Merge branch '1077127_showInheritedPermissionsInOverview' into '2021.1'

#1077127 show inherited permissions in overview See merge request xrm/basic!1219

Merge branch '1077127_showInheritedPermissionsInOverview' into '2021.1'
#1077127 show inherited permissions in overview See merge request xrm/basic!1219
a53acb24 · Sebastian Listl · 5b0813b6 · 2cec1b78 · a53acb24 · 5b0813b6
Commit a53acb24 authored 3 years ago by Sebastian Listl
--- a/entity/PermissionOverview_entity/PermissionOverview_entity.aod
+++ b/entity/PermissionOverview_entity/PermissionOverview_entity.aod
@@ -17,8 +17,9 @@
      <name>#PROVIDER</name>
    </entityProvider>
    <entityField>
-      <name>ENTITY</name>
-      <titleProcess>%aditoprj%/entity/PermissionOverview_entity/entityfields/entity/titleProcess.js</titleProcess>
+      <name>ENTITY_NAME</name>
+      <title>Entity</title>
+      <stateProcess>%aditoprj%/entity/PermissionOverview_entity/entityfields/entity_name/stateProcess.js</stateProcess>
    </entityField>
    <entityField>
      <name>ACTION_VIEW</name>
@@ -75,6 +76,13 @@
      <name>#PROVIDER_AGGREGATES</name>
      <useAggregates v="true" />
    </entityProvider>
+    <entityField>
+      <name>ROLE_NAME</name>
+      <title>Role</title>
+    </entityField>
+    <entityField>
+      <name>TREE_TABLE_PARENT</name>
+    </entityField>
  </entityFields>
  <recordContainers>
    <jDitoRecordContainer>
@@ -88,7 +96,10 @@
          <name>UID.value</name>
        </jDitoRecordFieldMapping>
        <jDitoRecordFieldMapping>
-          <name>ENTITY.value</name>
+          <name>ENTITY_NAME.value</name>
+        </jDitoRecordFieldMapping>
+        <jDitoRecordFieldMapping>
+          <name>ROLE_NAME.value</name>
        </jDitoRecordFieldMapping>
        <jDitoRecordFieldMapping>
          <name>ACTION_VIEW.value</name>
@@ -105,6 +116,9 @@
        <jDitoRecordFieldMapping>
          <name>ACTION_DELETE.value</name>
        </jDitoRecordFieldMapping>
+        <jDitoRecordFieldMapping>
+          <name>TREE_TABLE_PARENT.value</name>
+        </jDitoRecordFieldMapping>
      </recordFieldMappings>
    </jDitoRecordContainer>
  </recordContainers>

--- a/entity/PermissionOverview_entity/entityfields/entity/titleProcess.js
+++ b/entity/PermissionOverview_entity/entityfields/entity/titleProcess.js
-import("system.result");
-import("system.vars");
-import("system.translate");
-
-if (vars.exists("$param.RoleName_param") && vars.get("$param.RoleName_param")) {
-    result.string(translate.text("Entity"));
-} else if (vars.exists("$param.EntityId_param") && vars.get("$param.EntityId_param")) {
-    result.string(translate.text("Role"));
-}
\ No newline at end of file
--- a/entity/PermissionOverview_entity/entityfields/entity_name/stateProcess.js
+++ b/entity/PermissionOverview_entity/entityfields/entity_name/stateProcess.js
+import("system.vars");
+import("system.result");
+import("system.neon");
+
+// entity was opened - dont show entity name in table
+if (vars.exists("$param.EntityId_param") && vars.get("$param.EntityId_param"))
+{
+    result.string(neon.COMPONENTSTATE_INVISIBLE);
+}
\ No newline at end of file
--- a/entity/PermissionOverview_entity/recordcontainers/jdito/contentProcess.js
+++ b/entity/PermissionOverview_entity/recordcontainers/jdito/contentProcess.js
@@ -7,22 +7,20 @@ import("system.result");
 import("system.db");
 import("Permission_lib");

