From b3cdacf0408a38c5610b4feaee14178532517e8f Mon Sep 17 00:00:00 2001
From: Simon Leipold <s.leipold@adito.de>
Date: Fri, 22 Nov 2019 16:04:10 +0100
Subject: [PATCH] =?UTF-8?q?#1047712=20PermissionDetail=20-=20TreeTable=20f?=
=?UTF-8?q?ehlerhafte=20Anzeige=20von=20Datens=C3=A4tzen=20-=20refactor=20?=
=?UTF-8?q?sql?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../permissionid_param/valueProcess.js | 22 +++++++---
.../recordcontainers/jdito/contentProcess.js | 43 +++++++++++--------
2 files changed, 42 insertions(+), 23 deletions(-)
diff --git a/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js b/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
index db4185a1cc..74184cabbc 100644
--- a/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
+++ b/entity/PermissionDetail_entity/entityfields/permissionactions/children/permissionid_param/valueProcess.js
@@ -1,3 +1,4 @@
+import("system.SQLTYPES");
import("Sql_lib");
import("system.db");
import("system.vars");
@@ -7,16 +8,17 @@ import("Permission_lib");
var alias = SqlUtils.getSystemAlias();
var rootPermId = "";
var entity = vars.get("$field.ENTITY");
-var role = vars.get("$field.ROLE");
+var roleTitle = vars.get("$field.ROLE");
+var roleName = PermissionUtil.resolveRoleTitle(roleTitle);
var cond = vars.get("$field.CONDITION");
var field = vars.get("$field.FIELD");
var accesstype = vars.get("$field.ACCESSTYPE");
var emptyCond = PermissionUtil.getEmptyCondString(entity);
-var permSetId = PermissionUtil.getSet(role, entity, accesstype, field);
-var fieldWhereCond = " and ASYS_PERMISSIONSET.FIELD_ID is null"
+var permSetId = PermissionUtil.getSet(roleName, entity, accesstype, field);
+var fieldWhereCond = "ASYS_PERMISSIONSET.FIELD_ID is null";
if (field != "") {
- fieldWhereCond = " and ASYS_PERMISSIONSET.FIELD_ID = '" + field + "'"
+ fieldWhereCond = "ASYS_PERMISSIONSET.FIELD_ID = '" + field + "'";
}
if (permSetId != "") {
@@ -24,8 +26,16 @@ if (permSetId != "") {
if (cond == "" || cond == emptyCond) {
rootPermId = PermissionUtil.getPermissionWithoutCond(permSetId);
} else { // conditional permission
- let sqlStr = "select ASYS_PERMISSIONID from ASYS_PERMISSION join ASYS_PERMISSIONSET on ASYS_PERMISSIONSET.ASYS_PERMISSIONSETID = ASYS_PERMISSION.ASYS_PERMISSIONSET_ID where cast(ASYS_PERMISSION.COND as varchar(" + cond.length + ")) = '" + cond + "'" + fieldWhereCond + " and ASYS_PERMISSIONSET.ROLE_ID='" + role + "' and ASYS_PERMISSIONSET.ENTITY_ID='" + entity + "'";
- rootPermId = db.cell(sqlStr, alias);
+ var sqlHelper = new SqlMaskingUtils(alias);
+
+ rootPermId = newSelect("ASYS_PERMISSIONID", alias)
+ .from("ASYS_PERMISSION")
+ .join("ASYS_PERMISSIONSET", "ASYS_PERMISSIONSET.ASYS_PERMISSIONSETID = ASYS_PERMISSION.ASYS_PERMISSIONSET_ID")
+ .where("ASYS_PERMISSION.COND", cond, sqlHelper.cast("#", SQLTYPES.VARCHAR, cond.length) + " = ?")
