1 16 17 18 41 package com.opensourcestrategies.crmsfa.security; 42 43 import java.util.Map ; 44 import java.util.List ; 45 import java.util.Iterator ; 46 import java.sql.Timestamp ; 47 48 import javolution.util.FastMap; 49 50 import org.ofbiz.base.util.Debug; 51 import org.ofbiz.base.util.UtilMisc; 52 import org.ofbiz.base.util.UtilDateTime; 53 import org.ofbiz.entity.GenericDelegator; 54 import org.ofbiz.entity.GenericEntityException; 55 import org.ofbiz.entity.GenericValue; 56 import org.ofbiz.entity.condition.EntityCondition; 57 import org.ofbiz.entity.condition.EntityConditionList; 58 import org.ofbiz.entity.condition.EntityExpr; 59 import org.ofbiz.entity.condition.EntityOperator; 60 import org.ofbiz.entity.util.EntityUtil; 61 import org.ofbiz.service.DispatchContext; 62 import org.ofbiz.service.GenericServiceException; 63 import org.ofbiz.service.LocalDispatcher; 64 import org.ofbiz.service.ServiceUtil; 65 import org.ofbiz.security.Security; 66 67 import com.opensourcestrategies.crmsfa.cases.UtilCase; 68 import com.opensourcestrategies.crmsfa.activities.UtilActivity; 69 import com.opensourcestrategies.crmsfa.opportunities.UtilOpportunity; 70 import com.opensourcestrategies.crmsfa.party.PartyHelper; 71 72 79 80 public class CrmsfaSecurity { 81 82 public static final String module = CrmsfaSecurity.class.getName(); 83 84 98 public static boolean hasPartyRelationSecurity(Security security, String securityModule, String securityOperation, 99 GenericValue userLogin, String partyIdFor) { 100 101 if ((userLogin == null) || (userLogin.getDelegator() == null)) { 102 Debug.logError("userLogin is null or has no associated delegator", module); 103 return false; 104 } 105 106 if (security.hasEntityPermission(securityModule, "_MANAGER", userLogin)) { 108 return true; 109 } 110 if (security.hasEntityPermission(securityModule, securityOperation, userLogin)) { 112 return true; 113 } 114 116 try { 117 GenericDelegator delegator = userLogin.getDelegator(); 119 120 String roleTypeIdFor = PartyHelper.getFirstValidRoleTypeId(partyIdFor, PartyHelper.CLIENT_PARTY_ROLES, delegator); 122 if (roleTypeIdFor == null) { 123 Debug.logError("Failed to check permission for partyId [" + partyIdFor 124 + "] because that party does not have a valid role. I.e., it is not an Account, Contact, Lead, etc.", module); 125 return false; 126 } 127 128 EntityCondition filterByDateCondition = EntityUtil.getFilterByDateExpr(); 131 EntityConditionList operationConditon = new EntityConditionList( 132 UtilMisc.toList(new EntityExpr("permissionId", EntityOperator.EQUALS, securityModule+"_MANAGER"), 133 new EntityExpr("permissionId", EntityOperator.EQUALS, securityModule+securityOperation)), 134 EntityOperator.OR); 135 EntityConditionList searchConditions = new EntityConditionList( 136 UtilMisc.toList(new EntityExpr("partyIdTo", EntityOperator.EQUALS, userLogin.getString("partyId")), 137 operationConditon, 138 filterByDateCondition), 139 EntityOperator.AND); 140 List permittedRelationships = delegator.findByCondition("PartyRelationshipAndPermission", searchConditions, null, null); 141 142 List directPermittedRelationships = EntityUtil.filterByAnd(permittedRelationships, UtilMisc.toMap("partyIdFrom", partyIdFor)); 144 if ((directPermittedRelationships != null) && (directPermittedRelationships.size() > 0)) { 145 if (Debug.verboseOn()) { 146 Debug.logVerbose(userLogin + " has direct permitted relationship for " + partyIdFor, module); 147 } 148 return true; 149 } 150 151 for (Iterator pRi = permittedRelationships.iterator(); pRi.hasNext(); ) { 155 GenericValue permittedRelationship = (GenericValue) pRi.next(); 156 EntityConditionList indirectConditions = new EntityConditionList( 157 UtilMisc.toList(new EntityExpr("partyIdFrom", EntityOperator.EQUALS, partyIdFor), 158 new EntityExpr("partyIdTo", EntityOperator.EQUALS, permittedRelationship.getString("partyIdFrom")), 159 filterByDateCondition), 160 EntityOperator.AND); 161 List indirectPermittedRelationships = delegator.findByCondition("PartyRelationship", indirectConditions, null, null); 162 if ((indirectPermittedRelationships != null) && (indirectPermittedRelationships.size() > 0)) { 163 if (Debug.verboseOn()) { 164 Debug.logVerbose(userLogin + " has indirect permitted relationship for " + partyIdFor, module); 165 } 166 return true; 167 } 168 } 169 170 } catch (GenericEntityException ex) { 171 Debug.logError("Unable to determine security from party relationship due to error " + ex.getMessage(), module); 172 return false; 173 } 174 175 Debug.logWarning("Checked UserLogin [" + userLogin + "] for permission to perform [" + securityModule + "] + [" + securityOperation + "] on partyId = [" + partyIdFor + "], but permission was denied", module); 176 return false; 177 } 178 179 183 public static boolean hasOpportunityPermission(Security security, String securityOperation, GenericValue userLogin, String salesOpportunityId) { 184 185 GenericDelegator delegator = userLogin.getDelegator(); 186 try { 187 GenericValue opportunity = delegator.findByPrimaryKeyCache("SalesOpportunity", UtilMisc.toMap("salesOpportunityId", salesOpportunityId)); 189 if (opportunity == null) { 190 return false; 191 } 192 193 if (!"_VIEW".equals(securityOperation) && "SOSTG_CLOSED".equals(opportunity.getString("opportunityStageId"))) { 195 return false; 196 } 197 198 List accounts = UtilOpportunity.getOpportunityAccountPartyIds(delegator, salesOpportunityId); 200 for (Iterator iter = accounts.iterator(); iter.hasNext(); ) { 201 if (!hasPartyRelationSecurity(security, "CRMSFA_OPP", securityOperation, userLogin, (String ) iter.next())) { 202 return false; 203 } 204 } 205 206 List leads = UtilOpportunity.getOpportunityLeadPartyIds(delegator, salesOpportunityId); 208 for (Iterator iter = leads.iterator(); iter.hasNext(); ) { 209 if (!hasPartyRelationSecurity(security, "CRMSFA_OPP", securityOperation, userLogin, (String ) iter.next())) { 210 return false; 211 } 212 } 213 214 List contacts = UtilOpportunity.getOpportunityContactPartyIds(delegator, salesOpportunityId); 216 for (Iterator iter = contacts.iterator(); iter.hasNext(); ) { 217 if (!hasPartyRelationSecurity(security, "CRMSFA_OPP", securityOperation, userLogin, (String ) iter.next())) { 218 return false; 219 } 220 } 221 } catch (GenericEntityException e) { 222 Debug.logError(e, "Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_OPP] + [" + securityOperation + "] on salesOpportunityId = [" + salesOpportunityId + "], but permission was denied due to exception: " + e.getMessage(), module); 223 return false; 224 } 225 226 return true; 228 } 229 230 234 public static boolean hasCasePermission(Security security, String securityOperation, GenericValue userLogin, String custRequestId) { 235 GenericDelegator delegator = userLogin.getDelegator(); 236 try { 237 GenericValue custRequest = delegator.findByPrimaryKeyCache("CustRequest", UtilMisc.toMap("custRequestId", custRequestId)); 239 if (custRequest == null) { 240 return false; 241 } 242 243 String statusId = custRequest.getString("statusId"); 245 if (!"_VIEW".equals(securityOperation) && UtilCase.caseIsInactive(custRequest)) { 246 return false; 247 } 248 249 List roles = UtilCase.getCaseAccountsAndContacts(delegator, custRequestId); 251 for (Iterator iter = roles.iterator(); iter.hasNext(); ) { 252 GenericValue role = (GenericValue) iter.next(); if (hasPartyRelationSecurity(security, "CRMSFA_CASE", securityOperation, userLogin, role.getString("partyId"))) { 254 return true; 255 } 256 } 257 } catch (GenericEntityException e) { 258 Debug.logError(e, "Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_CASE] + [" + securityOperation + "] on custRequestId = [" + custRequestId + "], but permission was denied due to exception: " + e.getMessage(), module); 259 } 260 return false; 261 } 262 263 273 public static boolean hasActivityPermission(Security security, String securityOperation, GenericValue userLogin, 274 String workEffortId, String internalPartyId, String salesOpportunityId, String custRequestId) { 275 276 if (!security.hasEntityPermission("CRMSFA_ACT", securityOperation, userLogin)) { 278 Debug.logWarning("Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_ACT] + [" + securityOperation + "] in general but permission was denied.", module); 279 return false; 280 } 281 282 GenericDelegator delegator = userLogin.getDelegator(); 283 try { 284 GenericValue workEffort = delegator.findByPrimaryKeyCache("WorkEffort", UtilMisc.toMap("workEffortId", workEffortId)); 286 if (workEffort == null) { 287 return false; 288 } 289 290 if (!"