From 69205dd6ce5672ec2b293a03f1b579dc26a12bb9 Mon Sep 17 00:00:00 2001
From: Simon Leipold <s.leipold@adito.de>
Date: Wed, 2 Oct 2019 16:10:41 +0200
Subject: [PATCH] Permissions - refactoring and bug fixes (#1044834)
---
.../contentTitleProcess.js | 11 +-
.../entityfields/accesstype/valueProcess.js | 2 +-
.../permissionid_param/valueProcess.js | 28 +-
.../permissionactions/onValidation.js | 7 +
.../recordcontainers/jdito/contentProcess.js | 71 ++-
process/Permission_lib/process.js | 426 +++++++++---------
6 files changed, 292 insertions(+), 253 deletions(-)
diff --git a/entity/PermissionDetail_entity/contentTitleProcess.js b/entity/PermissionDetail_entity/contentTitleProcess.js
index 937f96a1d91..b2d03cddfd3 100644
--- a/entity/PermissionDetail_entity/contentTitleProcess.js
+++ b/entity/PermissionDetail_entity/contentTitleProcess.js
@@ -1,3 +1,4 @@
+import("system.logging");
import("system.project");
import("system.vars");
import("system.result");
@@ -8,12 +9,14 @@ var noCond = "{\"entity\":\"" + entityName + "\",\"filter\":{\"type\":\"group\",
switch (vars.get("$field.ACCESSTYPE")) {
case "E":
- if (vars.exists("$param.RoleTitle_param") && vars.get("$param.RoleTitle_param") && vars.get("$field.ENTITY") != "") {
+ if (vars.get("$param.RoleTitle_param") && vars.get("$field.ENTITY") != "") {
res += vars.get("$field.ENTITY");
- } else if (vars.exists("$param.EntityTitle_param") && vars.get("$param.EntityTitle_param") && vars.get("$field.ROLE") != "") {
+ } else if (vars.get("$param.EntityTitle_param") && vars.get("$field.ROLE") != "") {
res += vars.get("$field.ROLE");
- } else {
- res += "?";
+ } else if (vars.get("$field.ROLE") != "") {
+ res += vars.get("$field.ROLE");
+ } else if (vars.get("$field.ENTITY") != "") {
+ res += vars.get("$field.ENTITY");
}
break;
case "R":
diff --git a/entity/PermissionDetail_entity/entityfields/accesstype/valueProcess.js b/entity/PermissionDetail_entity/entityfields/accesstype/valueProcess.js
index 86dc0b00d2e..afcec976511 100644
--- a/entity/PermissionDetail_entity/entityfields/accesstype/valueProcess.js
+++ b/entity/PermissionDetail_entity/entityfields/accesstype/valueProcess.js
@@ -10,7 +10,7 @@ var rootPermSet = PermissionUtil.getSetRoot(role, entity);
var rootPerm = PermissionUtil.getPermissionWithoutCond(rootPermSet);
if (PermissionUtil.getCondType(rootPerm) == 0) {
- // condtype="false" is used to display that this entity has the usePermissions flag set but has no permissions linked -> no access on any level
+ // condtype=0 is used to display that this entity has the usePermissions flag set but has no permissions linked -> no access on any level
result.string("E");
} else if (rootPermSet == "") {
result.string("E");
diff --git a/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js b/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
index 8380b4e4497..9c96cae9029 100644
--- a/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
+++ b/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
@@ -1,17 +1,37 @@
+import("Sql_lib");
+import("system.db");
+import("system.logging");
import("system.vars");
import("system.result");
import("Permission_lib");
+var alias = SqlUtils.getSystemAlias();
+var rootPermId;
var entity = vars.get("$field.ENTITY");
var cond = vars.get("$field.CONDITION");
var noCond = "{\"entity\":\"" + entity + "\",\"filter\":{\"type\":\"group\",\"operator\":\"AND\",\"childs\":[]}}";
var permSetId = PermissionUtil.getSet(vars.get("$field.ROLE"), vars.get("$field.ENTITY"), vars.get("$field.ACCESSTYPE"));
-if (permSetId != "" && (cond == "" || cond == noCond)) {
- var rootPermId = PermissionUtil.getPermissionWithoutCond(permSetId);
- if (rootPermId != "") {
- result.string(rootPermId);
+if (permSetId != "") {
+ // check if default or conditional permission has to be returned
+ if (cond == "" || cond == noCond) {
+ rootPermId = PermissionUtil.getPermissionWithoutCond(permSetId);
+ } else {
+ rootPermId = PermissionUtil.getPermissionWithCond(permSetId);
+
+ for each (let perm in rootPermId) {
+ let sqlStr = "select ASYS_PERMISSIONID from ASYS_PERMISSION where cast(ASYS_PERMISSION.COND as varchar(" + cond.length + ")) = '" + cond + "'"
+ rootPermId = db.cell(sqlStr, alias);
