diff --git a/entity/PermissionAction_entity/PermissionAction_entity.aod b/entity/PermissionAction_entity/PermissionAction_entity.aod
index f80daf0860bf0300285958c3c0638045da4102e3..faccc0e061ff6c2c98cc4ed55029f84cff1f714c 100644
--- a/entity/PermissionAction_entity/PermissionAction_entity.aod
+++ b/entity/PermissionAction_entity/PermissionAction_entity.aod
@@ -16,7 +16,6 @@
<title>Action</title>
<dropDownProcess>%aditoprj%/entity/PermissionAction_entity/entityfields/action/dropDownProcess.js</dropDownProcess>
<stateProcess>%aditoprj%/entity/PermissionAction_entity/entityfields/action/stateProcess.js</stateProcess>
- <displayValueProcess>%aditoprj%/entity/PermissionAction_entity/entityfields/action/displayValueProcess.js</displayValueProcess>
</entityField>
<entityField>
<name>UID</name>
diff --git a/entity/PermissionAction_entity/entityfields/action/displayValueProcess.js b/entity/PermissionAction_entity/entityfields/action/displayValueProcess.js
deleted file mode 100644
index 65a3ad0b2b9e511648cf581003a9061e05a1c8ad..0000000000000000000000000000000000000000
--- a/entity/PermissionAction_entity/entityfields/action/displayValueProcess.js
+++ /dev/null
@@ -1,6 +0,0 @@
-import("system.result");
-import("system.vars");
-
-var action = vars.get("$field.ACTION");
-
-result.string(action);
\ No newline at end of file
diff --git a/entity/PermissionDetail_entity/entityfields/accesstype/displayValueProcess.js b/entity/PermissionDetail_entity/entityfields/accesstype/displayValueProcess.js
index 64d2e3dbafd4e842abc03c05b85b260aaf72e727..8959cb031e96610d54e0f5160dc98e837ff6b66e 100644
--- a/entity/PermissionDetail_entity/entityfields/accesstype/displayValueProcess.js
+++ b/entity/PermissionDetail_entity/entityfields/accesstype/displayValueProcess.js
@@ -1,3 +1,4 @@
+import("system.tools");
import("system.neon");
import("system.vars");
import("system.result");
@@ -5,12 +6,11 @@ import("Permission_lib");
var operatingState = vars.get("$sys.operatingstate");
var field = vars.get("$field.FIELD");
-var role = vars.get("$field.ROLE");
+var roleName = vars.get("$field.ROLE");
var entity = vars.get("$field.ENTITY");
var accesstype = vars.get("$field.ACCESSTYPE");
-var rootPermSet = PermissionUtil.getSetRoot(role, entity);
-if (operatingState == neon.OPERATINGSTATE_SEARCH || neon.OPERATINGSTATE_VIEW) {
+if (operatingState == neon.OPERATINGSTATE_SEARCH || operatingState == neon.OPERATINGSTATE_VIEW) {
switch (accesstype) {
case "E":
result.string("Entität");
@@ -24,10 +24,13 @@ if (operatingState == neon.OPERATINGSTATE_SEARCH || neon.OPERATINGSTATE_VIEW) {
}
} else {
// editing/creating a new permission
- // if there is no permission set for a given role-entity-combination -> permission has to be Entity
+ // if there is no permission set for a given role-entity-combination or only one with condtype 0 -> permission has to be Entity
// otherwise Record
// if $field.FIELD is filled, then its a permission on Field access level
- if (rootPermSet == "") {
+ var rootPermSet = PermissionUtil.getSetRoot(roleName, entity);
+ var rootPerm = PermissionUtil.getPermissionWithoutCond(rootPermSet);
+
+ if (rootPermSet == "" || PermissionUtil.getCondType(rootPerm) == 0) {
result.string("Entität");
} else {
result.string("Datensatz");