_VIEW".equals(securityOperation) && UtilActivity.activityIsInactive(workEffort)) { 292 return false; 293 } 294 295 if ((internalPartyId != null) && !internalPartyId.equals("")) { 297 298 String securityModule = getSecurityModuleOfInternalParty(internalPartyId, delegator); 300 if (securityModule == null) { 301 Debug.logWarning("Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_ACT] + [" + securityOperation + "] on workEffortId = [" + workEffortId + "] but permission was denied because internalPartyId=[" + internalPartyId + "] has an unknown roleTypeId", module); 302 return false; 303 } 304 305 if (!hasPartyRelationSecurity(security, securityModule, securityOperation, userLogin, internalPartyId)) { 307 return false; 308 } 309 } 310 311 if ((salesOpportunityId != null) && !salesOpportunityId.equals("")) { 313 if (!hasOpportunityPermission(security, securityOperation, userLogin, salesOpportunityId)) { 314 return false; 315 } 316 } 317 318 if ((custRequestId != null) && !custRequestId.equals("")) { 320 if (!hasCasePermission(security, securityOperation, userLogin, custRequestId)) { 321 return false; 322 } 323 } 324 } catch (GenericEntityException e) { 325 Debug.logError(e, "Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_ACT] + [" + securityOperation + "] on workEffortId = [" + workEffortId + "], internalPartyId=[" + internalPartyId + "], salesOpportunityId=[" + salesOpportunityId + "], custRequestId = [" + custRequestId + "], but permission was denied due to an exception: " + e.getMessage(), module); 326 return false; 327 } 328 329 return true; 331 } 332 333 338 public static boolean hasActivityPermission(Security security, String securityOperation, GenericValue userLogin, String workEffortId) { 339 if (!security.hasEntityPermission("CRMSFA_ACT", securityOperation, userLogin)) { 341 Debug.logWarning("Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_ACT] + [" + securityOperation + "] in general but permission was denied.", module); 342 return false; 343 } 344 345 GenericDelegator delegator = userLogin.getDelegator(); 346 try { 347 GenericValue workEffort = delegator.findByPrimaryKeyCache("WorkEffort", UtilMisc.toMap("workEffortId", workEffortId)); 349 if (workEffort == null) { 350 return false; 351 } 352 353 if (!"_VIEW".equals(securityOperation) && UtilActivity.activityIsInactive(workEffort)) { 355 return false; 356 } 357 358 List parties = UtilActivity.getActivityParties(delegator, workEffortId); 359 for (Iterator iter = parties.iterator(); iter.hasNext(); ) { 360 String internalPartyId = ((GenericValue) iter.next()).getString("partyId"); 361 String securityModule = getSecurityModuleOfInternalParty(internalPartyId, delegator); 362 if (!hasPartyRelationSecurity(security, securityModule, securityOperation, userLogin, internalPartyId)) { 363 return false; 364 } 365 } 366 } catch (GenericEntityException e) { 367 Debug.logError(e, "Checked UserLogin [" + userLogin + "] for permission to perform [CRMSFA_ACT] + [" + securityOperation + "] on all associations with workEffortId=[" + workEffortId + "] but permission was denied due to an exception: " + e.getMessage(), module); 368 return false; 369 } 370 371 return true; 373 374 } 375 376 380 public static String getSecurityModuleOfInternalParty(String partyId, GenericDelegator delegator) throws GenericEntityException { 381 String roleTypeId = PartyHelper.getFirstValidInternalPartyRoleTypeId(partyId, delegator); 382 if ("ACCOUNT".equals(roleTypeId)) return "CRMSFA_ACCOUNT"; 383 if ("CONTACT".equals(roleTypeId)) return "CRMSFA_CONTACT"; 384 if ("PROSPECT".equals(roleTypeId)) return "CRMSFA_LEAD"; 385 return null; 386 } 387 } 388 | Popular Tags |