+ break;
+ }
}
+
+ // return valid permId
+ if (rootPermId != "")
+ result.string(rootPermId);
+ else
+ result.string(vars.get("$field.UID"));
+
} else {
result.string(vars.get("$field.UID"));
}
\ No newline at end of file
diff --git a/entity/PermissionDetail_entity/entityfields/permissionactions/onValidation.js b/entity/PermissionDetail_entity/entityfields/permissionactions/onValidation.js
index 4299926003d..5cd31732a51 100644
--- a/entity/PermissionDetail_entity/entityfields/permissionactions/onValidation.js
+++ b/entity/PermissionDetail_entity/entityfields/permissionactions/onValidation.js
@@ -19,6 +19,7 @@ var permId = PermissionUtil.getPermission(roleTitle, entityTitle, fieldTitle, ac
var actionsInDb = PermissionUtil.getActions([permId]);
var actionsAsStringArray = vars.get("$field.ACTION").split(","); // only useful while working with already existing permissions
var noCond = "{\"entity\":\"" + entityTitle + "\",\"filter\":{\"type\":\"group\",\"operator\":\"AND\",\"childs\":[]}}";
+var isDefaultPermission = (permCondInput != noCond && permCondInput != "") ? false : true;
var deletedRows = vars.get("$field.PermissionActions.deletedRows");
var changedRows = vars.get("$field.PermissionActions.changedRows");
@@ -50,6 +51,12 @@ if (PermissionUtil.permissionExists(permId)) {
result.string(translate.text("Action '" + row.ACTION + "' already linked to this permission."));
}
}
+ // if conditional permission: check if action is already linked to default permission
+ if (!isDefaultPermission) {
+ if (PermissionUtil.actionExists(row.ACTION, PermissionUtil.getPermissionWithoutCond(PermissionUtil.getSet(roleTitle, entityTitle, accesstype, fieldTitle)))) {
+ result.string(translate.text("Action '" + row.ACTION + "' is already linked to the default permission."));
+ }
+ }
}
for each (let row in changedRows) {
diff --git a/entity/PermissionDetail_entity/recordcontainers/jdito/contentProcess.js b/entity/PermissionDetail_entity/recordcontainers/jdito/contentProcess.js
index 24ef8059e64..f0c1c63ee3d 100644
--- a/entity/PermissionDetail_entity/recordcontainers/jdito/contentProcess.js
+++ b/entity/PermissionDetail_entity/recordcontainers/jdito/contentProcess.js
@@ -34,12 +34,13 @@ for each (let entityMetaData in entitiesMetaData) {
whereCond += " ENTITY_ID in ('" + entitiesUsePermFlagSet.join("','") + "')";
whereCond += " and (FIELD_ID in ('" + fieldsUsePermFlagSet.join("','") + "') or FIELD_ID is NULL)";
-if (vars.exists("$param.RoleTitle_param") && vars.get("$param.RoleTitle_param")) {
- whereCond += " and ASYS_PERMISSIONSET.ROLE_ID = '" + vars.getString("$param.RoleTitle_param") + "'";
-} else if (vars.exists("$param.EntityTitle_param") && vars.get("$param.EntityTitle_param")) {
- whereCond += " and ASYS_PERMISSIONSET.ENTITY_ID = '" + vars.getString("$param.EntityTitle_param") + "'";
+if (vars.get("$param.RoleTitle_param")) {
+ whereCond += " and ASYS_PERMISSIONSET.ROLE_ID = '" + vars.get("$param.RoleTitle_param") + "'";
+} else if (vars.get("$param.EntityTitle_param")) {
+ whereCond += " and ASYS_PERMISSIONSET.ENTITY_ID = '" + vars.get("$param.EntityTitle_param") + "'";
}
+// get all permissions which are already in db
sqlStr =
"select ASYS_PERMISSION.ASYS_PERMISSIONID, ASYS_PERMISSIONSET.ENTITY_ID, ASYS_PERMISSIONSET.ROLE_ID,"
+ " ASYS_PERMISSIONSET.FIELD_ID, ASYS_PERMISSION.COND, ASYS_PERMISSIONACTION.ACTION, ASYS_PERMISSIONSET.ACCESSTYPE, ASYS_PERMISSION.CONDTYPE from ASYS_PERMISSIONSET"
@@ -50,6 +51,7 @@ sqlStr =
var sqlRes = db.table(sqlStr, alias);
var permissionTable = PermissionUtil.convertArrToObj(sqlRes);
+var permissionTableOrigin = permissionTable; // used to build tree
// group all permissions by permissionid and condition, concat actions
var groupedPermissionTable = [], concatAction;
@@ -75,28 +77,26 @@ for (let i = 0; i < permissionTable.length - 1; i++) {
}
var res = [];
-var permissionTableOrigin = PermissionUtil.convertArrToObj(sqlRes);
-// no permission selected, return all permission entrys
-if (selectedPermission == null) {
- for each (let entry in groupedPermissionTable) {
+if (selectedPermission == null) { // no permission selected, return all permission entrys
+ for each (let entry in groupedPermissionTable) { // iterates over all grouped permissions