-var res = [];
+var overview = [];
 var roleName = "";
 var entityName = "";
 let alias = SqlUtils.getSystemAlias();

 var entitiesMetaData = project.getDataModels(project.DATAMODEL_KIND_ENTITY);
-var entitiesUsePermFlagSet = []; // array, which contains ids of entities with usePermission flag set
+var entitiesUsePermFlagSet = []; // array, which contains ids (names) of entities with usePermission flag set

-// gets all names of the entites which have the 'usePermission'-flag set (positive list)
-for each (let entityMetaData in entitiesMetaData) 
-{
-    if (entityMetaData[6] == "true") 
-    {
-        entitiesUsePermFlagSet.push(entityMetaData[0]);
-    }
-}
+// gets all names of the entites which have the 'usePermission'-flag set (entitiesMetaData[6] is true if usePermission is set)
+entitiesUsePermFlagSet = entitiesMetaData.filter(function (pEntityMetaDataEntry) {
+    return pEntityMetaDataEntry[6] == "true";
+}).map(function (pEntity) {
+    return pEntity[0];
+});

 var rolesOrEntitiesSelect = new SqlBuilder(alias).where();
 var rolesOrEntities = [];
@@ -47,49 +45,168 @@ rolesOrEntities = rolesOrEntitiesSelect
    .arrayColumn();

 var entityPermSetId = "";
-for each (var entry in rolesOrEntities)
+for each (var element in rolesOrEntities)
 { // entry contains either a role or an entity, depending on which param exists
-    var overview = {
-        uid: util.getNewUUID(), 
-        entry: entry, 
-        view: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
-        create: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
-        read: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
-        update: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
-        "delete": PermissionEnums.FORBIDDEN_ACTION_ICON()
-    };
-    
-    if (vars.exists("$param.RoleName_param") && vars.get("$param.RoleName_param"))
+    var overviewElement;
+    if (roleName)
    {
-        entityPermSetId = PermissionUtil.getSetRoot(roleName, entry);
-    } 
-    else if (vars.exists("$param.EntityId_param") && vars.get("$param.EntityId_param"))
+        overviewElement = {
+            uid: util.getNewUUID(), 
+            entity: element,
+            role: roleName,
+            view: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+            create: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+            read: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+            update: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+            "delete": PermissionEnums.FORBIDDEN_ACTION_ICON(),
+            parent: null
+        };
+    }
+    else if (entityName)
    {
-        entityPermSetId = PermissionUtil.getSetRoot(entry, entityName);
+        overviewElement = {
+            uid: util.getNewUUID(), 
+            entity: entityName,
+            role: element,
+            view: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+            create: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+            read: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+            update: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+            "delete": PermissionEnums.FORBIDDEN_ACTION_ICON(),
+            parent: null
+        }; 
    }

+    entityPermSetId = PermissionUtil.getSetRoot(overviewElement.role, overviewElement.entity);
+    
    if (entityPermSetId)
    {
        var recordPermSetId = PermissionUtil.getRecordSetOfEntitySet(entityPermSetId);
        
        // entity permissions
-        overview = prepareOverview(entityPermSetId, overview);
+        overviewElement = prepareOverviewElement(entityPermSetId, overviewElement);

        // record permissions
-        overview = prepareOverview(recordPermSetId, overview);
+        overviewElement = prepareOverviewElement(recordPermSetId, overviewElement);

