EntityTitle_param")) {
+            result.string("VAADIN:USER_CHECK");
+        }
+        break;
+    case "R":
+        result.string("VAADIN:FILE_TEXT_O")
+        break;
+    case "F":
+        result.string("VAADIN:COMBOBOX");
+        break;
+    default:
+        result.string("VAADIN:SHIELD");
+        break;
+}

entity/PermissionDetail_entity/recordcontainers/jdito/contentProcess.js

+import("system.util");
+import("system.vars");
+import("system.db");
+import("system.result");
+import("Permission_lib");
+
+var selectedPermission = vars.get("$local.idvalues");
+var sqlStr;
+var whereCond = "";
+
+if (vars.exists("$param.RoleTitle_param") && vars.get("$param.RoleTitle_param")) {
+    whereCond = " where AB_PERMISSIONSET.ROLE_ID = '" + vars.getString("$param.RoleTitle_param") + "'";
+} else if (vars.exists("$param.EntityTitle_param") && vars.get("$param.EntityTitle_param")) {
+    whereCond = " where AB_PERMISSIONSET.ENTITY_ID = '" + vars.getString("$param.EntityTitle_param") + "'";
+}
+
+sqlStr = 
+    "select AB_PERMISSION.AB_PERMISSIONID, AB_PERMISSIONSET.ENTITY_ID, AB_PERMISSIONSET.ROLE_ID,"
+    + " AB_PERMISSIONSET.FIELD_ID, AB_PERMISSION.COND, AB_PERMISSIONACTION.ACTION, AB_PERMISSIONSET.ACCESSTYPE, AB_PERMISSION.CONDTYPE from AB_PERMISSIONSET"
+    + " join AB_PERMISSION on AB_PERMISSION.AB_PERMISSIONSET_ID = AB_PERMISSIONSET.AB_PERMISSIONSETID"
+    + " join AB_PERMISSIONACTION on AB_PERMISSIONACTION.AB_PERMISSION_ID = AB_PERMISSION.AB_PERMISSIONID"
+    + whereCond
+    + " order by AB_PERMISSION.AB_PERMISSIONID";
+
+var sqlRes = db.table(sqlStr);
+var permissionTable = PermissionUtil.convertArrToObj(sqlRes);
+
+// group all permissions by permissionid and condition, concat actions
+var groupedPermissionTable = [], concatAction;
+for (let i = 0; i < permissionTable.length - 1; i++) {
+    for (let j = i + 1; j < permissionTable.length; j++) {
+        if (permissionTable[i].permissionid == permissionTable[j].permissionid && permissionTable[i].cond == permissionTable[j].cond) {
+            var currPermId = permissionTable[i].permissionid;
+            var indexCurrPermGrouped = PermissionUtil.indexOfPermId(groupedPermissionTable, currPermId);
+            if (indexCurrPermGrouped > -1) {
+                // permissionset got already grouped before
+                // concat current action with the actions which got already grouped
+                concatAction = groupedPermissionTable[indexCurrPermGrouped].action + "," + permissionTable[j].action;
+                groupedPermissionTable[indexCurrPermGrouped].action = concatAction;
+                break;
+            } else {
+                concatAction = permissionTable[i].action + "," + permissionTable[j].action;
+                groupedPermissionTable.push(permissionTable[i]);
+                groupedPermissionTable[groupedPermissionTable.length-1].action = concatAction;
+                break;
+            }
+        }
+    }
+}
+
+var res = [];
+var permissionTableOrigin = PermissionUtil.convertArrToObj(sqlRes);
+
+// no permission selected, return all permission entrys
+if (selectedPermission == null) {
+    for each (let entry in groupedPermissionTable) {
+        res = prepareResultArray(entry, res);
+    }
+
+    for each (let entry in permissionTableOrigin) {
+        if (PermissionUtil.indexOfPermId(PermissionUtil.convertArrToObj(res), entry.permissionid) == -1) {
+            res = prepareResultArray(entry, res);
+        }
+    }
+} else { // permission selected, return only the selected permission entry
+    for each (let entry in groupedPermissionTable) {
+        if (selectedPermission == entry.permissionid) {
+            res = prepareResultArray(entry, res);
+            break;
+        }
+    }
+
+    for each (let entry in permissionTableOrigin) {
+        if (selectedPermission == entry.permissionid) {
+            if (PermissionUtil.indexOfPermId(PermissionUtil.convertArrToObj(res), entry.permissionid) == -1) {
+                res = prepareResultArray(entry, res);
+                break;
+            }
+        }
+    }
+}
+
+result.object(res.sort(sortFunction));
+
+function prepareResultArray(pEntry, pRes) {
+    var rootPermission = "";
+    if (pEntry.accesstype != "E") {
+        if (pEntry.accesstype == "F" && pEntry.cond != "") {
+            rootPermission = PermissionUtil.getRootFieldPermission(pEntry.permissionid);
+            if (rootPermission == "") {
+                rootPermission = PermissionUtil.getRootPermission(pEntry.permissionid);
+            }
+        } else 
+            rootPermission = PermissionUtil.getRootPermission(pEntry.permissionid);        
+    }
+    pRes.push([pEntry.permissionid, pEntry.entity, pEntry.role, pEntry.field, pEntry.cond, pEntry.action, pEntry.accesstype, pEntry.condtype, rootPermission]);
+    return pRes;
+}
+
+// used to sort result array: Entity -> Records -> Fields
+function sortFunction(a, b) {
+    if (a[6] == b[6] && a[6] != "F" && a[6] != "R")
+        return 0;
+    else if (a[6] == "E")
+        return -1;
+    else if (b[6] == "E")
+        return 1;
+    else if (a[6] == "R" && b[6] == "F")
+        return -1;
+    else if (a[6] == "F" && b[6] == "R")
+        return 1;
+    else if (a[6] == "R" && b[6] == "R" && a[4] == "")
+        return -1;
+    else if (a[6] == "R" && b[6] == "R" && b[4] == "")
+        return 1;
+    else if (a[6] == "F" && b[6] == "F" && a[4] == "")
+        return -1;
+    else if (a[6] == "F" && b[6] == "F" && b[4] == "")
+        return 1;
+    else
+        return 0;
+}
\ No newline at end of file