res = prepareResultArray(entry, res);
}
- for each (let entry in permissionTableOrigin) {
+ for each (let entry in permissionTableOrigin) { // itereates over all permissions - skips permissions which are in groupedPermissionTable
if (PermissionUtil.indexOfPermId(PermissionUtil.convertArrToObj(res), entry.permissionid) == -1) {
res = prepareResultArray(entry, res);
}
}
} else { // permission selected, return only the selected permission entry
- for each (let entry in groupedPermissionTable) {
+ for each (let entry in groupedPermissionTable) { // iterates over all grouped permissions
if (selectedPermission == entry.permissionid) {
res = prepareResultArray(entry, res);
break;
}
}
- for each (let entry in permissionTableOrigin) {
+ for each (let entry in permissionTableOrigin) { // itereates over all permissions - skips permissions which are in groupedPermissionTable
if (selectedPermission == entry.permissionid) {
if (PermissionUtil.indexOfPermId(PermissionUtil.convertArrToObj(res), entry.permissionid) == -1) {
res = prepareResultArray(entry, res);
@@ -106,7 +106,7 @@ if (selectedPermission == null) {
}
}
-res = res.sort(sortResultsByCondition).sort(sortResultsByAccessTypes);
+res = res.sort(sortResultsByCondition).sort(sortResultsByAccessTypes).sort(sortResultByTitleAlphabetically);
result.object(res);
function prepareResultArray(pEntry, pRes) {
@@ -170,22 +170,14 @@ function sortResultsByAccessTypes(a, b) {
var noCondA = "{\"entity\":\"" + a[1] + "\",\"filter\":{\"type\":\"group\",\"operator\":\"AND\",\"childs\":[]}}";
var noCondB = "{\"entity\":\"" + b[1] + "\",\"filter\":{\"type\":\"group\",\"operator\":\"AND\",\"childs\":[]}}";
- if (a[6] == b[6] && a[6] == "E")
- return 0;
- else if (a[6] == "E")
- return -1;
- else if (b[6] == "E")
- return 1;
- else if (a[6] == "R" && b[6] == "F")
- return -1;
- else if (a[6] == "F" && b[6] == "R")
- return 1;
- else if (a[6] == b[6] && (a[4] == "" || a[4] == noCondA))
- return -1;
- else if (a[6] == b[6] && (b[4] == "" || b[4] == noCondB))
- return 1;
- else
- return 0;
+ if (a[6] == b[6] && a[6] == "E") return 0;
+ else if (a[6] == "E") return -1;
+ else if (b[6] == "E") return 1;
+ else if (a[6] == "R" && b[6] == "F") return -1;
+ else if (a[6] == "F" && b[6] == "R") return 1;
+ else if (a[6] == b[6] && (a[4] == "" || a[4] == noCondA)) return -1;
+ else if (a[6] == b[6] && (b[4] == "" || b[4] == noCondB)) return 1;
+ else return 0;
}
// sorts result array: default permission -> conditional permission
@@ -193,15 +185,22 @@ function sortResultsByCondition(a, b) {
var noCondA = "{\"entity\":\"" + a[1] + "\",\"filter\":{\"type\":\"group\",\"operator\":\"AND\",\"childs\":[]}}";
var noCondB = "{\"entity\":\"" + b[1] + "\",\"filter\":{\"type\":\"group\",\"operator\":\"AND\",\"childs\":[]}}";
- if (a[4] == "" || a[4] == noCond) {
- return -1;
- } else if (b[4] == "" || b[4] == noCondB) {
- return -1;
- } else if (a[4] != "" && a[4] != noCondA) {
- return 1;
- } else if (b[4] != "" && b[4] != noCondB) {
- return 1;
+ if (a[4] == "" || a[4] == noCond) return -1;
+ else if (b[4] == "" || b[4] == noCondB) return -1;
+ else if (a[4] != "" && a[4] != noCondA) return 1;
+ else if (b[4] != "" && b[4] != noCondB) return 1;
+ else return 0;
+
+}
+
+function sortResultByTitleAlphabetically(a, b) {
+ if (vars.get("$param.RoleTitle_param")) {
+ if (a[1] < b[1]) return -1;
+ if (a[1] > b[1]) return 1;
+ return 0;
} else {
+ if (a[2] < b[2]) return -1;
+ if (a[2] > b[2]) return 1;
return 0;
}
}
\ No newline at end of file
diff --git a/process/Permission_lib/process.js b/process/Permission_lib/process.js
index 4d38fefc1f5..839ebb63e5e 100644
--- a/process/Permission_lib/process.js
+++ b/process/Permission_lib/process.js
@@ -1,3 +1,5 @@
+import("system.logging");
+import("system.SQLTYPES");
import("system.util");
import("system.db");
import("Sql_lib");
@@ -13,14 +15,15 @@ function PermissionUtil () {}
{ //block where variables declared with let are available to avoid unexpected side-effects
let alias = SqlUtils.getSystemAlias();
+ let sqlHelper = new SqlMaskingUtils(alias);
/**
- * Returns the ids of all subordinated permission sets of a given parent permission set.