-        res.push([overview.uid, overview.entry, overview.view, overview.create, overview.read, overview.update, overview["delete"]]);
+        overview.push([overviewElement.uid, overviewElement.entity, overviewElement.role, overviewElement.view, overviewElement.create, overviewElement.read, 
+            overviewElement.update, overviewElement["delete"], overviewElement.parent]);
+    }
+}
+
+// add permissions which are received through hierarchical inheritance (only hierarchies of custom roles)
+// role opened:
+if (roleName && roleName.startsWith("CUSTOM_"))
+{
+    // get child roles of the opened role - parent roles dont matter here
+    var childRoles = PermissionUtil.getChildRoles(roleName);
+    for each (let childRole in childRoles)
+    {
+        var childRoleName = childRole[1];
+        var permSets = PermissionUtil.getPermittedSetsOfRole(childRoleName, true);
+        
+        for each (var set in permSets)
+        {
+            overviewElement = {
+                uid: util.getNewUUID(), 
+                entity: set.entity,
+                role: set.role,
+                view: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+                create: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+                read: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+                update: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+                "delete": PermissionEnums.FORBIDDEN_ACTION_ICON(),
+                parent: null
+            }; 
+            
+            overviewElement = prepareOverviewElement(set.setid, overviewElement);
+            overview = mergeElementIntoOverviewByEntity(overview, overviewElement);
+        }  
+    }
+    
+    // loop over permissions created for this role and 
+    // merge them into the corresponding overview element
+    for each (let element in overview)
+    {
+        element = overviewElementArrayToObject(element);
+        if (element.role == roleName)
+        {
+            let overviewParentElement = getOverviewParentElementByEntity(overview, element.entity);
+            if (overviewParentElement) 
+            {
+                overview = mergeElementIntoOverviewByEntity(overview, element);
+                element.parent = overviewParentElement.uid;
+                overview[getIndexOfElement(overview, element)] = overviewElementObjectToArray(element);
+            }
+        }
+    }
+}
+// entity opened:
+else if (entityName)
+{
+    for each (let element in overview)
+    {
+        element = overviewElementArrayToObject(element);
+        // get parents of permitted role
+        var parents = PermissionUtil.getHierarchyParents(element.role);
+        
+        // loop over parents
+        // add overview element for every new parent
+        // add child to parent in overview
+        // merge actions of child element into parent element
+        for each (let parent in parents)
+        {
+            if (!overviewHasParentByRole(overview, parent))
+            {
+                overview = addOverviewParentByRole(overview, parent);
+            }
+            
+            let overviewParentElement = getOverviewParentElementByRole(overview, parent);
+            let idxOfParentElement = getIndexOfElement(overview, overviewParentElement);
+            
+            // merge child actions into parent
+            let mergedElement = getMaxPermittedElement(overviewParentElement, element);
+            overview[idxOfParentElement] = overviewElementObjectToArray(mergedElement);  
+            
+            // add child to parent in overview tree table
+            // create a copy of the child element with a new uid and link to the parent
+            // thats necessary because the "main" element must also be displayed in the overview, not only as a child of another role
+            element.parent = overviewParentElement.uid;
+            element.uid = util.getNewUUID();
+            overview.push(overviewElementObjectToArray(element));
+        }
+    }
+    
+    for each (let element in overview)
+    {
+        element = overviewElementArrayToObject(element);
+        // handle permissions created for this entity which are existing without inheritance
+        let overviewParentElement = getOverviewParentElementByRole(overview, element.role);
+        if (overviewParentElement && element.entity != null)
+        {
+            // merge parent with child
+            let mergedElement = getMaxPermittedElement(overviewParentElement, element);
+            overview[getIndexOfElement(overview, overviewParentElement)] = overviewElementObjectToArray(mergedElement);
+            // remove "base" element which has a parent with the same name
+            // this happens if a role is a parent role and therfore has children and also has own permissions
+            overview.splice(getIndexOfElement(overview, element), 1);
+            // and link child to the corresponding parent
+            element.parent = overviewParentElement.uid;
+            element.uid = util.getNewUUID();
+            overview.push(overviewElementObjectToArray(element));
+        }
    }
 }

 var order = vars.get("$local.order");
 var columnOrder = {
-    "ENTITY.value" : 1,
-    "ACTION_VIEW.value" : 2,
-    "ACTION_CREATE.value" : 3,
-    "ACTION_READ.value" : 4,
-    "ACTION_UPDATE.value" : 5,
-    "ACTION_DELETE.value" : 6
+    "ENTITY_NAME.value" : 1,
+    "ROLE_NAME.value": 2,
+    "ACTION_VIEW.value" : 3,
+    "ACTION_CREATE.value" : 4,
+    "ACTION_READ.value" : 5,
+    "ACTION_UPDATE.value" : 6,
+    "ACTION_DELETE.value" : 7
 };
 var sortOrder = [];
 for (let field in order)
@@ -103,26 +220,28 @@ for (let field in order)
 if (!sortOrder.length) //sort by entity or role by default
    sortOrder = [1, false];