diff --git a/entity/PermissionDetail_entity/entityfields/accesstype/valueProcess.js b/entity/PermissionDetail_entity/entityfields/accesstype/valueProcess.js
index afcec9765111c860684eb8cd758ff469c5f85247..e2f49cc4559b936d415eeae12aa3f62a31399e69 100644
--- a/entity/PermissionDetail_entity/entityfields/accesstype/valueProcess.js
+++ b/entity/PermissionDetail_entity/entityfields/accesstype/valueProcess.js
@@ -3,10 +3,10 @@ import("system.result");
import("Permission_lib");
var field = vars.get("$field.FIELD");
-var role = vars.get("$field.ROLE");
+var roleName = vars.get("$field.ROLE");
var entity = vars.get("$field.ENTITY");
var permId = vars.get("$field.UID");
-var rootPermSet = PermissionUtil.getSetRoot(role, entity);
+var rootPermSet = PermissionUtil.getSetRoot(roleName, entity);
var rootPerm = PermissionUtil.getPermissionWithoutCond(rootPermSet);
if (PermissionUtil.getCondType(rootPerm) == 0) {
diff --git a/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js b/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
index 846e5ce9a2c830aaf515c027bc94adf5566574ee..db4185a1cc56f6d0ab7b8d34e83ad8c9b62fc91c 100644
--- a/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
+++ b/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
@@ -5,33 +5,35 @@ import("system.result");
import("Permission_lib");
var alias = SqlUtils.getSystemAlias();
-var rootPermId;
+var rootPermId = "";
var entity = vars.get("$field.ENTITY");
+var role = vars.get("$field.ROLE");
var cond = vars.get("$field.CONDITION");
var field = vars.get("$field.FIELD");
+var accesstype = vars.get("$field.ACCESSTYPE");
var emptyCond = PermissionUtil.getEmptyCondString(entity);
-var permSetId = PermissionUtil.getSet(vars.get("$field.ROLE"), entity, vars.get("$field.ACCESSTYPE"), field);
+var permSetId = PermissionUtil.getSet(role, entity, accesstype, field);
+var fieldWhereCond = " and ASYS_PERMISSIONSET.FIELD_ID is null"
+
+if (field != "") {
+ fieldWhereCond = " and ASYS_PERMISSIONSET.FIELD_ID = '" + field + "'"
+}
if (permSetId != "") {
- // check if default or conditional permission has to be returned
+ // default permission
if (cond == "" || cond == emptyCond) {
rootPermId = PermissionUtil.getPermissionWithoutCond(permSetId);
- } else {
- permsWithCond = PermissionUtil.getPermissionWithCond(permSetId);
-
- for each (let perm in permsWithCond) {
- let sqlStr = "select ASYS_PERMISSIONID from ASYS_PERMISSION join ASYS_PERMISSIONSET on ASYS_PERMISSIONSET.ASYS_PERMISSIONSETID = ASYS_PERMISSION.ASYS_PERMISSIONSET_ID where cast(ASYS_PERMISSION.COND as varchar(" + cond.length + ")) = '" + cond + "' and ASYS_PERMISSIONSET.FIELD_ID = '" + field + "'";
- rootPermId = db.cell(sqlStr, alias);
- break;
- }
+ } else { // conditional permission
+ let sqlStr = "select ASYS_PERMISSIONID from ASYS_PERMISSION join ASYS_PERMISSIONSET on ASYS_PERMISSIONSET.ASYS_PERMISSIONSETID = ASYS_PERMISSION.ASYS_PERMISSIONSET_ID where cast(ASYS_PERMISSION.COND as varchar(" + cond.length + ")) = '" + cond + "'" + fieldWhereCond + " and ASYS_PERMISSIONSET.ROLE_ID='" + role + "' and ASYS_PERMISSIONSET.ENTITY_ID='" + entity + "'";
+ rootPermId = db.cell(sqlStr, alias);
}
// return valid permId
- if (rootPermId != "")
+ if (rootPermId != "") {
result.string(rootPermId);
- else
+ } else {
result.string(vars.get("$field.UID"));