- *
- * @param {String} pSetId id of the parent permission set
- *
- * @result {String[]} array with the ids of every subordinated permission set. The result can never be null.
- */
+ * Returns the ids of all subordinated permission sets of a given parent permission set.
+ *
+ * @param {String} pSetId id of the parent permission set
+ *
+ * @result {String[]} array with the ids of every subordinated permission set. The result can never be null.
+ */
PermissionUtil.getChildSetsOfSet = function (pSetId)
{
return db.array(db.COLUMN, SqlCondition.begin()
@@ -30,12 +33,12 @@ function PermissionUtil () {}
}
/**
- * Returns all subordinated permission actions of a given permission set.
- *
- * @param {String} pSetId id of the parent permission set
- *
- * @result {String[]} array with the ids of every subordinated permission action. The result can never be null.
- */
+ * Returns all subordinated permission actions of a given permission set.
+ *
+ * @param {String} pSetId id of the parent permission set
+ *
+ * @result {String[]} array with the ids of every subordinated permission action. The result can never be null.
+ */
PermissionUtil.getActionsOfSet = function (pSetId)
{
return db.array(db.COLUMN, SqlCondition.begin()
@@ -46,23 +49,23 @@ function PermissionUtil () {}
}
/**
- * Returns all permission actions of the given permissions.
- *
- * @param {String[]} pPermIds the ids of the permissions
- *
- * @result {String[]} returns ids of all permission actions. The result can never be null.
- */
+ * Returns all permission actions of the given permissions.
+ *
+ * @param {String[]} pPermIds the ids of the permissions
+ *
+ * @result {String[]} returns ids of all permission actions. The result can never be null.
+ */
PermissionUtil.getActions = function(pPermIds) {
return db.table("select ASYS_PERMISSIONACTIONID from ASYS_PERMISSIONACTION where ASYS_PERMISSIONACTION.ASYS_PERMISSION_ID in ('" + pPermIds.join("','") + "')", alias);
}
/**
- * Returns the action a given permission action id.
- *
- * @param {String} pActionId id of the action
- *
- * @result {String} title of action as readable string of the given action id. Never 'null', empty string if there is no result.
- */
+ * Returns the action a given permission action id.
+ *
+ * @param {String} pActionId id of the action
+ *
+ * @result {String} title of action as readable string of the given action id. Never 'null', empty string if there is no result.
+ */
PermissionUtil.resolveActionId = function (pActionId)
{
return db.cell(SqlCondition.begin()
@@ -72,12 +75,12 @@ function PermissionUtil () {}
}
/**
- * Converts a given array to an object with properties permissionid, entity, role, field, cond, action, accesstype.
- *
- * @param {String[]} pArr the array which should be converted to an object.
- *
- * @result {{}} converted object
- */
+ * Converts a given array to an object with properties permissionid, entity, role, field, cond, action, accesstype.
+ *
+ * @param {String[]} pArr the array which should be converted to an object.
+ *
+ * @result {{}} converted object
+ */
PermissionUtil.convertArrToObj = function(pArr) {
var ret = pArr.map(function(x) {
return {
@@ -95,14 +98,14 @@ function PermissionUtil () {}
}
/**
- * Returns the first index at which a given permissionid can be found in an array, or -1 if it is not present.
- *
- * @param {String[]} pPermTable permission table
- *
- * @param {String} pPermId id of the permission
- *
- * @result {int} returns position (index) of the searched permission in the table, otherwise returns -1 if not found
- */
+ * Returns the first index at which a given permissionid can be found in an array, or -1 if it is not present.
+ *
+ * @param {String[]} pPermTable permission table
+ *
+ * @param {String} pPermId id of the permission
+ *
+ * @result {int} returns position (index) of the searched permission in the table, otherwise returns -1 if not found
+ */
PermissionUtil.indexOfPermId = function(pPermTable, pPermId) {
var notFound = -1;
for (var i = 0; i < pPermTable.length; i++) {
@@ -113,14 +116,14 @@ function PermissionUtil () {}
}
/**
- * Checks a permission if the given actions are different to the actions in the database.
- *
- * @param {String} pPermId permission id to which the actions are linked to
- *
- * @param {String[]} pActionNew array of strings of new actions
- *
- * @result {String[]} returns the different elements
- */
+ * Checks a permission if the given actions are different to the actions in the database.
