From 9f3d6d34577e2fdf27244b70cc60e204cecb3994 Mon Sep 17 00:00:00 2001
From: Simon Leipold <s.leipold@adito.de>
Date: Tue, 3 Mar 2020 15:20:38 +0100
Subject: [PATCH] =?UTF-8?q?[Projekt:=20Entwicklung=20-=20Neon][TicketNr.:?=
=?UTF-8?q?=201048120][L=C3=B6schen=20einer=20Rolle=20entfernt=20nicht=20d?=
=?UTF-8?q?ie=20zugeh=C3=B6rigen=20Permissions]?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../RoleChildren_entity.aod | 2 +-
entity/Role_entity/Role_entity.aod | 6 +++
.../onActionProcess.js | 4 ++
entity/Role_entity/grantDeleteProcess.js | 3 +-
.../recordcontainers/jdito/onDelete.js | 3 --
.../RoleChildrenList_view.aod | 3 ++
process/Permission_lib/process.js | 40 +++++++++++++++++++
7 files changed, 56 insertions(+), 5 deletions(-)
create mode 100644 entity/Role_entity/entityfields/deleteeverythinglinkedtorole/onActionProcess.js
diff --git a/entity/RoleChildren_entity/RoleChildren_entity.aod b/entity/RoleChildren_entity/RoleChildren_entity.aod
index e47bc44a0e..e550842296 100644
--- a/entity/RoleChildren_entity/RoleChildren_entity.aod
+++ b/entity/RoleChildren_entity/RoleChildren_entity.aod
@@ -3,7 +3,7 @@
<name>RoleChildren_entity</name>
<majorModelMode>DISTRIBUTED</majorModelMode>
<title>Child</title>
- <titlePlural>Children</titlePlural>
+ <titlePlural>Child Roles</titlePlural>
<recordContainer>jDito</recordContainer>
<entityFields>
<entityProvider>
diff --git a/entity/Role_entity/Role_entity.aod b/entity/Role_entity/Role_entity.aod
index 526b317caf..7011adb059 100644
--- a/entity/Role_entity/Role_entity.aod
+++ b/entity/Role_entity/Role_entity.aod
@@ -139,6 +139,12 @@
</entityParameter>
</children>
</entityConsumer>
+ <entityActionField>
+ <name>deleteEverythingLinkedToRole</name>
+ <title>delete linked permissions and hierarchies</title>
+ <onActionProcess>%aditoprj%/entity/Role_entity/entityfields/deleteeverythinglinkedtorole/onActionProcess.js</onActionProcess>
+ <iconId>VAADIN:CLOSE</iconId>
+ </entityActionField>
</entityFields>
<recordContainers>
<jDitoRecordContainer>
diff --git a/entity/Role_entity/entityfields/deleteeverythinglinkedtorole/onActionProcess.js b/entity/Role_entity/entityfields/deleteeverythinglinkedtorole/onActionProcess.js
new file mode 100644
index 0000000000..5d03bdd560
--- /dev/null
+++ b/entity/Role_entity/entityfields/deleteeverythinglinkedtorole/onActionProcess.js
@@ -0,0 +1,4 @@
+import("Permission_lib");
+import("system.vars");
+
+PermissionUtil.deleteEverythingLinkedToRole(vars.get("$field.ROLENAME"));
\ No newline at end of file
diff --git a/entity/Role_entity/grantDeleteProcess.js b/entity/Role_entity/grantDeleteProcess.js
index 81c7d9f200..e07fa2dc73 100644
--- a/entity/Role_entity/grantDeleteProcess.js
+++ b/entity/Role_entity/grantDeleteProcess.js
@@ -1,7 +1,8 @@
+import("Permission_lib");
import("system.vars");
import("system.result");
-if (vars.get("$field.ROLETYPE") == "CUSTOM") {
+if (vars.get("$field.ROLETYPE") == "CUSTOM" && PermissionUtil.roleIsDeletable(vars.get("$field.ROLENAME"))) {
result.string(true);
} else {
result.string(false);
diff --git a/entity/Role_entity/recordcontainers/jdito/onDelete.js b/entity/Role_entity/recordcontainers/jdito/onDelete.js
index 9cea527529..6e8defeda6 100644
--- a/entity/Role_entity/recordcontainers/jdito/onDelete.js
+++ b/entity/Role_entity/recordcontainers/jdito/onDelete.js
@@ -5,9 +5,6 @@ import("system.vars");
var selectedRole = vars.get("$field.ROLENAME"); // field got prefix "CUSTOM_" already
var usersWithSelectedRole = tools.getUsersWithRole(selectedRole);
-// delete permissions linked to this role
-PermissionUtil.deleteEverythingLinkedToRole(selectedRole);
-
// remove role from all users with this role
for each (let userWithSelectedRole in usersWithSelectedRole) {
var user = tools.getUser(userWithSelectedRole);
diff --git a/neonView/RoleChildrenList_view/RoleChildrenList_view.aod b/neonView/RoleChildrenList_view/RoleChildrenList_view.aod
index 4f5289080b..f09ab194dc 100644
--- a/neonView/RoleChildrenList_view/RoleChildrenList_view.aod
+++ b/neonView/RoleChildrenList_view/RoleChildrenList_view.aod
@@ -11,6 +11,9 @@
<titledListViewTemplate>
<name>TitledList</name>
<entityField>#ENTITY</entityField>
+ <isDeletable v="false" />
+ <isEditable v="false" />
+ <isCreatable v="false" />
<columns>
<neonTitledListTableColumn>
<name>0451e2ec-e216-4d4f-8080-e6b9aaf56613</name>
diff --git a/process/Permission_lib/process.js b/process/Permission_lib/process.js
index 2362b10b23..c4ced9f28c 100644
--- a/process/Permission_lib/process.js
+++ b/process/Permission_lib/process.js
@@ -796,6 +796,46 @@ function PermissionUtil () {}
return affectedEntrys;
}
+ /**
+ * Checks if the given role is deletable. This includes checks for linked permissions and hierarchies.
+ *
+ * @param {String} pRole name of the role, mandatory
+ *
+ * @result {Boolean} returns true if role is deletable, otherwise false
+ */
+ PermissionUtil.roleIsDeletable = function(pRole) {
+ // check for linked permissions
+ var sets = newSelect("ASYS_PERMISSIONSETID", alias)
+ .from("ASYS_PERMISSIONSET")
+ .where("ASYS_PERMISSIONSET.ROLE_ID", pRole)
+ .arrayColumn(true);
+ var perms = this.getPermissions(sets);
+ var actions = this.getActions(perms);
+
+ if (sets.length != 0 || perms.length != 0 || actions.length != 0) {
+ return false;
+ }
+
+ // check for linked hierarchies
+ // hierarchies where pRole is child
+ var parentHierarchies = newSelect("PARENT_ROLE", alias)
+ .from("ASYS_ROLES_CHILDREN")
+ .where("ASYS_ROLES_CHILDREN.CHILD_ROLE", pRole)
+ .arrayColumn(true);
+
+ // hierarchies where pRole is parent
+ var childHierarchies = newSelect("CHILD_ROLE", alias)
+ .from("ASYS_ROLES_CHILDREN")
+ .where("ASYS_ROLES_CHILDREN.PARENT_ROLE", pRole)
+ .arrayColumn(true);
+
+ if (parentHierarchies.length != 0 || childHierarchies != 0) {
+ return false;
+ }
+
+ return true;
+ }
+
} //end of block
--
GitLab