entity/PermissionDetail_entity/recordcontainers/jdito/onDelete.js

+import("system.logging");
+import("system.db");
+import("system.vars");
+import("Permission_lib");
+
+var permId = vars.get("$field.UID");
+var accessType = vars.get("$field.ACCESSTYPE");
+var parentPermSetId = PermissionUtil.getParentPermissionSet(permId);
+var linkedActions = PermissionUtil.getAllChildPermissionActions(permId);
+
+var sqlCondDelAction = SqlCondition.begin()
+.and("AB_PERMISSIONACTION.AB_PERMISSIONACTIONID in ('" + linkedActions.join("','") + "')")
+.build();
+var sqlCondDelPerm = SqlCondition.begin()
+.and("AB_PERMISSION.AB_PERMISSIONID = '" + permId + "'")
+.build();
+var sqlCondDelPermSet = SqlCondition.begin()
+.and("AB_PERMISSIONSET.AB_PERMISSIONSETID = '" + parentPermSetId + "'")
+.build();
+
+switch (accessType) {
+    case "E":
+        var allPermSets = PermissionUtil.getAllChildPermissionSets(parentPermSetId);
+        allPermSets.push(parentPermSetId);
+        var allPerms = PermissionUtil.getAllPermissions(allPermSets);
+        var allPermActions = PermissionUtil.getAllPermissionActions(allPerms);
+        
+        sqlCondDelAction = SqlCondition.begin()
+        .and("AB_PERMISSIONACTION.AB_PERMISSIONACTIONID in ('" + allPermActions.join("','") + "')")
+        .build();
+        sqlCondDelPerm = SqlCondition.begin()
+        .and("AB_PERMISSION.AB_PERMISSIONID in ('" + allPerms.join("','") + "')")
+        .build();
+        sqlCondDelPermSet = SqlCondition.begin()
+        .and("AB_PERMISSIONSET.AB_PERMISSIONSETID in ('" + allPermSets.join("','") + "')")
+        .build();
+        
+        db.deleteData("AB_PERMISSIONACTION", sqlCondDelAction); // delete all actions
+        db.deleteData("AB_PERMISSION", sqlCondDelPerm); // delete all permissions
+        db.deleteData("AB_PERMISSIONSET", sqlCondDelPermSet); // delete all permission sets
+        break;
+    default:
+        db.deleteData("AB_PERMISSIONACTION", sqlCondDelAction); // delete all actions of the selected permission
+        db.deleteData("AB_PERMISSION", sqlCondDelPerm); // delete the selected permission
+        break;
+}
+
+if (PermissionUtil.permSetIsEmpty(parentPermSetId)) {
+    db.deleteData("AB_PERMISSIONSET", sqlCondDelPermSet); // delete empty permissionset
+}
\ No newline at end of file