+ *
+ * @param {String} pPermId permission id to which the actions are linked to
+ *
+ * @param {String[]} pActionNew array of strings of new actions
+ *
+ * @result {String[]} returns the different elements
+ */
PermissionUtil.getActionDiff = function(pPermId, pActionNew) {
var sqlStr = "select ACTION from ASYS_PERMISSIONACTION where ASYS_PERMISSION_ID = '" + pPermId + "'";
var actionOld = db.array(db.COLUMN, sqlStr, alias);
@@ -129,18 +132,18 @@ function PermissionUtil () {}
}
/**
- * Checks if the given string is different to the string of a column in the given database table.
- *
- * @param {String} pId id of DB entry
- *
- * @param {String} pString string which has to be checked if different
- *
- * @param {String} pDbCol column to which the string is compared
- *
- * @param {String} pDbTable database table
- *
- * @result {Boolean} returns true if different, otherwise false
- */
+ * Checks if the given string is different to the string of a column in the given database table.
+ *
+ * @param {String} pId id of DB entry
+ *
+ * @param {String} pString string which has to be checked if different
+ *
+ * @param {String} pDbCol column to which the string is compared
+ *
+ * @param {String} pDbTable database table
+ *
+ * @result {Boolean} returns true if different, otherwise false
+ */
PermissionUtil.isDiff = function(pId, pString, pDbCol, pDbTable) {
var sqlStr = "select " + pDbCol + " from " + pDbTable + " where " + pDbTable + "ID = '" + pId + "'";
var stringDb = db.cell(sqlStr, alias);
@@ -148,18 +151,18 @@ function PermissionUtil () {}
}
/**
- * Updates the value of the column in table if the values are different.
- *
- * @param {String} pId id of DB entry
- *
- * @param {String} pValue string which gets checked if different
- *
- * @param {String} pDbCol column to which the string is compared
- *
- * @param {String} pDbTable database table
- *
- * @result {Integer} number of records that were updated
- */
+ * Updates the value of the column in table if the values are different.
+ *
+ * @param {String} pId id of DB entry
+ *
+ * @param {String} pValue string which gets checked if different
+ *
+ * @param {String} pDbCol column to which the string is compared
+ *
+ * @param {String} pDbTable database table
+ *
+ * @result {Integer} number of records that were updated
+ */
PermissionUtil.updateIfDiff = function(pId, pValue, pDbCol, pDbTable) {
if (PermissionUtil.isDiff(pId, pValue, pDbCol, pDbTable)) {
var cols = [pDbCol];
@@ -171,25 +174,42 @@ function PermissionUtil () {}
}
/**
- * Gets the number of permissions which are linked to the given entity.
- *
- * @param {String} pEntityName name of the entity
- *
- * @result {Integer} returns number of permissions linked to the entity.
- */
- PermissionUtil.getNumberOfPermissions = function(pEntityName) {
- var table = "ASYS_PERMISSIONSET";
- var sqlStr = "select COUNT(*) from " + table + " where ENTITY_ID = '" + pEntityName + "'";
+ * Gets the number of permissions which are linked to the given entity-role-combination.
+ * It is possible to set one parameter to null to get the number of permissions of a role or entity.
+ * Both parameter null gets the number of all permissions in the system.
+ *
+ * @param {String} pEntity name of the entity, can be null
+ *
+ * @param {String} pRole name of the role, can be null
+ *
+ * @result {Integer} returns number of permissions linked to the entity-role-combination.
+ */
+ PermissionUtil.getNumberOfPermissions = function(pEntity, pRole) {
+ sqlExt = "";
+
+ if (pEntity != null) {
+ sqlExt += " where ENTITY_ID = '" + pEntity + "'";
+ }
+
+ if (pRole != null) {
+ if (sqlExt == "") {
+ sqlExt += " where ROLE_ID = '" + pRole + "'";
+ } else {
+ sqlExt += " and ROLE_ID = '" + pRole + "'";
+ }
+ }
+
+ var sqlStr = "select COUNT(*) from ASYS_PERMISSION join ASYS_PERMISSIONSET on ASYS_PERMISSIONSET.ASYS_PERMISSIONSETID = ASYS_PERMISSION.ASYS_PERMISSIONSET_ID" + sqlExt;
return db.cell(sqlStr, alias);
}
/**
- * Gets the default permission of the root permission set.
- *
- * @param {String} pPermId id of the permission
- *
- * @result {String} returns id of the default permission of the root permission set. Never 'null', empty string if there is no result.
- */
+ * Gets the default permission of the root permission set.
+ *
+ * @param {String} pPermId id of the permission
+ *
+ * @result {String} returns id of the default permission of the root permission set. Never 'null', empty string if there is no result.
+ */
PermissionUtil.getPermissionRoot = function(pPermId) {
var parentSet = [PermissionUtil.getParentSet(pPermId)];
@@ -202,30 +222,32 @@ function PermissionUtil () {}
}
/**
- * Gets the default permission of a given permission set.