-
+ }
} else {
result.string(vars.get("$field.UID"));
}
\ No newline at end of file
diff --git a/entity/PermissionDetail_entity/entityfields/permissionactions/onValidation.js b/entity/PermissionDetail_entity/entityfields/permissionactions/onValidation.js
index 6fbfa2b196b8083b2d8768f4e6f4877bad591817..e4d991decadf51b8191b4b3bcb00b6366a65ea38 100644
--- a/entity/PermissionDetail_entity/entityfields/permissionactions/onValidation.js
+++ b/entity/PermissionDetail_entity/entityfields/permissionactions/onValidation.js
@@ -1,3 +1,4 @@
+import("system.tools");
import("Sql_lib");
import("system.db");
import("system.vars");
@@ -11,11 +12,12 @@ var allowedNumberOfActionsForFieldPermissions = 2;
var entityName = vars.get("$field.ENTITY");
var roleTitle = vars.get("$field.ROLE");
+var roleName = PermissionUtil.resolveRoleTitle(roleTitle);
var fieldTitle = vars.get("$field.FIELD");
var accesstype = vars.get("$field.ACCESSTYPE");
var permCondInput = vars.get("$field.CONDITION");
var permCondType = vars.get("$field.CONDTYPE");
-var permId = PermissionUtil.getPermission(roleTitle, entityName, fieldTitle, accesstype, permCondInput, permCondType);
+var permId = PermissionUtil.getPermission(roleName, entityName, fieldTitle, accesstype, permCondInput, permCondType);
var actionsInDb = PermissionUtil.getActions([permId]);
var actionsAsStringArray = vars.get("$field.ACTION").split(","); // only useful while working with already existing permissions
var emptyCond = PermissionUtil.getEmptyCondString(entityName);
@@ -53,7 +55,7 @@ if (PermissionUtil.permissionExists(permId)) {
}
// if conditional permission: check if action is already linked to default permission
if (!isDefaultPermission) {
- if (PermissionUtil.actionExists(row.ACTION, PermissionUtil.getPermissionWithoutCond(PermissionUtil.getSet(roleTitle, entityName, accesstype, fieldTitle)))) {
+ if (PermissionUtil.actionExists(row.ACTION, PermissionUtil.getPermissionWithoutCond(PermissionUtil.getSet(roleName, entityName, accesstype, fieldTitle)))) {
result.string(translate.text("Action '" + row.ACTION + "' is already linked to the default permission."));
}
}
@@ -67,7 +69,7 @@ if (PermissionUtil.permissionExists(permId)) {
} else {
// new permission
if (insertedRows.length > 0) {
- var defaultPerm = PermissionUtil.getPermission(roleTitle, entityName, fieldTitle, accesstype, emptyCond);
+ var defaultPerm = PermissionUtil.getPermission(roleName, entityName, fieldTitle, accesstype, emptyCond);
if (PermissionUtil.permissionExists(defaultPerm)) {
var defaultActions = PermissionUtil.getActions([defaultPerm]);
for each (let entry in insertedRows) {
diff --git a/entity/PermissionDetail_entity/entityfields/role/displayValueProcess.js b/entity/PermissionDetail_entity/entityfields/role/displayValueProcess.js
index 1ed9831e0531b173837d767eb334c302a27d8d74..c385f20ddda44bda9cddbaef0915a3f94d6f3d3d 100644
--- a/entity/PermissionDetail_entity/entityfields/role/displayValueProcess.js
+++ b/entity/PermissionDetail_entity/entityfields/role/displayValueProcess.js
@@ -1,3 +1,4 @@
+import("Permission_lib");
import("system.vars");
import("system.result");
import("system.neon");
@@ -8,10 +9,7 @@ var role = "";
if (vars.exists("$param.RoleTitle_param") && recordstate == neon.OPERATINGSTATE_NEW) {
