diff --git a/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js b/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
index db4185a1cc56f6d0ab7b8d34e83ad8c9b62fc91c..74184cabbc33d5b127564052dbf1a3c3ee062a81 100644
--- a/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
+++ b/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
@@ -1,3 +1,4 @@
+import("system.SQLTYPES");
import("Sql_lib");
import("system.db");
import("system.vars");
@@ -7,16 +8,17 @@ import("Permission_lib");
var alias = SqlUtils.getSystemAlias();
var rootPermId = "";
var entity = vars.get("$field.ENTITY");
-var role = vars.get("$field.ROLE");
+var roleTitle = vars.get("$field.ROLE");
+var roleName = PermissionUtil.resolveRoleTitle(roleTitle);
var cond = vars.get("$field.CONDITION");
var field = vars.get("$field.FIELD");
var accesstype = vars.get("$field.ACCESSTYPE");
var emptyCond = PermissionUtil.getEmptyCondString(entity);
-var permSetId = PermissionUtil.getSet(role, entity, accesstype, field);
-var fieldWhereCond = " and ASYS_PERMISSIONSET.FIELD_ID is null"
+var permSetId = PermissionUtil.getSet(roleName, entity, accesstype, field);
+var fieldWhereCond = "ASYS_PERMISSIONSET.FIELD_ID is null";
if (field != "") {
- fieldWhereCond = " and ASYS_PERMISSIONSET.FIELD_ID = '" + field + "'"
+ fieldWhereCond = "ASYS_PERMISSIONSET.FIELD_ID = '" + field + "'";
}
if (permSetId != "") {
@@ -24,8 +26,16 @@ if (permSetId != "") {
if (cond == "" || cond == emptyCond) {
rootPermId = PermissionUtil.getPermissionWithoutCond(permSetId);
} else { // conditional permission
- let sqlStr = "select ASYS_PERMISSIONID from ASYS_PERMISSION join ASYS_PERMISSIONSET on ASYS_PERMISSIONSET.ASYS_PERMISSIONSETID = ASYS_PERMISSION.ASYS_PERMISSIONSET_ID where cast(ASYS_PERMISSION.COND as varchar(" + cond.length + ")) = '" + cond + "'" + fieldWhereCond + " and ASYS_PERMISSIONSET.ROLE_ID='" + role + "' and ASYS_PERMISSIONSET.ENTITY_ID='" + entity + "'";
- rootPermId = db.cell(sqlStr, alias);
+ var sqlHelper = new SqlMaskingUtils(alias);
+
+ rootPermId = newSelect("ASYS_PERMISSIONID", alias)
+ .from("ASYS_PERMISSION")
+ .join("ASYS_PERMISSIONSET", "ASYS_PERMISSIONSET.ASYS_PERMISSIONSETID = ASYS_PERMISSION.ASYS_PERMISSIONSET_ID")
+ .where("ASYS_PERMISSION.COND", cond, sqlHelper.cast("#", SQLTYPES.VARCHAR, cond.length) + " = ?")
+ .and(fieldWhereCond)
+ .and("ASYS_PERMISSIONSET.ROLE_ID", roleName)
+ .and("ASYS_PERMISSIONSET.ENTITY_ID", entity)
+ .cell();
}
// return valid permId
diff --git a/entity/PermissionOverview_entity/recordcontainers/jdito/contentProcess.js b/entity/PermissionOverview_entity/recordcontainers/jdito/contentProcess.js
index def0c1cc3c3e31886fcfadb14db53f5ab1a37051..c99614f12f2d1f5c9ab7a3323041a6fa425d209d 100644
--- a/entity/PermissionOverview_entity/recordcontainers/jdito/contentProcess.js
+++ b/entity/PermissionOverview_entity/recordcontainers/jdito/contentProcess.js
@@ -6,8 +6,8 @@ import("system.db");
import("Permission_lib");
var res = [];
-var roleTitle = "";
-var entityTitle = "";
+var roleName = "";
+var entityName = "";
var sqlCond = "";
var sqlStr = "";
let alias = SqlUtils.getSystemAlias();
@@ -23,41 +23,50 @@ for each (let entityMetaData in entitiesMetaData) {
}
}
-var sqlCondEntityUsePermFlagSet = " and ENTITY_ID in ('" + entitiesUsePermFlagSet.join("','") + "')";
+var rolesOrEntitiesSelect = new SqlBuilder(alias).where();