- *
- * @param {String} pSetId id of the permission set
- *
- * @result {String} returns id of default permission of given set. Never 'null', empty string if there is no result.
- */
+ * Gets the default permission of a given permission set.
+ *
+ * @param {String} pSetId id of the permission set
+ *
+ * @result {String} returns id of default permission of given set. Never 'null', empty string if there is no result.
+ */
PermissionUtil.getPermissionWithoutCond = function(pSetId) {
var sqlStr = "select ENTITY_ID from ASYS_PERMISSIONSET where ASYS_PERMISSIONSETID = '" + pSetId + "'";
var entityName = db.cell(sqlStr, alias);
var noCond = "{\"entity\":\"" + entityName + "\",\"filter\":{\"type\":\"group\",\"operator\":\"AND\",\"childs\":[]}}";
-
+
sqlStr = "select ASYS_PERMISSIONID from ASYS_PERMISSION"
+ " where ASYS_PERMISSIONSET_ID = '" + pSetId + "'"
- + " and (COND is null or CAST(COND AS VARCHAR(255)) = '" + noCond + "')";
+ + " and (COND is null"
+ + " or " + sqlHelper.castLob("ASYS_PERMISSION.COND", 254) + " = '" + noCond + "')";
+
return db.cell(sqlStr, alias);
}
/**
- * Gets the permissions with conditions of a given permission set.
- *
- * @param {String} pSetId the id of the permission set
- *
- * @result {String[]} returns the ids of permissions with conditions of a given permission set. The result can never be null.
- */
+ * Gets the permissions with conditions of a given permission set.
+ *
+ * @param {String} pSetId the id of the permission set
+ *
+ * @result {String[]} returns the ids of permissions with conditions of a given permission set. The result can never be null.
+ */
PermissionUtil.getPermissionWithCond = function(pSetId) {
var sqlStr = "select ENTITY_ID from ASYS_PERMISSIONSET where ASYS_PERMISSIONSETID = '" + pSetId + "'";
var entityName = db.cell(sqlStr, alias);
@@ -233,23 +255,24 @@ function PermissionUtil () {}
sqlStr = "select ASYS_PERMISSIONID from ASYS_PERMISSION"
+ " where ASYS_PERMISSIONSET_ID = '" + pSetId + "'"
- + " and COND is not null and CAST(COND AS VARCHAR(255)) != '" + noCond + "'";
+ + " and COND is not null"
+ + " and " + sqlHelper.castLob("ASYS_PERMISSION.COND", 254) + " != '" + noCond + "'";
return db.table(sqlStr, alias);
}
/**
- * Gets the permission set id of a given role-entity-accesstype-combination.
- *
- * @param {String} pRole name of the role
- *
- * @param {String} pEntity name of the entity
- *
- * @param {String} pAccessType name of the access type (E,R,F)
- *
- * @param {String} pField name of the field
- *
- * @result {String} returns id of the matching permission set. The result can never be null.
- */
+ * Gets the permission set id of a given role-entity-accesstype-combination.
+ *
+ * @param {String} pRole name of the role
+ *
+ * @param {String} pEntity name of the entity
+ *
+ * @param {String} pAccessType name of the access type (E,R,F)
+ *
+ * @param {String} pField name of the field
+ *
+ * @result {String} returns id of the matching permission set. The result can never be null.
+ */
PermissionUtil.getSet = function(pRole, pEntity, pAccessType, pField) {
var sqlStr = "select ASYS_PERMISSIONSETID from ASYS_PERMISSIONSET"
+ " where ROLE_ID = '" + pRole + "' and ENTITY_ID = '" + pEntity + "' and ACCESSTYPE = '" + pAccessType + "'";
@@ -260,14 +283,14 @@ function PermissionUtil () {}
}
/**
- * Gets the root permission set of a entity-role-combination.
- *
- * @param {String} pRole id of a role
- *
- * @param {String} pEntity id of an entity
- *
- * @result {String} returns id of the root permission set of the given entity-role-combination. Never 'null', empty string if there is no result.
- */
+ * Gets the root permission set of a entity-role-combination.
+ *
+ * @param {String} pRole id of a role
+ *
+ * @param {String} pEntity id of an entity
+ *
+ * @result {String} returns id of the root permission set of the given entity-role-combination. Never 'null', empty string if there is no result.
+ */
PermissionUtil.getSetRoot = function(pRole, pEntity) {
var sqlStr = "select ASYS_PERMISSIONSETID from ASYS_PERMISSIONSET"
+ " where ROLE_ID = '" + pRole + "' and ENTITY_ID = '" + pEntity +"' and ACCESSTYPE = 'E'";
@@ -275,12 +298,12 @@ function PermissionUtil () {}
}
/**
- * Gets the parent permission set of a permission.