role = vars.get("$param.RoleTitle_param");
} else {
- role = vars.get("$this.value");
+ role = PermissionUtil.resolveRoleTitle(vars.get("$this.value"));
}
-if(role != undefined && role != null && role != "") {
- res = role.split("_");
- result.string(res[1]);
-}
\ No newline at end of file
+result.string(role);
\ No newline at end of file
diff --git a/entity/PermissionDetail_entity/entityfields/role/valueProcess.js b/entity/PermissionDetail_entity/entityfields/role/valueProcess.js
index ca8a1a6040ec15a1814eac2221f0b5562ae1f327..83a1eb4e203e560ee9f4be26a3e1fed3886bbe8e 100644
--- a/entity/PermissionDetail_entity/entityfields/role/valueProcess.js
+++ b/entity/PermissionDetail_entity/entityfields/role/valueProcess.js
@@ -1,3 +1,4 @@
+import("Permission_lib");
import("system.vars");
import("system.result");
import("system.neon");
@@ -8,7 +9,7 @@ var role = "";
if (vars.exists("$param.RoleTitle_param") && recordstate == neon.OPERATINGSTATE_NEW) {
role = vars.get("$param.RoleTitle_param");
} else {
- role = vars.get("$this.value");
+ role = PermissionUtil.resolveRoleTitle(vars.get("$this.value"));
}
result.string(role);
\ No newline at end of file
diff --git a/entity/PermissionDetail_entity/recordcontainers/jdito/contentProcess.js b/entity/PermissionDetail_entity/recordcontainers/jdito/contentProcess.js
index a87e6aff761a7858aa094f1910c7a5148ed0585f..f7e4ed8297eb1dd9b670ad3374f88df4b865daf6 100644
--- a/entity/PermissionDetail_entity/recordcontainers/jdito/contentProcess.js
+++ b/entity/PermissionDetail_entity/recordcontainers/jdito/contentProcess.js
@@ -1,3 +1,4 @@
+import("system.tools");
import("Sql_lib");
import("system.util");
import("system.vars");
@@ -6,7 +7,6 @@ import("system.result");
import("Permission_lib");
import("system.project");
-var selectedPermission = vars.get("$local.idvalues");
var sqlStr;
var whereCond = " where";
var alias = SqlUtils.getSystemAlias();
@@ -14,10 +14,8 @@ var entitiesMetaData = project.getDataModels(project.DATAMODEL_KIND_ENTITY);
var entityStructure;
var entitiesUsePermFlagSet = [];
var fieldsUsePermFlagSet = [];
-var emptyCond = PermissionUtil.getEmptyCondString(vars.get("$field.ENTITY"));
-// gets all names of the entites which have the 'usePermission'-flag set (positive list)
-// gets all names of the fields which have the 'usePermission'-flag set (positive list)
+// gets all names of entites and fields which have the 'usePermission'-flag set (positive list)
for each (let entityMetaData in entitiesMetaData) {
if (entityMetaData[6] == "true") {
entitiesUsePermFlagSet.push(entityMetaData[0])
@@ -50,6 +48,13 @@ sqlStr =
+ " order by ASYS_PERMISSION.ASYS_PERMISSIONID";
var sqlRes = db.table(sqlStr, alias);
+
+// converting roleName to roleTitle: roleTitle gets displayed in treetable, roleName is still in db (ASYS_PERMISSIONSET.ROLE_ID)
+var allRoles = tools.getAllRoles();
+for (let i = 0; i < sqlRes.length; i++) {
+ sqlRes[i][2] = allRoles[sqlRes[i][2]][0];
+}
+
var permissionTable = PermissionUtil.convertArrToObj(sqlRes);
var permissionTableOrigin = permissionTable; // used to build tree
@@ -77,6 +82,7 @@ for (let i = 0; i < permissionTable.length - 1; i++) {
}
var res = [];
+var selectedPermission = vars.get("$local.idvalues");
if (selectedPermission == null) { // no permission selected, return all permission entrys
