From 1d48d4ab4b4408a1f2dcfd710f1d125d8e46106b Mon Sep 17 00:00:00 2001
From: Simon Leipold <s.leipold@adito.de>
Date: Mon, 22 Jun 2020 18:44:47 +0200
Subject: [PATCH] Permission bug fix: function insertPermission now prevents
 NULL values from being stored as conditional strings

---
 .../recordcontainers/jdito/onInsert.js            |  4 ++--
 process/Permission_lib/process.js                 | 15 +++++++++------
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/entity/PermissionDetail_entity/recordcontainers/jdito/onInsert.js b/entity/PermissionDetail_entity/recordcontainers/jdito/onInsert.js
index 17630943af1..a52bffff511 100644
--- a/entity/PermissionDetail_entity/recordcontainers/jdito/onInsert.js
+++ b/entity/PermissionDetail_entity/recordcontainers/jdito/onInsert.js
@@ -34,13 +34,13 @@ if (fullPermissions == 1) {
     
     // === ENTITY === //
     var entitySetId = PermissionUtil.insertSet("", entityName, roleName, "", ACCESSLEVEL_ENTITY); // entity level set
-    var entityPermId = PermissionUtil.insertPermission(entitySetId, "", "1", null); // entity level permission
+    var entityPermId = PermissionUtil.insertPermission(entitySetId, null, "1", null); // entity level permission
     PermissionUtil.insertAction(entityPermId, ACTION_VIEW, null); // action view
     PermissionUtil.insertAction(entityPermId, ACTION_CREATE, null); // action create
 
     // === RECORD === //
     var recordSetId = PermissionUtil.insertSet(entitySetId, entityName, roleName, "", ACCESSLEVEL_RECORD); // record level set
-    var recordPermId = PermissionUtil.insertPermission(recordSetId, "", "1", null); // record level permission
+    var recordPermId = PermissionUtil.insertPermission(recordSetId, null, "1", null); // record level permission
     PermissionUtil.insertAction(recordPermId, ACTION_READ, null); // read
     PermissionUtil.insertAction(recordPermId, ACTION_UPDATE, null); // update
     PermissionUtil.insertAction(recordPermId, ACTION_DELETE, null); // delete
diff --git a/process/Permission_lib/process.js b/process/Permission_lib/process.js
index c7f95aca93b..fcb7a7086c7 100644
--- a/process/Permission_lib/process.js
+++ b/process/Permission_lib/process.js
@@ -239,13 +239,13 @@ function PermissionUtil () {}
     }
 
     /**
-     * get the entity for a specific permissionset.
+     * Get the entity for a specific permissionset.
      * 
      * @param {String} pSetId the id of the permission set
      * 
      * @return {String} the entity name or an empty string if not found
      */
-    PermissionUtil._getEntity = function(pSetId) {
+    PermissionUtil.getEntity = function(pSetId) {
         return newSelect("ENTITY_ID", alias)
         .from("ASYS_PERMISSIONSET")
         .whereIfSet("ASYS_PERMISSIONSET.ASYS_PERMISSIONSETID", pSetId)
@@ -260,7 +260,7 @@ function PermissionUtil () {}
      * @result {String} returns id of default permission of given set. Never 'null', empty string if there is no result.
      */
     PermissionUtil.getPermissionWithoutCond = function(pSetId) {
-        var emptyCond = PermissionUtil.getEmptyCondString(PermissionUtil._getEntity(pSetId));
+        var emptyCond = PermissionUtil.getEmptyCondString(PermissionUtil.getEntity(pSetId));
 
         return newSelect("ASYS_PERMISSIONID", alias)
         .from("ASYS_PERMISSION")
@@ -280,7 +280,7 @@ function PermissionUtil () {}
      * @result {String[]} returns the ids of permissions with conditions of a given permission set. The result can never be null.
      */
     PermissionUtil.getPermissionWithCond = function(pSetId) {
-        var emptyCond = PermissionUtil.getEmptyCondString(PermissionUtil._getEntity(pSetId));
+        var emptyCond = PermissionUtil.getEmptyCondString(PermissionUtil.getEntity(pSetId));
     
         return newSelect("ASYS_PERMISSIONID", alias)
         .from("ASYS_PERMISSION")
@@ -446,7 +446,7 @@ function PermissionUtil () {}
      * 
      * @param {String} pParentSetId parent permission set, mandatory
      * 
-     * @param {String} pCond condition of the permission, empty if no condition
+     * @param {String} pCond condition of the permission, null if no condition
      * 
      * @param {String} pCondType condition Type of the permission, should always be 1
      * 
@@ -463,12 +463,15 @@ function PermissionUtil () {}
         "COND"
         ];
         var permId;
+        var cond = (pCond == null ? PermissionUtil.getEmptyCondString(PermissionUtil.getEntity(pParentSetId)) : pCond);
+        
         if (pPermId != null && pPermId != "" && pPermId != undefined) {
             permId = pPermId;
         } else {
             permId = util.getNewUUID(); 
         }
-        var vals = [pParentSetId, permId, pCondType, pCond];
+        
+        var vals = [pParentSetId, permId, pCondType, cond];
         db.insertData(table, cols, null, vals, alias);  
         return permId;
     }
-- 
GitLab