- *
- * @param {String} pPermId id of the permission
- *
- * @result {String} returns id of the parent set of the given permission. Never 'null', empty string if there is no result.
- */
+ * Gets the parent permission set of a permission.
+ *
+ * @param {String} pPermId id of the permission
+ *
+ * @result {String} returns id of the parent set of the given permission. Never 'null', empty string if there is no result.
+ */
PermissionUtil.getParentSet = function(pPermId) {
var sqlStr = "select ASYS_PERMISSIONSET_ID from ASYS_PERMISSION"
+ " where ASYS_PERMISSIONID = '" + pPermId + "'";
@@ -288,12 +311,12 @@ function PermissionUtil () {}
}
/**
- * Gets the parent permission set of a set.
- *
- * @param {String} pSetId id of the permission set
- *
- * @result {String} returns id of the parent permission set of the given set. Never 'null', empty string if there is no result.
- */
+ * Gets the parent permission set of a set.
+ *
+ * @param {String} pSetId id of the permission set
+ *
+ * @result {String} returns id of the parent permission set of the given set. Never 'null', empty string if there is no result.
+ */
PermissionUtil.getParentSetOfSet = function(pSetId) {
var sqlStr = "select ASYS_PERMISSIONSET_ID from ASYS_PERMISSIONSET"
+ " where ASYS_PERMISSIONSETID = '" + pSetId + "'";
@@ -301,12 +324,12 @@ function PermissionUtil () {}
}
/**
- * Checks if the given permission set has any children left.
- *
- * @param {String} pSetId id of the permission set
- *
- * @result {Boolean} returns true if permission set has no children, otherwise false
- */
+ * Checks if the given permission set has any children left.
+ *
+ * @param {String} pSetId id of the permission set
+ *
+ * @result {Boolean} returns true if permission set has no children, otherwise false
+ */
PermissionUtil.setIsEmpty = function(pSetId) {
var subSets = PermissionUtil.getChildSetsOfSet(pSetId);
var subPerms = PermissionUtil.getPermissions([pSetId]);
@@ -318,42 +341,42 @@ function PermissionUtil () {}
}
/**
- * Returns all subordinated permissions of the given permission sets.
- *
- * @param {String[]} pSetIds ids of the permission sets
- *
- * @result {String[]} array with ids of all subordinated permissions. The result can never be null.
- */
+ * Returns all subordinated permissions of the given permission sets.
+ *
+ * @param {String[]} pSetIds ids of the permission sets
+ *
+ * @result {String[]} array with ids of all subordinated permissions. The result can never be null.
+ */
PermissionUtil.getPermissions = function(pSetIds) {
return db.table("select ASYS_PERMISSIONID from ASYS_PERMISSION where ASYS_PERMISSION.ASYS_PERMISSIONSET_ID in ('" + pSetIds.join("','") + "')", alias);
}
/**
- * Returns the condition type of the given permission.
- *
- * @param {String} pPermId the id of the permission, mandatory
- *
- * @result {String} returns the value of condtype (1 or 0). Never 'null', empty string if there is no result.
- */
+ * Returns the condition type of the given permission.
+ *
+ * @param {String} pPermId the id of the permission, mandatory
+ *
+ * @result {String} returns the value of condtype (1 or 0). Never 'null', empty string if there is no result.
+ */
PermissionUtil.getCondType = function(pPermId) {
return db.cell("select CONDTYPE from ASYS_PERMISSION where ASYS_PERMISSION.ASYS_PERMISSIONID = '" + pPermId + "'", alias);
}
/**
- * Inserts a new instance of a permission set into ASYS_PERMISSIONSET.
- *
- * @param {String} pParentPermSetId parent permission set, empty if root node
- *
- * @param {String} pEntity entity to which the PermissionSet is linked, mandatory
- *
- * @param {String} pRole Role to which the PermissionSet is linked, mandatory
- *
- * @param {String} pField Field to which the PermissionSet is linked, empty if no field permission
- *
- * @param {String} pAccessType Entity, Record or Field (E, R, F), mandatory
- *
- * @result {Integer} returns id of the inserted permission set
- */
+ * Inserts a new instance of a permission set into ASYS_PERMISSIONSET.
+ *
+ * @param {String} pParentPermSetId parent permission set, empty if root node
+ *
+ * @param {String} pEntity entity to which the PermissionSet is linked, mandatory
+ *
+ * @param {String} pRole Role to which the PermissionSet is linked, mandatory
+ *
+ * @param {String} pField Field to which the PermissionSet is linked, empty if no field permission
+ *
+ * @param {String} pAccessType Entity, Record or Field (E, R, F), mandatory
+ *
+ * @result {Integer} returns id of the inserted permission set
+ */
PermissionUtil.insertSet = function(pParentPermSetId, pEntity, pRole, pField, pAccessType) {
var table = "ASYS_PERMISSIONSET";
var cols = db.getColumns(table, alias);
@@ -364,18 +387,18 @@ function PermissionUtil () {}
}
/**
- * Inserts a new instance of a permission into ASYS_PERMISSION.