+var rolesOrEntities = [];
if (vars.exists("$param.RoleTitle_param") && vars.get("$param.RoleTitle_param")) {
- roleTitle = vars.getString("$param.RoleTitle_param");
- if (roleTitle == roleInternalEveryone) {
+ roleName = vars.getString("$param.RoleTitle_param");
+ if (roleName == roleInternalEveryone) {
var counter = 0;
for each (let entityUsePermFlagSet in entitiesUsePermFlagSet) {
- if (PermissionUtil.getNumberOfPermissions(entityUsePermFlagSet, roleTitle) == 0) {
+ if (PermissionUtil.getNumberOfPermissions(entityUsePermFlagSet, roleName) == 0) {
// no permissions for INTERNAL_EVERYONE found -> display X's for all actions
res.push(["NOREALPERMINDB" + counter++, entityUsePermFlagSet, "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE"]);
}
}
}
- sqlCond = " where ROLE_ID = '" + roleTitle + "'";
- sqlStr = "select distinct ENTITY_ID from ASYS_PERMISSIONSET" + sqlCond + sqlCondEntityUsePermFlagSet;
+ rolesOrEntitiesSelect.select("distinct ASYS_PERMISSIONSET.ENTITY_ID")
+ .from("ASYS_PERMISSIONSET")
+ .and("ASYS_PERMISSIONSET.ROLE_ID", roleName);
} else if (vars.exists("$param.EntityTitle_param") && vars.get("$param.EntityTitle_param")) {
- entityTitle = vars.getString("$param.EntityTitle_param");
- if (PermissionUtil.getNumberOfPermissions(entityTitle, roleInternalEveryone) == 0) {
+ entityName = vars.getString("$param.EntityTitle_param");
+ if (PermissionUtil.getNumberOfPermissions(entityName, roleInternalEveryone) == 0) {
// no permissions for INTERNAL_EVERYONE found -> display X's for all actions
res.push(["NOREALPERMINDB", roleInternalEveryone, "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE"]);
}
- sqlCond = " where ENTITY_ID = '" + entityTitle + "'";
- sqlStr = "select distinct ROLE_ID from ASYS_PERMISSIONSET" + sqlCond + sqlCondEntityUsePermFlagSet;
+ rolesOrEntitiesSelect.select("distinct ASYS_PERMISSIONSET.ROLE_ID")
+ .from("ASYS_PERMISSIONSET")
+ .and("ASYS_PERMISSIONSET.ENTITY_ID", entityName);
}
-var rolesOrEntities = db.array(db.COLUMN, sqlStr);
+rolesOrEntities = rolesOrEntitiesSelect
+ .and("ASYS_PERMISSIONSET.ENTITY_ID", entitiesUsePermFlagSet, SqlBuilder.IN())
+ .arrayColumn();
+
var entityPermSetId = "";
for each (var entry in rolesOrEntities) { // entry contains either a role or an entity, depending on which param exists
if (vars.exists("$param.RoleTitle_param") && vars.get("$param.RoleTitle_param")) {
- entityPermSetId = PermissionUtil.getSetRoot(roleTitle, entry);
+ entityPermSetId = PermissionUtil.getSetRoot(roleName, entry);
} else if (vars.exists("$param.EntityTitle_param") && vars.get("$param.EntityTitle_param")) {
- entityPermSetId = PermissionUtil.getSetRoot(entry, entityTitle);
+ entityPermSetId = PermissionUtil.getSetRoot(entry, entityName);
}
- var recordPermSetId = db.array(db.COLUMN, SqlCondition.begin().and("ASYS_PERMISSIONSET_ID = '" + entityPermSetId + "'").and("ACCESSTYPE = 'R'")
- .buildSql("select ASYS_PERMISSIONSETID from ASYS_PERMISSIONSET"), alias);
+ var recordPermSetId = newSelect("ASYS_PERMISSIONSET.ASYS_PERMISSIONSETID", alias)
+ .from("ASYS_PERMISSIONSET")
+ .where("ASYS_PERMISSIONSET.ASYS_PERMISSIONSET_ID", entityPermSetId)
+ .and("ASYS_PERMISSIONSET.ACCESSTYPE", 'R')
+ .arrayColumn();
var currOverview = [entityPermSetId, entry, "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE"];
// default entity permissions