#1047712 PermissionDetail - TreeTable fehlerhafte Anzeige von Datensätzen - refactor sql

b3cdacf0 · Simon Leipold · 2c3f1137 · b3cdacf0 · b3cdacf0
Commit b3cdacf0 authored 5 years ago by Simon Leipold
--- a/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
+++ b/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
+import("system.SQLTYPES");
 import("Sql_lib");
 import("system.db");
 import("system.vars");
@@ -7,16 +8,17 @@ import("Permission_lib");
 var alias = SqlUtils.getSystemAlias();
 var rootPermId = "";
 var entity = vars.get("$field.ENTITY");
-var role = vars.get("$field.ROLE");
+var roleTitle = vars.get("$field.ROLE");
+var roleName = PermissionUtil.resolveRoleTitle(roleTitle);
 var cond = vars.get("$field.CONDITION");
 var field = vars.get("$field.FIELD");
 var accesstype = vars.get("$field.ACCESSTYPE");
 var emptyCond = PermissionUtil.getEmptyCondString(entity);
-var permSetId = PermissionUtil.getSet(role, entity, accesstype, field);
-var fieldWhereCond = " and ASYS_PERMISSIONSET.FIELD_ID is null"
+var permSetId = PermissionUtil.getSet(roleName, entity, accesstype, field);
+var fieldWhereCond = "ASYS_PERMISSIONSET.FIELD_ID is null";

 if (field != "") {
-    fieldWhereCond = " and ASYS_PERMISSIONSET.FIELD_ID = '" + field + "'"
+    fieldWhereCond = "ASYS_PERMISSIONSET.FIELD_ID = '" + field + "'";
 }

 if (permSetId != "") {
@@ -24,8 +26,16 @@ if (permSetId != "") {
    if (cond == "" || cond == emptyCond) {
        rootPermId = PermissionUtil.getPermissionWithoutCond(permSetId);
    } else { // conditional permission
-        let sqlStr = "select ASYS_PERMISSIONID from ASYS_PERMISSION join ASYS_PERMISSIONSET on ASYS_PERMISSIONSET.ASYS_PERMISSIONSETID = ASYS_PERMISSION.ASYS_PERMISSIONSET_ID where cast(ASYS_PERMISSION.COND as varchar(" + cond.length + ")) = '" + cond + "'" + fieldWhereCond + " and ASYS_PERMISSIONSET.ROLE_ID='" + role + "' and ASYS_PERMISSIONSET.ENTITY_ID='" + entity + "'";
-        rootPermId = db.cell(sqlStr, alias);
+        var sqlHelper = new SqlMaskingUtils(alias);
+        
+        rootPermId = newSelect("ASYS_PERMISSIONID", alias)
+            .from("ASYS_PERMISSION")
+            .join("ASYS_PERMISSIONSET", "ASYS_PERMISSIONSET.ASYS_PERMISSIONSETID = ASYS_PERMISSION.ASYS_PERMISSIONSET_ID")
+            .where("ASYS_PERMISSION.COND", cond, sqlHelper.cast("#", SQLTYPES.VARCHAR, cond.length) + " = ?")
+            .and(fieldWhereCond)
+            .and("ASYS_PERMISSIONSET.ROLE_ID", roleName)
+            .and("ASYS_PERMISSIONSET.ENTITY_ID", entity)
+            .cell();
    }
    
    // return valid permId

--- a/entity/PermissionOverview_entity/recordcontainers/jdito/contentProcess.js
+++ b/entity/PermissionOverview_entity/recordcontainers/jdito/contentProcess.js
@@ -6,8 +6,8 @@ import("system.db");
 import("Permission_lib");

 var res = [];
-var roleTitle = "";
-var entityTitle = "";
+var roleName = "";
+var entityName = "";
 var sqlCond = "";
 var sqlStr = "";
 let alias = SqlUtils.getSystemAlias();
@@ -23,41 +23,50 @@ for each (let entityMetaData in entitiesMetaData) {
    }
 }