- *
- * @param {String} pParentSetId parent permission set, mandatory
- *
- * @param {String} pCond condition of the permission, empty if no condition
- *
- * @param {String} pCondType condition Type of the permission, should nearly always be "true"
- *
- * @param {String} pPermId id of the new permission (can be empty/null)
- *
- * @result {Integer} returns id of the inserted permission
- */
+ * Inserts a new instance of a permission into ASYS_PERMISSION.
+ *
+ * @param {String} pParentSetId parent permission set, mandatory
+ *
+ * @param {String} pCond condition of the permission, empty if no condition
+ *
+ * @param {String} pCondType condition Type of the permission, should nearly always be "true"
+ *
+ * @param {String} pPermId id of the new permission (can be empty/null)
+ *
+ * @result {Integer} returns id of the inserted permission
+ */
PermissionUtil.insertPermission = function(pParentSetId, pCond, pCondType, pPermId) {
var table = "ASYS_PERMISSION";
var cols = db.getColumns(table, alias);
@@ -391,16 +414,16 @@ function PermissionUtil () {}
}
/**
- * Inserts a new instance of a permission action into ASYS_PERMISSIONACTION.
- *
- * @param {String} pParentPermId parent permission, mandatory
- *
- * @param {String} pAction title of action (view, create,...), mandatory
- *
- * @param {String} pActionId id of the new permission action
- *
- * @result {Integer} returns id of the inserted permission action, returns null if insert was not possible
- */
+ * Inserts a new instance of a permission action into ASYS_PERMISSIONACTION.
+ *
+ * @param {String} pParentPermId parent permission, mandatory
+ *
+ * @param {String} pAction title of action (view, create,...), mandatory
+ *
+ * @param {String} pActionId id of the new permission action
+ *
+ * @result {Integer} returns id of the inserted permission action, returns null if insert was not possible
+ */
PermissionUtil.insertAction = function(pParentPermId, pAction, pActionId) {
var table = "ASYS_PERMISSIONACTION";
var cols = db.getColumns(table, alias);
@@ -447,22 +470,6 @@ function PermissionUtil () {}
}
return false;
}
-
- /**
- * Returns true if the action exists, otherwise false.
- *
- * @param {String} pActionId The id of the action
- *
- * @result {Boolean} true if action exists, otherwise false
- */
- PermissionUtil.actionExists = function(pActionId) {
- var table = "ASYS_PERMISSIONACTION";
- var sqlStr = "select COUNT(*) from " + table + " where ASYS_PERMISSION_ID = '" + pActionId + "'";
- if (db.cell(sqlStr, alias) != "0") {
- return true;
- }
- return false;
- }
/**
* Returns true if the action exists, otherwise false.
@@ -474,8 +481,7 @@ function PermissionUtil () {}
* @result {Boolean} true if action exists, otherwise false
*/
PermissionUtil.actionExists = function(pAction, pPermId) {
- var table = "ASYS_PERMISSIONACTION";
- var sqlStr = "select COUNT(*) from " + table + " where ACTION = '" + pAction + "' and ASYS_PERMISSION_ID = '" + pPermId + "'";
+ var sqlStr = "select COUNT(*) from ASYS_PERMISSIONACTION where ACTION = '" + pAction + "' and ASYS_PERMISSION_ID = '" + pPermId + "'";
if (db.cell(sqlStr, alias) != "0") {
return true;
}
@@ -507,12 +513,16 @@ function PermissionUtil () {}
if (checkInput([pCondition])) {
if (pCondition == noCond) {
- sqlExt += " and (CAST(COND AS VARCHAR(255)) = '" + pCondition + "' or COND is null)";
+ sqlExt += " and (" + sqlHelper.castLob("ASYS_PERMISSION.COND", 254) + " = '" + noCond + "' or COND is null)";
} else {
- sqlExt += " and CAST(COND AS VARCHAR(4000)) = '" + pCondition + "'";
+ // SqlMaskingUtils.castLob causes an error in this case (at least on derby-db)
+ // derby-db max size of char is 254 and castLob casts to char first, then to varchar
+ // size of a condition varies and can be bigger than 254
+ // this can cause errors on DBMS with small varchar max size
+ sqlExt += " and cast(ASYS_PERMISSION.COND as varchar(" + pCondition.length + ")) = '" + pCondition + "'";
}
}
-
+
if (checkInput([pField])) {
sqlExt += " and FIELD_ID = '" + pField + "'";
}
@@ -541,7 +551,7 @@ function PermissionUtil () {}
var cond = " ASYS_PERMISSIONACTIONID = '" + pActionId + "'";
return db.deleteData(table, cond, alias);
}
-
+
} //end of block
--
GitLab