-ArrayUtils.sortMulti(res, sortOrder);
+ArrayUtils.sortMulti(overview, sortOrder);

-result.object(res);
+result.object(overview);

-function prepareOverview(pPermSetId, pOverview) {
-    if (!pPermSetId) { return pOverview; }
+function prepareOverviewElement(pPermSetId, pOverviewElement) {
+    if (!pPermSetId || !pOverviewElement) {
+        return null;
+    }
    
-    var conditionalPermActionId = [];
-    var overview = pOverview;
+    var conditionalPermActionIds = [];
+    var overviewElement = pOverviewElement;

    var permId = PermissionUtil.getPermissionWithoutCond(pPermSetId);
-    if (permId && permId != "")
+    if (permId)
    {
-        var defaultPermActionId = PermissionUtil.getActions([permId]);
+        var defaultPermActionIds = PermissionUtil.getActions([permId]);
    
        if (PermissionUtil.getCondType(permId) == 1)
        {
-            for each (let actionSets in defaultPermActionId)
+            for each (let actionId in defaultPermActionIds)
            {
-                overview[PermissionUtil.resolveActionId(actionSets)] = PermissionEnums.PERMITTED_ACTION_ICON();
+                overviewElement[PermissionUtil.resolveActionId(actionId)] = PermissionEnums.PERMITTED_ACTION_ICON();
            }
        }       
    }
@@ -131,19 +250,200 @@ function prepareOverview(pPermSetId, pOverview) {
    
    if (permIds && permIds.length > 0)
    {
-        for each (let permId in permIds)
-        {
-            conditionalPermActionId.push(PermissionUtil.getActions([permId]));
-        }
+        conditionalPermActionIds = permIds.map(function (permId) {
+            return PermissionUtil.getActions([permId]);
+        });

-        for each (let actionSets in conditionalPermActionId)
+        for each (let actionIds in conditionalPermActionIds)
        {
-            for each (let action in actionSets)
+            for each (let actionId in actionIds)
            {
-                overview[PermissionUtil.resolveActionId(action)] = PermissionEnums.RESTRICTED_ACTION_ICON();
+                overviewElement[PermissionUtil.resolveActionId(actionId)] = PermissionEnums.RESTRICTED_ACTION_ICON();
            }
        }
    }