entity/PermissionDetail_entity/recordcontainers/jdito/onInsert.js

+import("system.neon");
+import("system.util");
+import("system.db");
+import("system.vars");
+import("Permission_lib");
+
+var table, cols, vals;
+var sqlExt = "";
+var permissionid = util.getNewUUID();
+var role = vars.get("$field.ROLE");
+var entity = vars.get("$field.ENTITY");
+var field = vars.get("$field.FIELD");
+var accesstype = vars.get("$field.ACCESSTYPE").trim();
+var condtype = vars.get("$field.CONDTYPE").trim();
+var condition = vars.get("$field.CONDITION");
+var action = vars.get("$field.ACTION").trim();
+
+if (checkInput([role, entity, accesstype, condtype, action])) {
+    // calculate accesstype
+    if (field != undefined && field != null && field != "")
+        sqlExt += " and FIELD_ID = '" + field + "'";
+    else if (action.includes("view") || action.includes("create"))
+        sqlExt += " and ACCESSTYPE = 'E'";
+    else 
+        sqlExt += " and ACCESSTYPE = 'R'";
+
+    var sqlStr = "select AB_PERMISSIONSETID from AB_PERMISSIONSET where ENTITY_ID = '" + entity + "' and ROLE_ID = '" + role + "'" + sqlExt;
+    var permissionsetid = db.cell(sqlStr);
+
+    if (permissionsetid == undefined || permissionsetid == null || permissionsetid == "") {
+        // no fitting permissionset found - insert new permissionset
+        table = "AB_PERMISSIONSET";
+        cols = db.getColumns(table);
+        permissionsetid = util.getNewUUID();
+        var rootpermissionset;
+        if (accesstype == "E") 
+            rootpermissionset = "";
+        else {
+            sqlStr = "select AB_PERMISSIONSETID from AB_PERMISSIONSET where ENTITY_ID = '" + entity + "' and ROLE_ID = '" + role + "' and ACCESSTYPE = 'E'";
+            rootpermissionset = db.cell(sqlStr);
+        }
+        vals = [permissionsetid, rootpermissionset, accesstype, entity, field, role];
+        db.insertData(table, cols, null, vals);
+    }
+
+    // check if insert or update
+    table = "AB_PERMISSION";
+    var existingPermId = permExists(role, entity, field, accesstype, condtype, condition);
+    if (existingPermId != null && existingPermId != undefined && existingPermId != "") {
+        permissionid = existingPermId;
+    } else {
+        // permission doesnt exist, insert new permission
+        cols = db.getColumns(table);
+        vals = [permissionid, permissionsetid, condition, condtype];
+        db.insertData(table, cols, null, vals);
+    }
+    
+    // insert new permissionaction
+    table = "AB_PERMISSIONACTION";
+    cols = db.getColumns(table);
+    var actionNew = action.split(",");
+    var dbInserts = 0;
+    for each (let permaction in actionNew) {
+        vals = [util.getNewUUID(), permissionid, permaction];
+        dbInserts += db.insertData(table, cols, null, vals);
+    }
+}
+
+function checkInput(pInputArr) {
+    for each (var input in pInputArr) {
+        if (input == undefined || input == null || input == "")
+            return false;
+    }
+    return true;
+}
+
+function permExists(pRole, pEntity, pField, pAccesstype, pCondtype, pCondition) {
+    var sqlExt = "";
+    if (pCondition != null && pCondition != undefined && pCondition != "")
+        sqlExt += " and COND = '" + pCondition + "'";
+    if (pField != null && pField != undefined && pField != "")
+        sqlExt += " and FIELD_ID = '" + pField + "'";
+    var sqlStr = "select AB_PERMISSION.AB_PERMISSIONID from AB_PERMISSIONSET"
+    + " join AB_PERMISSION on AB_PERMISSION.AB_PERMISSIONSET_ID = AB_PERMISSIONSET.AB_PERMISSIONSETID"
+    + " where ENTITY_ID = '" + pEntity + "' and ROLE_ID = '" + pRole + "'"
+    + " and ACCESSTYPE = '" + pAccesstype + "' and CONDTYPE = '" + pCondtype + "'" + sqlExt;
+    var permId = db.cell(sqlStr);
+    if (permId == null && permId == undefined && permId == "")
+        return null;
+    else
+        return permId;
+}
\ No newline at end of file