-var sqlCondEntityUsePermFlagSet = " and ENTITY_ID in ('" + entitiesUsePermFlagSet.join("','") + "')";
+var rolesOrEntitiesSelect = new SqlBuilder(alias).where();
+var rolesOrEntities = [];

 if (vars.exists("$param.RoleTitle_param") && vars.get("$param.RoleTitle_param")) {
-    roleTitle = vars.getString("$param.RoleTitle_param");
-    if (roleTitle == roleInternalEveryone) {
+    roleName = vars.getString("$param.RoleTitle_param");
+    if (roleName == roleInternalEveryone) {
        var counter = 0;
        for each (let entityUsePermFlagSet in entitiesUsePermFlagSet) {
-            if (PermissionUtil.getNumberOfPermissions(entityUsePermFlagSet, roleTitle) == 0) {
+            if (PermissionUtil.getNumberOfPermissions(entityUsePermFlagSet, roleName) == 0) {
                // no permissions for INTERNAL_EVERYONE found -> display X's for all actions
                res.push(["NOREALPERMINDB" + counter++, entityUsePermFlagSet, "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE"]);
            }
        }
    }
-    sqlCond = " where ROLE_ID = '" + roleTitle + "'";
-    sqlStr = "select distinct ENTITY_ID from ASYS_PERMISSIONSET" + sqlCond + sqlCondEntityUsePermFlagSet;
+    rolesOrEntitiesSelect.select("distinct ASYS_PERMISSIONSET.ENTITY_ID")
+        .from("ASYS_PERMISSIONSET")
+        .and("ASYS_PERMISSIONSET.ROLE_ID", roleName);
 } else if (vars.exists("$param.EntityTitle_param") && vars.get("$param.EntityTitle_param")) {
-    entityTitle = vars.getString("$param.EntityTitle_param");
-    if (PermissionUtil.getNumberOfPermissions(entityTitle, roleInternalEveryone) == 0) {
+    entityName = vars.getString("$param.EntityTitle_param");
+    if (PermissionUtil.getNumberOfPermissions(entityName, roleInternalEveryone) == 0) {
        // no permissions for INTERNAL_EVERYONE found -> display X's for all actions
        res.push(["NOREALPERMINDB", roleInternalEveryone, "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE"]);
    }
-    sqlCond = " where ENTITY_ID = '" + entityTitle + "'";
-    sqlStr = "select distinct ROLE_ID from ASYS_PERMISSIONSET" + sqlCond + sqlCondEntityUsePermFlagSet;
+    rolesOrEntitiesSelect.select("distinct ASYS_PERMISSIONSET.ROLE_ID")
+        .from("ASYS_PERMISSIONSET")
+        .and("ASYS_PERMISSIONSET.ENTITY_ID", entityName);
 }

-var rolesOrEntities = db.array(db.COLUMN, sqlStr);
+rolesOrEntities = rolesOrEntitiesSelect
+    .and("ASYS_PERMISSIONSET.ENTITY_ID", entitiesUsePermFlagSet, SqlBuilder.IN())
+    .arrayColumn();
+
 var entityPermSetId = "";
 for each (var entry in rolesOrEntities) { // entry contains either a role or an entity, depending on which param exists
    if (vars.exists("$param.RoleTitle_param") && vars.get("$param.RoleTitle_param")) {
-        entityPermSetId = PermissionUtil.getSetRoot(roleTitle, entry);
+        entityPermSetId = PermissionUtil.getSetRoot(roleName, entry);
    } else if (vars.exists("$param.EntityTitle_param") && vars.get("$param.EntityTitle_param")) {
-        entityPermSetId = PermissionUtil.getSetRoot(entry, entityTitle);
+        entityPermSetId = PermissionUtil.getSetRoot(entry, entityName);
    }
-    var recordPermSetId = db.array(db.COLUMN, SqlCondition.begin().and("ASYS_PERMISSIONSET_ID = '" + entityPermSetId + "'").and("ACCESSTYPE = 'R'")
-        .buildSql("select ASYS_PERMISSIONSETID from ASYS_PERMISSIONSET"), alias);
+    var recordPermSetId = newSelect("ASYS_PERMISSIONSET.ASYS_PERMISSIONSETID", alias)
+    .from("ASYS_PERMISSIONSET")
+    .where("ASYS_PERMISSIONSET.ASYS_PERMISSIONSET_ID", entityPermSetId)
+    .and("ASYS_PERMISSIONSET.ACCESSTYPE", 'R')
+    .arrayColumn();
    var currOverview = [entityPermSetId, entry, "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE"];

    // default entity permissions