+    return overviewElement;
+}
+
+function mergeElementIntoOverviewByEntity(pOverview, pNewElement)
+{
+    var overview = pOverview;
+   
+    if (!overviewHasParentByEntity(overview, pNewElement.entity))
+    {
+        overview = addOverviewParentByEntity(overview, pNewElement.entity);
+    }
+
+    var overviewParentElement = getOverviewParentElementByEntity(overview, pNewElement.entity);
+    var idxOfParentElement = getIndexOfElement(overview, overviewParentElement);
+    var mergedElement = getMaxPermittedElement(overviewParentElement, pNewElement);
+    
+    // merged element has to be replaced
+    overview[idxOfParentElement] = overviewElementObjectToArray(mergedElement);
+    // new element has to be added to the overview to the right tree table parent
+    // if a element with the same entity-role-combination already exists merge their entries with each other
+    // this happens because this function gets called for every permission set which have entity or record access type
+    // for entity access type view and create actions getting added
+    // for record access type read, update and delete actions getting added
+    // so for each overview entry there can be two permission sets
+    var overviewElementWithSameEntityRoleCombination = getOverviewElementWithSameEntityRoleCombination(overview, pNewElement.entity, pNewElement.role);
+    if (overviewElementWithSameEntityRoleCombination)
+    {
+        var idxOfOverviewElementWithSameEntityRoleCombination = getIndexOfElement(overview, overviewElementWithSameEntityRoleCombination);
+        mergedElement = getMaxPermittedElement(overviewElementWithSameEntityRoleCombination, pNewElement);
+        overview[idxOfOverviewElementWithSameEntityRoleCombination] = overviewElementObjectToArray(mergedElement);
+    }
+    else
+    {
+        pNewElement.parent = overviewParentElement.uid;
+        overview.push(overviewElementObjectToArray(pNewElement));        
+    }
+    
+    return overview;
+}
+
+function getMaxPermittedElement(pElementA, pElementB)
+{
+    // element is the result element
+    // every property gets overwritten - pElementA is only used to get the object structure
+    var element = pElementA;
+
+    element.view = getActionIconByValue(Math.max(getValueOfActionIcon(pElementA.view), getValueOfActionIcon(pElementB.view)));
+    element.create = getActionIconByValue(Math.max(getValueOfActionIcon(pElementA.create), getValueOfActionIcon(pElementB.create)));
+    element.read = getActionIconByValue(Math.max(getValueOfActionIcon(pElementA.read), getValueOfActionIcon(pElementB.read)));
+    element.update = getActionIconByValue(Math.max(getValueOfActionIcon(pElementA.update), getValueOfActionIcon(pElementB.update)));
+    element["delete"] = getActionIconByValue(Math.max(getValueOfActionIcon(pElementA["delete"]), getValueOfActionIcon(pElementB["delete"])));
+    
+    return element;
+}
+
+function getValueOfActionIcon(pActionIcon)
+{
+    if (pActionIcon == PermissionEnums.PERMITTED_ACTION_ICON()) return 2;
+    if (pActionIcon == PermissionEnums.RESTRICTED_ACTION_ICON()) return 1;
+    if (pActionIcon == PermissionEnums.FORBIDDEN_ACTION_ICON()) return 0;
+    return -1;
+}
+
+function getActionIconByValue(pValue)
+{
+    if (pValue == 2) return PermissionEnums.PERMITTED_ACTION_ICON();
+    if (pValue == 1) return PermissionEnums.RESTRICTED_ACTION_ICON();
+    if (pValue == 0) return PermissionEnums.FORBIDDEN_ACTION_ICON();
+    return PermissionEnums.FORBIDDEN_ACTION_ICON();
+}
+
+function overviewElementArrayToObject(pOverviewElementArray)
+{
+    if (pOverviewElementArray)
+    {
+        return {
+            uid: pOverviewElementArray[0], 
+            entity: pOverviewElementArray[1],
+            role: pOverviewElementArray[2],
+            view: pOverviewElementArray[3], 
+            create: pOverviewElementArray[4], 
+            read: pOverviewElementArray[5], 
+            update: pOverviewElementArray[6], 
+            "delete": pOverviewElementArray[7],
+            parent: pOverviewElementArray[8]
+        }; 
+    }
+    
+    return null;
+}
+
+function overviewElementObjectToArray(pOverviewElementObject)
+{
+    return [pOverviewElementObject.uid, pOverviewElementObject.entity, pOverviewElementObject.role, pOverviewElementObject.view,
+    pOverviewElementObject.create, pOverviewElementObject.read, pOverviewElementObject.update, pOverviewElementObject["delete"], pOverviewElementObject.parent];
+}
+
+function overviewHasParentByEntity(pOverview, pEntity)
+{
+    return pOverview.some(function (element) {
+        element = overviewElementArrayToObject(element);
+        return element.entity == pEntity && element.role == null;
+    });
+}
+
+function overviewHasParentByRole(pOverview, pRole)
+{
+    return pOverview.some(function (element) {
+        element = overviewElementArrayToObject(element);
+        return element.role == pRole && element.entity == null;
+    });
+}
+
+function addOverviewParentByEntity(pOverview, pEntity)
+{
+    let overview = pOverview;
+    // build new empty parent overview element and push it into overview
+    let overviewElementParent = {
+        uid: util.getNewUUID(), 
+        entity: pEntity,
+        role: null,
+        view: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+        create: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+        read: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+        update: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+        "delete": PermissionEnums.FORBIDDEN_ACTION_ICON(),
+        parent: null
+    }; 
+    overview.push(overviewElementObjectToArray(overviewElementParent));