entity/PermissionDetail_entity/recordcontainers/jdito/onUpdate.js

+import("system.util");
+import("system.db");
+import("system.vars");
+import("Permission_lib");
+
+var table, cols, vals, cond;
+
+var permissionid = vars.get("$field.UID");
+var actionNew = vars.get("$field.ACTION").split(",");
+var entityNew = vars.get("$field.ENTITY");
+var permCond = vars.get("$field.CONDITION");
+var permCondType = vars.get("$field.CONDTYPE").trim();
+var diff = PermissionUtil.getActionDiff(permissionid, actionNew);
+
+if (diff.length > 0) {
+    // delete all linked permission actions
+    table = "AB_PERMISSIONACTION";
+    cond = SqlCondition.begin().and("AB_PERMISSION_ID = '" + permissionid + "'").build();
+    var dbDeletes = db.deleteData(table, cond);
+    
+    // insert
+    cols = db.getColumns(table);
+    var dbInserts = 0;
+    for each (var action in actionNew) {
+        vals = [util.getNewUUID(), permissionid, action];
+        dbInserts += db.insertData(table, cols, null, vals);
+    }
+}
+
+PermissionUtil.updateIfDiff(permissionid, permCond, "COND", "AB_PERMISSION"); // updates COND if the new cond is different to COND in DB
+PermissionUtil.updateIfDiff(permissionid, permCondType, "CONDTYPE", "AB_PERMISSION"); // updates CONDTYPE if the new condtype is different to CONDTYPE in DB
+// needs entity of children also to be changed/deleted/ignored?
+// PermissionUtil.updateIfDiff(PermissionUtil.getParentPermissionSet(permissionid), entityNew, "ENTITY_ID", "AB_PERMISSIONSET");

entity/PermissionDetail_entity/titleProcess.js

+import("system.vars");
+import("system.result");
+
+var res = "";
+
+switch (vars.get("$field.ACCESSTYPE")) {
+    case "E":
+        if (vars.exists("$param.RoleTitle_param") && vars.get("$param.RoleTitle_param")) {
+            res += vars.get("$field.ENTITY");
+        } else if (vars.exists("$param.EntityTitle_param") && vars.get("$param.EntityTitle_param")) {
+            res += vars.get("$field.ROLE");
+        }
+        break;
+    case "R":
+        res += "Record";
+        break;
+    case "F":
+        res += vars.get("$field.FIELD");
+        break;
+    default:
+        res += "Permission";
+        break;
+}
+
+if (vars.get("$field.CONDITION") != "") {
+    res += " - conditional";
+} else {
+    res += " - default";
+}
+
+result.string(res);
\ No newline at end of file