for each (let entry in groupedPermissionTable) { // iterates over all grouped permissions
@@ -111,17 +117,9 @@ result.object(res);
function prepareResultArray(pEntry, pRes) {
var parentPermission = "";
- var emptyCond = PermissionUtil.getEmptyCondString(pEntry.entity);
if (pEntry.accesstype != "E") {
- if (pEntry.cond == "" || pEntry.cond == emptyCond) { // default permission
- parentPermission = PermissionUtil.getPermissionWithoutCond(PermissionUtil.getParentSetOfSet(PermissionUtil.getParentSet(pEntry.permissionid)));
- } else { // conditional permission
- parentPermission = PermissionUtil.getPermissionWithoutCond(PermissionUtil.getParentSet(pEntry.permissionid));
- if (parentPermission == "") {
- parentPermission = PermissionUtil.getPermissionWithoutCond(PermissionUtil.getParentSetOfSet(PermissionUtil.getParentSet(pEntry.permissionid)));
- }
- }
+ parentPermission = PermissionUtil.getPermissionWithoutCond(PermissionUtil.getParentSetOfSet(PermissionUtil.getParentSet(pEntry.permissionid)));
}
pRes.push([pEntry.permissionid, pEntry.entity, pEntry.role, pEntry.field, pEntry.cond,
sortActions(pEntry.action.split(","), pEntry.accesstype).join(","), pEntry.accesstype, pEntry.condtype, parentPermission]);
@@ -185,7 +183,7 @@ function sortResultsByCondition(a, b) {
var emptyCondA = PermissionUtil.getEmptyCondString(a[1]);
var emptyCondB = PermissionUtil.getEmptyCondString(b[1]);
- if (a[4] == "" || a[4] == emptyCond) return -1;
+ if (a[4] == "" || a[4] == emptyCondA) return -1;
else if (b[4] == "" || b[4] == emptyCondB) return -1;
else if (a[4] != "" && a[4] != emptyCondA) return 1;
else if (b[4] != "" && b[4] != emptyCondB) return 1;
diff --git a/entity/PermissionDetail_entity/recordcontainers/jdito/onDelete.js b/entity/PermissionDetail_entity/recordcontainers/jdito/onDelete.js
index 7a9dc109a5ca7ba782521f98555dc8c6ffe3a36e..c5bf70b932c377f01478097ed036ae38e9dae728 100644
--- a/entity/PermissionDetail_entity/recordcontainers/jdito/onDelete.js
+++ b/entity/PermissionDetail_entity/recordcontainers/jdito/onDelete.js
@@ -44,26 +44,8 @@ switch (accessType) {
db.deleteData("ASYS_PERMISSIONSET", sqlCondDelPermSet, alias); // delete all permission sets
break;
default:
- if (PermissionUtil.getCond(permId) == "" || PermissionUtil.getCond(permId) == emptyCond) { // check if permission is default or conditional permission
- // default permission -> also have to delete sub permissions
- let allPerms = PermissionUtil.getPermissionWithCond(PermissionUtil.getParentSet(permId));
- allPerms.push(permId);
- let allActions = PermissionUtil.getActions(allPerms);
-
- sqlCondDelAction = SqlCondition.begin()
- .and("ASYS_PERMISSIONACTION.ASYS_PERMISSIONACTIONID in ('" + allActions.join("','") + "')")
- .build();
- sqlCondDelPerm = SqlCondition.begin()
- .and("ASYS_PERMISSION.ASYS_PERMISSIONID in ('" + allPerms.join("','") + "')")
- .build();
-
- db.deleteData("ASYS_PERMISSIONACTION", sqlCondDelAction, alias); // delete all actions of the selected permission
- db.deleteData("ASYS_PERMISSION", sqlCondDelPerm, alias); // delete the selected permission
- } else {
- // conditional permission -> only delete this permission
- db.deleteData("ASYS_PERMISSIONACTION", sqlCondDelAction, alias); // delete all actions of the selected permission
