use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class ServiceUtil method resetJob.
public static Map<String, Object> resetJob(DispatchContext dctx, Map<String, Object> context) {
Delegator delegator = dctx.getDelegator();
Security security = dctx.getSecurity();
GenericValue userLogin = (GenericValue) context.get("userLogin");
Locale locale = getLocale(context);
if (!security.hasPermission("SERVICE_INVOKE_ANY", userLogin)) {
String errMsg = UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.no_permission_to_run", locale) + ".";
return ServiceUtil.returnError(errMsg);
}
String jobId = (String) context.get("jobId");
GenericValue job;
try {
job = EntityQuery.use(delegator).from("JobSandbox").where("jobId", jobId).cache().queryOne();
} catch (GenericEntityException e) {
Debug.logError(e, module);
return ServiceUtil.returnError(e.getMessage());
}
// update the job
if (job != null) {
job.set("statusId", "SERVICE_PENDING");
job.set("startDateTime", null);
job.set("finishDateTime", null);
job.set("cancelDateTime", null);
job.set("runByInstanceId", null);
// save the job
try {
job.store();
} catch (GenericEntityException e) {
Debug.logError(e, module);
return ServiceUtil.returnError(e.getMessage());
}
}
return ServiceUtil.returnSuccess();
}
use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class ServiceUtil method cancelJobRetries.
public static Map<String, Object> cancelJobRetries(DispatchContext dctx, Map<String, ? extends Object> context) {
Delegator delegator = dctx.getDelegator();
Security security = dctx.getSecurity();
GenericValue userLogin = (GenericValue) context.get("userLogin");
Locale locale = getLocale(context);
if (!security.hasPermission("SERVICE_INVOKE_ANY", userLogin)) {
String errMsg = UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.no_permission_to_run", locale) + ".";
return ServiceUtil.returnError(errMsg);
}
String jobId = (String) context.get("jobId");
Map<String, Object> fields = UtilMisc.<String, Object>toMap("jobId", jobId);
GenericValue job = null;
try {
job = EntityQuery.use(delegator).from("JobSandbox").where("jobId", jobId).queryOne();
if (job != null) {
job.set("maxRetry", Long.valueOf(0));
job.store();
}
} catch (GenericEntityException e) {
Debug.logError(e, module);
String errMsg = UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.unable_to_cancel_job_retries", locale) + " : " + fields;
return ServiceUtil.returnError(errMsg);
}
if (job != null) {
return ServiceUtil.returnSuccess();
}
String errMsg = UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.unable_to_cancel_job_retries", locale) + " : " + null;
return ServiceUtil.returnError(errMsg);
}
use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class ModelPermission method evalPermission.
public boolean evalPermission(DispatchContext dctx, Map<String, ? extends Object> context) {
GenericValue userLogin = (GenericValue) context.get("userLogin");
Security security = dctx.getSecurity();
if (userLogin == null) {
Debug.logInfo("Secure service requested with no userLogin object", module);
return false;
}
switch(permissionType) {
case PERMISSION:
return evalSimplePermission(security, userLogin);
case ENTITY_PERMISSION:
return evalEntityPermission(security, userLogin);
case PERMISSION_SERVICE:
return evalPermissionService(serviceModel, dctx, context);
default:
Debug.logWarning("Invalid permission type [" + permissionType + "] for permission named : " + nameOrRole + " on service : " + serviceModel.name, module);
return false;
}
}
use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class CheckPermission method exec.
@Override
public boolean exec(MethodContext methodContext) throws MiniLangException {
boolean hasPermission = false;
GenericValue userLogin = methodContext.getUserLogin();
if (userLogin != null) {
Security security = methodContext.getSecurity();
hasPermission = this.primaryPermissionInfo.hasPermission(methodContext, userLogin, security);
if (!hasPermission && altPermissionInfoList != null) {
for (PermissionInfo altPermInfo : altPermissionInfoList) {
if (altPermInfo.hasPermission(methodContext, userLogin, security)) {
hasPermission = true;
break;
}
}
}
}
if (!hasPermission && messageElement != null) {
List<String> messages = errorListFma.get(methodContext.getEnvMap());
if (messages == null) {
messages = new LinkedList<String>();
errorListFma.put(methodContext.getEnvMap(), messages);
}
messages.add(messageElement.getMessage(methodContext));
}
return true;
}
use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class GenericWebEvent method updateGeneric.
/**
* An HTTP WebEvent handler that updates a Generic entity
*
* @param request The HTTP request object for the current JSP or Servlet request.
* @param response The HTTP response object for the current JSP or Servlet request.
* @return Returns a String specifying the outcome state of the event. This is used to decide which event
* to run next or which view to display. If null no event is run nor view displayed, allowing the event to
* call a forward on a RequestDispatcher.