+ .and(fieldWhereCond)
+ .and("ASYS_PERMISSIONSET.ROLE_ID", roleName)
+ .and("ASYS_PERMISSIONSET.ENTITY_ID", entity)
+ .cell();
}
// return valid permId
diff --git a/entity/PermissionOverview_entity/recordcontainers/jdito/contentProcess.js b/entity/PermissionOverview_entity/recordcontainers/jdito/contentProcess.js
index def0c1cc3c..c99614f12f 100644
--- a/entity/PermissionOverview_entity/recordcontainers/jdito/contentProcess.js
+++ b/entity/PermissionOverview_entity/recordcontainers/jdito/contentProcess.js
@@ -6,8 +6,8 @@ import("system.db");
import("Permission_lib");
var res = [];
-var roleTitle = "";
-var entityTitle = "";
+var roleName = "";
+var entityName = "";
var sqlCond = "";
var sqlStr = "";
let alias = SqlUtils.getSystemAlias();
@@ -23,41 +23,50 @@ for each (let entityMetaData in entitiesMetaData) {
}
}
-var sqlCondEntityUsePermFlagSet = " and ENTITY_ID in ('" + entitiesUsePermFlagSet.join("','") + "')";
+var rolesOrEntitiesSelect = new SqlBuilder(alias).where();
+var rolesOrEntities = [];
if (vars.exists("$param.RoleTitle_param") && vars.get("$param.RoleTitle_param")) {
- roleTitle = vars.getString("$param.RoleTitle_param");
- if (roleTitle == roleInternalEveryone) {
+ roleName = vars.getString("$param.RoleTitle_param");
+ if (roleName == roleInternalEveryone) {
var counter = 0;
for each (let entityUsePermFlagSet in entitiesUsePermFlagSet) {
- if (PermissionUtil.getNumberOfPermissions(entityUsePermFlagSet, roleTitle) == 0) {
+ if (PermissionUtil.getNumberOfPermissions(entityUsePermFlagSet, roleName) == 0) {
// no permissions for INTERNAL_EVERYONE found -> display X's for all actions
res.push(["NOREALPERMINDB" + counter++, entityUsePermFlagSet, "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE"]);
}
}
}
- sqlCond = " where ROLE_ID = '" + roleTitle + "'";
- sqlStr = "select distinct ENTITY_ID from ASYS_PERMISSIONSET" + sqlCond + sqlCondEntityUsePermFlagSet;
+ rolesOrEntitiesSelect.select("distinct ASYS_PERMISSIONSET.ENTITY_ID")
+ .from("ASYS_PERMISSIONSET")
+ .and("ASYS_PERMISSIONSET.ROLE_ID", roleName);
} else if (vars.exists("$param.EntityTitle_param") && vars.get("$param.EntityTitle_param")) {
- entityTitle = vars.getString("$param.EntityTitle_param");
- if (PermissionUtil.getNumberOfPermissions(entityTitle, roleInternalEveryone) == 0) {
+ entityName = vars.getString("$param.EntityTitle_param");
+ if (PermissionUtil.getNumberOfPermissions(entityName, roleInternalEveryone) == 0) {
// no permissions for INTERNAL_EVERYONE found -> display X's for all actions
res.push(["NOREALPERMINDB", roleInternalEveryone, "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE"]);
}
- sqlCond = " where ENTITY_ID = '" + entityTitle + "'";
- sqlStr = "select distinct ROLE_ID from ASYS_PERMISSIONSET" + sqlCond + sqlCondEntityUsePermFlagSet;
+ rolesOrEntitiesSelect.select("distinct ASYS_PERMISSIONSET.ROLE_ID")
+ .from("ASYS_PERMISSIONSET")
+ .and("ASYS_PERMISSIONSET.ENTITY_ID", entityName);
}
-var rolesOrEntities = db.array(db.COLUMN, sqlStr);
+rolesOrEntities = rolesOrEntitiesSelect
+ .and("ASYS_PERMISSIONSET.ENTITY_ID", entitiesUsePermFlagSet, SqlBuilder.IN())
+ .arrayColumn();
+
var entityPermSetId = "";
for each (var entry in rolesOrEntities) { // entry contains either a role or an entity, depending on which param exists
if (vars.exists("$param.RoleTitle_param") && vars.get("$param.RoleTitle_param")) {
- entityPermSetId = PermissionUtil.getSetRoot(roleTitle, entry);
+ entityPermSetId = PermissionUtil.getSetRoot(roleName, entry);
} else if (vars.exists("$param.EntityTitle_param") && vars.get("$param.EntityTitle_param")) {
- entityPermSetId = PermissionUtil.getSetRoot(entry, entityTitle);
+ entityPermSetId = PermissionUtil.getSetRoot(entry, entityName);
}
- var recordPermSetId = db.array(db.COLUMN, SqlCondition.begin().and("ASYS_PERMISSIONSET_ID = '" + entityPermSetId + "'").and("ACCESSTYPE = 'R'")
- .buildSql("select ASYS_PERMISSIONSETID from ASYS_PERMISSIONSET"), alias);
+ var recordPermSetId = newSelect("ASYS_PERMISSIONSET.ASYS_PERMISSIONSETID", alias)
+ .from("ASYS_PERMISSIONSET")
+ .where("ASYS_PERMISSIONSET.ASYS_PERMISSIONSET_ID", entityPermSetId)
+ .and("ASYS_PERMISSIONSET.ACCESSTYPE", 'R')
+ .arrayColumn();
var currOverview = [entityPermSetId, entry, "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE", "VAADIN:CLOSE"];
// default entity permissions
--
GitLab