+    return overview;
+}
+
+function addOverviewParentByRole(pOverview, pRole)
+{
+    let overview = pOverview;
+    // build new empty parent overview element and push it into overview
+    let overviewElementParent = {
+        uid: util.getNewUUID(), 
+        entity: null,
+        role: pRole,
+        view: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+        create: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+        read: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+        update: PermissionEnums.FORBIDDEN_ACTION_ICON(), 
+        "delete": PermissionEnums.FORBIDDEN_ACTION_ICON(),
+        parent: null
+    }; 
+    overview.push(overviewElementObjectToArray(overviewElementParent));
    return overview;
+}
+
+function getOverviewParentElementByEntity(pOverview, pEntity)
+{
+    return overviewElementArrayToObject(pOverview.find(function (element) {
+        element = overviewElementArrayToObject(element);
+        return element.entity == pEntity && element.role == null;
+    }));
+}
+
+function getOverviewParentElementByRole(pOverview, pRole)
+{
+    return overviewElementArrayToObject(pOverview.find(function (element) {
+        element = overviewElementArrayToObject(element);
+        return element.role == pRole && element.entity == null;
+    }));
+}
+
+function getIndexOfElement(pOverview, pElement)
+{
+    if (!pOverview || !pElement) return -1;
+    
+    return pOverview.findIndex(function (element) {
+        element = overviewElementArrayToObject(element);
+        return element.uid == pElement.uid;
+    });
+}
+
+function getOverviewElementWithSameEntityRoleCombination(pOverview, pEntity, pRole)
+{
+    return overviewElementArrayToObject(pOverview.find(function (element) {
+        element = overviewElementArrayToObject(element);
+        return element.entity == pEntity && element.role == pRole;
+    }));
 }
\ No newline at end of file
--- a/neonView/PermissionOverviewFilter_view/PermissionOverviewFilter_view.aod
+++ b/neonView/PermissionOverviewFilter_view/PermissionOverviewFilter_view.aod
@@ -10,41 +10,44 @@
    </groupLayout>
  </layout>
  <children>
-    <tableViewTemplate>
-      <name>Table</name>
-      <iconField>#ICON</iconField>
-      <titleField>ENTITY</titleField>
-      <entityField>#ENTITY</entityField>
+    <treeTableViewTemplate>
+      <name>overview</name>
+      <parentField>TREE_TABLE_PARENT</parentField>
+      <expandRootItems v="false" />
      <columns>
-        <neonTableColumn>
-          <name>2d83af69-cafe-471c-92de-0e6e66ba51aa</name>
+        <neonTreeTableColumn>
+          <name>71148aa5-1b0a-4881-b54a-2b79cd736ea3</name>
          <entityField>#ICON</entityField>
-        </neonTableColumn>
-        <neonTableColumn>
-          <name>16c4d649-ec91-415d-9768-78d0581ad44a</name>
-          <entityField>ENTITY</entityField>
-        </neonTableColumn>
-        <neonTableColumn>
-          <name>f3e96f53-fb65-4b98-a189-cead544c17d8</name>
+        </neonTreeTableColumn>
+        <neonTreeTableColumn>
+          <name>87f92931-0b77-42b8-8d9d-727c79ccb025</name>
+          <entityField>ENTITY_NAME</entityField>
+        </neonTreeTableColumn>
+        <neonTreeTableColumn>
+          <name>05aa1587-2e9a-43aa-ad35-665ca4127e2f</name>
+          <entityField>ROLE_NAME</entityField>
+        </neonTreeTableColumn>
+        <neonTreeTableColumn>
+          <name>3ae98105-1435-49a8-b83b-44d1bc76865d</name>
          <entityField>ACTION_VIEW</entityField>
-        </neonTableColumn>
-        <neonTableColumn>
-          <name>d21161a7-51e8-4c83-9c92-b6a0d24ddc62</name>
+        </neonTreeTableColumn>
+        <neonTreeTableColumn>
+          <name>1d8ef317-8178-466a-99fd-7bf6957d5e12</name>
          <entityField>ACTION_CREATE</entityField>
-        </neonTableColumn>
-        <neonTableColumn>
-          <name>c5679586-7f99-4ea5-99f4-94422e70c999</name>
+        </neonTreeTableColumn>
+        <neonTreeTableColumn>
+          <name>d6e8bba6-ee62-4473-aeaa-22b5225518e6</name>
          <entityField>ACTION_READ</entityField>
-        </neonTableColumn>
-        <neonTableColumn>
-          <name>0699fd7b-d4ac-4ef8-ac19-1cd249ce3251</name>
+        </neonTreeTableColumn>
+        <neonTreeTableColumn>
+          <name>8b4513c0-f731-486c-bbd9-ffd29f4d109c</name>
          <entityField>ACTION_UPDATE</entityField>
-        </neonTableColumn>
-        <neonTableColumn>
-          <name>f7c3479e-e635-44f1-afc0-45570c4fffe9</name>
+        </neonTreeTableColumn>
+        <neonTreeTableColumn>
+          <name>716710a5-4219-464a-bcec-a6eb27948eb2</name>
          <entityField>ACTION_DELETE</entityField>
-        </neonTableColumn>
+        </neonTreeTableColumn>
      </columns>
-    </tableViewTemplate>
+    </treeTableViewTemplate>
  </children>
 </neonView>
--- a/process/Permission_lib/process.js
+++ b/process/Permission_lib/process.js
@@ -24,25 +24,25 @@ PermissionEnums.ACCESSTYPE_RECORD = function () {
 }
 PermissionEnums.ACTION_VIEW = function() {
    return "view"
-    };
+};
 PermissionEnums.ACTION_CREATE = function() {
    return "create"
-    };
+};
 PermissionEnums.ACTION_READ = function() {
    return "read"
-    };
+};
 PermissionEnums.ACTION_UPDATE = function() {
    return "update"
-    };
+};
 PermissionEnums.ACTION_DELETE = function() {
    return "delete"
-    };
+};
 PermissionEnums.CONDITIONTYPE_DEFAULT = function() {
    return "default"
-    };
+};
 PermissionEnums.CONDITIONTYPE_CONDITIONAL = function() {
    return "conditional"
-    };
+};
 PermissionEnums.PERMITTED_ACTION_ICON = function () {
    return "VAADIN:CIRCLE";
 }
@@ -755,7 +755,7 @@ function PermissionUtil () {}
    }
    