*/
public static String updateGeneric(HttpServletRequest request, HttpServletResponse response) {
String entityName = request.getParameter("entityName");
Locale locale = UtilHttp.getLocale(request);
if (UtilValidate.isEmpty(entityName)) {
String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.entity_name_not_specified", locale) + ".";
request.setAttribute("_ERROR_MESSAGE_", errMsg);
Debug.logWarning("[GenericWebEvent.updateGeneric] The entityName was not specified, but is required.", module);
return "error";
}
Security security = (Security) request.getAttribute("security");
Delegator delegator = (Delegator) request.getAttribute("delegator");
if (security == null) {
String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.security_object_not_found", locale) + ".";
request.setAttribute("_ERROR_MESSAGE_", errMsg);
Debug.logWarning("[updateGeneric] The security object was not found in the request, please check the control servlet init.", module);
return "error";
}
if (delegator == null) {
String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.delegator_object_not_found", locale) + ".";
request.setAttribute("_ERROR_MESSAGE_", errMsg);
Debug.logWarning("[updateGeneric] The delegator object was not found in the request, please check the control servlet init.", module);
return "error";
}
ModelReader reader = delegator.getModelReader();
ModelEntity entity = null;
try {
entity = reader.getModelEntity(entityName);
} catch (GenericEntityException e) {
Debug.logError(e, module);
}
String updateMode = request.getParameter("UPDATE_MODE");
if (UtilValidate.isEmpty(updateMode)) {
String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.update_mode_not_specified", locale) + ".";
request.setAttribute("_ERROR_MESSAGE_", errMsg);
Debug.logWarning("[updateGeneric] Update Mode was not specified, but is required; entityName: " + entityName, module);
return "error";
}
// check permissions before moving on...
if (!security.hasEntityPermission("ENTITY_DATA", "_" + updateMode, request.getSession()) && !security.hasEntityPermission(entity.getPlainTableName(), "_" + updateMode, request.getSession())) {
Map<String, String> messageMap = UtilMisc.toMap("updateMode", updateMode, "entityName", entity.getEntityName(), "entityPlainTableName", entity.getPlainTableName());
String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.not_sufficient_permissions_01", messageMap, locale);
errMsg += UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.not_sufficient_permissions_02", messageMap, locale) + ".";
request.setAttribute("_ERROR_MESSAGE_", errMsg);
// not really successful, but error return through ERROR_MESSAGE, so quietly fail
return "error";
}
GenericValue findByEntity = delegator.makeValue(entityName);
// get the primary key parameters...
String errMsgPk = "";
Iterator<ModelField> pksIter = entity.getPksIterator();
while (pksIter.hasNext()) {
String errMsg = "";
ModelField field = pksIter.next();
ModelFieldType type = null;
try {
type = delegator.getEntityFieldType(entity, field.getType());
} catch (GenericEntityException e) {
Debug.logWarning(e, module);
Map<String, String> messageMap = UtilMisc.toMap("fieldType", field.getType());
errMsg += UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.fatal_error_param", messageMap, locale) + ".";
}
String fval = request.getParameter(field.getName());
if (UtilValidate.isNotEmpty(fval)) {
try {
findByEntity.setString(field.getName(), fval);
} catch (Exception e) {
Map<String, String> messageMap = UtilMisc.toMap("fval", fval);
errMsg = errMsg + "<li>" + field.getColName() + UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.conversion_failed", messageMap, locale) + type.getJavaType() + ".";
Debug.logWarning("[updateGeneric] " + field.getColName() + " conversion failed: \"" + fval + "\" is not a valid " + type.getJavaType() + "; entityName: " + entityName, module);
}
}
}
if (errMsgPk.length() > 0) {
request.setAttribute("_ERROR_MESSAGE_", errMsgPk);
return "error";
}
// if this is a delete, do that before getting all of the non-pk parameters and validating them
if ("DELETE".equals(updateMode)) {
// Delete actual main entity last, just in case database is set up to do a cascading delete, caches won't get cleared
try {
delegator.removeByPrimaryKey(findByEntity.getPrimaryKey());
} catch (GenericEntityException e) {
String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.delete_failed", locale) + ": " + e.toString();
Debug.logWarning(e, errMsg, module);
request.setAttribute("_ERROR_MESSAGE_", errMsg);
return "error";
}
return "success";
}
// get the non-primary key parameters
String errMsgNonPk = "";
Iterator<ModelField> nopksIter = entity.getNopksIterator();
while (nopksIter.hasNext()) {
ModelField field = nopksIter.next();
ModelFieldType type = null;
try {
type = delegator.getEntityFieldType(entity, field.getType());
} catch (GenericEntityException e) {
Debug.logWarning(e, module);
Map<String, String> messageMap = UtilMisc.toMap("fieldType", field.getType());
errMsgNonPk += UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.fatal_error_param", messageMap, locale) + ".";
}
String fval = request.getParameter(field.getName());
if (UtilValidate.isNotEmpty(fval)) {
try {
findByEntity.setString(field.getName(), fval);
} catch (Exception e) {
Map<String, String> messageMap = UtilMisc.toMap("fval", fval);
errMsgNonPk += field.getColName() + UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.conversion_failed", messageMap, locale) + type.getJavaType() + ".";
Debug.logWarning("[updateGeneric] " + field.getColName() + " conversion failed: \"" + fval + "\" is not a valid " + type.getJavaType() + "; entityName: " + entityName, module);
}
} else {
findByEntity.set(field.getName(), null);
}
}
if (errMsgNonPk.length() > 0) {
request.setAttribute("_ERROR_MESSAGE_", errMsgNonPk);
return "error";
}
// if the updateMode is CREATE, check to see if an entity with the specified primary key already exists
if ("CREATE".equals(updateMode)) {
GenericValue tempEntity = null;
try {
tempEntity = EntityQuery.use(delegator).from(findByEntity.getEntityName()).where(findByEntity.getPrimaryKey()).queryOne();
} catch (GenericEntityException e) {
String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.create_failed_by_check", locale) + ": " + e.toString();
Debug.logWarning(e, errMsg, module);
request.setAttribute("_ERROR_MESSAGE_", errMsg);
return "error";
}
if (tempEntity != null) {
Map<String, String> messageMap = UtilMisc.toMap("primaryKey", findByEntity.getPrimaryKey().toString());
String errMsg = "[updateGeneric] " + entity.getEntityName() + UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.already_exists_pk", messageMap, locale) + ".";
Debug.logWarning(errMsg, module);
}
}
// Validate parameters...