- db.deleteData("ASYS_PERMISSION", sqlCondDelPerm, alias); // delete the selected permission
- }
+ db.deleteData("ASYS_PERMISSIONACTION", sqlCondDelAction, alias); // delete all actions of the selected permission
+ db.deleteData("ASYS_PERMISSION", sqlCondDelPerm, alias); // delete the selected permission
break;
}
diff --git a/entity/Role_entity/recordcontainers/jdito/contentProcess.js b/entity/Role_entity/recordcontainers/jdito/contentProcess.js
index cac16db98487a53812c04296f0c2a3e9c6f7b04b..1044e52c48b698185800764da51caaf372620fc2 100644
--- a/entity/Role_entity/recordcontainers/jdito/contentProcess.js
+++ b/entity/Role_entity/recordcontainers/jdito/contentProcess.js
@@ -7,7 +7,7 @@ var lang = vars.get("$sys.clientlanguage");//e.g. "de"
var country = vars.get("$sys.clientcountry");//e.g. "DE"
locale = country ? lang + "_" + country : lang;
var selectedRole = vars.get("$local.idvalues");
-var roles = tools.getAllRoles();
+var allRoles = tools.getAllRoles();
var res = [];
var excludeRoles = {};
@@ -19,11 +19,11 @@ if (vars.exists("$param.ExcludeRoles_param") && vars.get("$param.ExcludeRoles_pa
}, excludeRoles);
}
-for (let rolename in roles) {
- let role = roles[rolename];
- if (!excludeRoles[rolename]) {
- let numberOfUsersInSelectedRole = tools.getUsersWithRole(rolename).length;
- res.push([rolename, role[0], role[1], role[2], numberOfUsersInSelectedRole + " " + translate.text("User", locale)]);
+for each (let role in allRoles) {
+ var roleName = role[3];
+ if (!excludeRoles[roleName]) {
+ let numberOfUsersInSelectedRole = tools.getUsersWithRole(roleName).length;
+ res.push([roleName, role[0], role[1], role[2], numberOfUsersInSelectedRole + " " + translate.text("User", locale)]);
}
}
diff --git a/process/Permission_lib/process.js b/process/Permission_lib/process.js
index 2945358652766047e5527a089434e60f446b14a8..67c60b45f2bb7770eb34b80bfb8fc03fb6ca8374 100644
--- a/process/Permission_lib/process.js
+++ b/process/Permission_lib/process.js
@@ -1,4 +1,4 @@
-import("system.logging");
+import("system.tools");
import("system.SQLTYPES");
import("system.util");
import("system.db");
@@ -87,9 +87,9 @@ function PermissionUtil () {}
}
/**
- * Converts a given array to an object with properties permissionid, entity, role, field, cond, action, accesstype.
+ * Converts a given array to an object with properties permissionid, entity, role, field, cond, action, accesstype, condtype.
*
- * @param {String[]} pArr the array which should be converted to an object.
+ * @param {String[]} pArr the array which should be converted to an object. Order of array: permid, entity, role, field, cond, action, accesstype, condtype.
*
* @result {{}} converted object
*/
@@ -564,6 +564,24 @@ function PermissionUtil () {}
return db.deleteData(table, cond, alias);
}
+ /**
+ * Converts a title of a role to the unqiue name of a role.
+ *
+ * @param {String} pRoleTitle title of a role, mandatory
+ *
+ * @result {String} returns name of a role, empty string if no fitting role name exists
+ */
+ PermissionUtil.resolveRoleTitle = function(pRoleTitle) {
+ var allRoles = tools.getAllRoles();
+ var roleName = "";
+ for each (role in allRoles) {
+ if (role[0] == pRoleTitle) {
+ roleName = role[3];
+ }
+ }
+ return roleName;
+ }
+
} //end of block