    /**
-     * Returns all child role ids and names of the given role.
+     * Returns all child role ids and names of the given role. The ID is not the ID of the role itself but the ID of the hierarchical link.
     * 
     * @param {String} pRoleName parent role name, mandatory
     * 
@@ -933,6 +933,56 @@ function PermissionUtil () {}
        .arrayColumn();
    }
    
+    /**
+     * Gets the role hierarchy of custom roles. A result entry contains an id, the parent role and the linked child role.
+     * 
+     * @result {Object[]} returns an array of objects with the following properties: {id, parent, child}
+     */
+    PermissionUtil.getRoleHierarchy = function()
+    {
+        var selectHierarchy = newSelect("ID, PARENT_ROLE, CHILD_ROLE", alias)
+        .from("ASYS_ROLES_CHILDREN")
+        .table();
+        
+        return selectHierarchy.map(function (entry) {
+            return {
+                id: entry[0],
+                parent: entry[1],
+                child: entry[2]
+            } 
+        });
+    }
+    
+    /**
+     * Gets all permitted sets of the given role.
+     * 
+     * @param pRoleName the name of the role.
+     * 
+     * @param pReturnAsObject true if the result should be returned as object. As default it returns an array.
+     * 
+     * @return {Array[]} returns an string array with all permitted sets and their data. [0]: setid, [1] parentsetid, [2]: entity, [3]: role, [4]: field, [5]: accesstype. Object property names are the same.
+     */
+    PermissionUtil.getPermittedSetsOfRole = function(pRoleName, pReturnAsObject)
+    {
+        var permittedSetsArray = newSelect("ASYS_PERMISSIONSETID, ASYS_PERMISSIONSET_ID, ENTITY_ID, ROLE_ID, FIELD_ID, ACCESSTYPE", alias)
+        .from("ASYS_PERMISSIONSET")
+        .where("ASYS_PERMISSIONSET.ROLE_ID", pRoleName)
+        .table();
+        
+        if (!pReturnAsObject) return permittedSetsArray;
+        
+        return permittedSetsArray.map(function (set) {
+            return {
+                setid: set[0],
+                parentsetid: set[1],
+                entity: set[2],
+                role: set[3],
+                field: set[4],
+                accesstype: set[5]
+            };
+        });
+    }
+    
 } //end of block