entity/PermissionMetaData_entity/PermissionMetaData_entity.aod

+<?xml version="1.0" encoding="UTF-8"?>
+<entity xmlns="http://www.adito.de/2018/ao/Model" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" VERSION="1.3.1" xsi:schemaLocation="http://www.adito.de/2018/ao/Model adito://models/xsd/entity/1.3.1">
+  <name>PermissionMetaData_entity</name>
+  <title>Entities</title>
+  <majorModelMode>DISTRIBUTED</majorModelMode>
+  <icon>VAADIN:CONNECT</icon>
+  <iconId>VAADIN:CONNECT</iconId>
+  <titleProcess>%aditoprj%/entity/PermissionMetaData_entity/titleProcess.js</titleProcess>
+  <recordContainer>jDito</recordContainer>
+  <entityFields>
+    <entityProvider>
+      <name>#PROVIDER</name>
+    </entityProvider>
+    <entityField>
+      <name>TITLE</name>
+      <title>Title</title>
+    </entityField>
+    <entityField>
+      <name>DESCRIPTION</name>
+      <title>Description</title>
+    </entityField>
+    <entityField>
+      <name>UID</name>
+      <title>Name</title>
+    </entityField>
+    <entityProvider>
+      <name>MetaData</name>
+      <fieldType>DEPENDENCY_IN</fieldType>
+      <recordContainer>jDito</recordContainer>
+      <dependencies>
+        <entityDependency>
+          <name>3b2c9421-5ff0-49a3-99f0-6790f17bd76c</name>
+          <entityName>PermissionDetail_entity</entityName>
+          <fieldName>MetaData</fieldName>
+          <isConsumer v="false" />
+        </entityDependency>
+      </dependencies>
+    </entityProvider>
+    <entityConsumer>
+      <name>PermissionOverviews</name>
+      <title>Permission Overview</title>
+      <fieldType>DEPENDENCY_OUT</fieldType>
+      <dependency>
+        <name>dependency</name>
+        <entityName>PermissionOverview_entity</entityName>
+        <fieldName>PermissionOverviews</fieldName>
+      </dependency>
+      <children>
+        <entityParameter>
+          <name>EntityTitle_param</name>
+          <valueProcess>%aditoprj%/entity/PermissionMetaData_entity/entityfields/permissionoverviews/children/entitytitle_param/valueProcess.js</valueProcess>
+        </entityParameter>
+      </children>
+    </entityConsumer>
+    <entityConsumer>
+      <name>PermissionDetails</name>
+      <title>Permission Detail</title>
+      <fieldType>DEPENDENCY_OUT</fieldType>
+      <dependency>
+        <name>dependency</name>
+        <entityName>PermissionDetail_entity</entityName>
+        <fieldName>Permissions</fieldName>
+      </dependency>
+      <children>
+        <entityParameter>
+          <name>EntityTitle_param</name>
+          <valueProcess>%aditoprj%/entity/PermissionMetaData_entity/entityfields/permissiondetails/children/entitytitle_param/valueProcess.js</valueProcess>
+        </entityParameter>
+      </children>
+    </entityConsumer>
+  </entityFields>
+  <recordContainers>
+    <jDitoRecordContainer>
+      <name>jDito</name>
+      <jDitoRecordAlias>Data_alias</jDitoRecordAlias>
+      <isPageable v="false" />
+      <contentProcess>%aditoprj%/entity/PermissionMetaData_entity/recordcontainers/jdito/contentProcess.js</contentProcess>
+      <recordFields>
+        <element>UID.value</element>
+        <element>TITLE.value</element>
+        <element>DESCRIPTION.value</element>
+      </recordFields>
+    </jDitoRecordContainer>
+  </recordContainers>
+</entity>