String errMsgParam = "";
Iterator<ModelField> fieldIter = entity.getFieldsIterator();
while (fieldIter.hasNext()) {
ModelField field = fieldIter.next();
for (String curValidate : field.getValidators()) {
Class<?>[] paramTypes = new Class[] { String.class };
Object[] params = new Object[] { findByEntity.get(field.getName()).toString() };
String className = "org.apache.ofbiz.base.util.UtilValidate";
String methodName = curValidate;
if (curValidate.indexOf('.') > 0) {
className = curValidate.substring(0, curValidate.lastIndexOf('.'));
methodName = curValidate.substring(curValidate.lastIndexOf('.') + 1);
}
Class<?> valClass;
try {
ClassLoader loader = Thread.currentThread().getContextClassLoader();
valClass = loader.loadClass(className);
} catch (ClassNotFoundException cnfe) {
Debug.logError("[updateGeneric] Could not find validation class: " + className + "; ignoring.", module);
continue;
}
Method valMethod;
try {
valMethod = valClass.getMethod(methodName, paramTypes);
} catch (NoSuchMethodException cnfe) {
Debug.logError("[updateGeneric] Could not find validation method: " + methodName + " of class " + className + "; ignoring.", module);
continue;
}
Boolean resultBool;
try {
resultBool = (Boolean) valMethod.invoke(null, params);
} catch (Exception e) {
Debug.logError("[updateGeneric] Could not access validation method: " + methodName + " of class " + className + "; returning true.", module);
resultBool = Boolean.TRUE;
}
if (!resultBool.booleanValue()) {
Field msgField;
String message;
try {
msgField = valClass.getField(curValidate + "Msg");
message = (String) msgField.get(null);
} catch (Exception e) {
Debug.logError("[updateGeneric] Could not find validation message field: " + curValidate + "Msg of class " + className + "; returning generic validation failure message.", module);
message = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.validation_failed", locale) + ".";
}
errMsgParam += field.getColName() + " " + curValidate + " " + UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.failed", locale) + ": " + message;
Debug.logWarning("[updateGeneric] " + field.getColName() + " " + curValidate + " failed: " + message, module);
}
}
}
if (errMsgParam.length() > 0) {
errMsgParam = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.following_error_occurred", locale) + errMsgParam;
request.setAttribute("_ERROR_MESSAGE_", errMsgParam);
return "error";
}
if ("CREATE".equals(updateMode)) {
try {
delegator.create(findByEntity.getEntityName(), findByEntity.getAllFields());
} catch (GenericEntityException e) {
Map<String, String> messageMap = UtilMisc.toMap("entityName", entity.getEntityName());
String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.creation_param_failed", messageMap, locale) + ": " + findByEntity.toString() + ": " + e.toString();
Debug.logWarning(e, errMsg, module);
request.setAttribute("_ERROR_MESSAGE_", errMsg);
return "error";
}
} else if ("UPDATE".equals(updateMode)) {
GenericValue value = delegator.makeValue(findByEntity.getEntityName(), findByEntity.getAllFields());
try {
value.store();
} catch (GenericEntityException e) {
Map<String, String> messageMap = UtilMisc.toMap("entityName", entity.getEntityName());
String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.update_of_param_failed", messageMap, locale) + ": " + value.toString() + ": " + e.toString();
Debug.logWarning(e, errMsg, module);
request.setAttribute("_ERROR_MESSAGE_", errMsg);
return "error";
}
} else {
Map<String, String> messageMap = UtilMisc.toMap("updateMode", updateMode);
String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.update_of_param_failed", messageMap, locale) + ".";
request.setAttribute("_ERROR_MESSAGE_", errMsg);
Debug.logWarning("updateGeneric: Update Mode specified (" + updateMode + ") was not valid for entity: " + findByEntity.toString(), module);
return "error";
}
return "success";
}
Aggregations