Search in sources :

Example 71 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class ServiceUtil method resetJob.

public static Map<String, Object> resetJob(DispatchContext dctx, Map<String, Object> context) {
    Delegator delegator = dctx.getDelegator();
    Security security = dctx.getSecurity();
    GenericValue userLogin = (GenericValue) context.get("userLogin");
    Locale locale = getLocale(context);
    if (!security.hasPermission("SERVICE_INVOKE_ANY", userLogin)) {
        String errMsg = UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.no_permission_to_run", locale) + ".";
        return ServiceUtil.returnError(errMsg);
    }
    String jobId = (String) context.get("jobId");
    GenericValue job;
    try {
        job = EntityQuery.use(delegator).from("JobSandbox").where("jobId", jobId).cache().queryOne();
    } catch (GenericEntityException e) {
        Debug.logError(e, module);
        return ServiceUtil.returnError(e.getMessage());
    }
    // update the job
    if (job != null) {
        job.set("statusId", "SERVICE_PENDING");
        job.set("startDateTime", null);
        job.set("finishDateTime", null);
        job.set("cancelDateTime", null);
        job.set("runByInstanceId", null);
        // save the job
        try {
            job.store();
        } catch (GenericEntityException e) {
            Debug.logError(e, module);
            return ServiceUtil.returnError(e.getMessage());
        }
    }
    return ServiceUtil.returnSuccess();
}
Also used : Locale(java.util.Locale) GenericValue(org.apache.ofbiz.entity.GenericValue) Delegator(org.apache.ofbiz.entity.Delegator) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) Security(org.apache.ofbiz.security.Security)

Example 72 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class ServiceUtil method cancelJobRetries.

public static Map<String, Object> cancelJobRetries(DispatchContext dctx, Map<String, ? extends Object> context) {
    Delegator delegator = dctx.getDelegator();
    Security security = dctx.getSecurity();
    GenericValue userLogin = (GenericValue) context.get("userLogin");
    Locale locale = getLocale(context);
    if (!security.hasPermission("SERVICE_INVOKE_ANY", userLogin)) {
        String errMsg = UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.no_permission_to_run", locale) + ".";
        return ServiceUtil.returnError(errMsg);
    }
    String jobId = (String) context.get("jobId");
    Map<String, Object> fields = UtilMisc.<String, Object>toMap("jobId", jobId);
    GenericValue job = null;
    try {
        job = EntityQuery.use(delegator).from("JobSandbox").where("jobId", jobId).queryOne();
        if (job != null) {
            job.set("maxRetry", Long.valueOf(0));
            job.store();
        }
    } catch (GenericEntityException e) {
        Debug.logError(e, module);
        String errMsg = UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.unable_to_cancel_job_retries", locale) + " : " + fields;
        return ServiceUtil.returnError(errMsg);
    }
    if (job != null) {
        return ServiceUtil.returnSuccess();
    }
    String errMsg = UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.unable_to_cancel_job_retries", locale) + " : " + null;
    return ServiceUtil.returnError(errMsg);
}
Also used : Locale(java.util.Locale) GenericValue(org.apache.ofbiz.entity.GenericValue) Delegator(org.apache.ofbiz.entity.Delegator) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) Security(org.apache.ofbiz.security.Security)

Example 73 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class ModelPermission method evalPermission.

public boolean evalPermission(DispatchContext dctx, Map<String, ? extends Object> context) {
    GenericValue userLogin = (GenericValue) context.get("userLogin");
    Security security = dctx.getSecurity();
    if (userLogin == null) {
        Debug.logInfo("Secure service requested with no userLogin object", module);
        return false;
    }
    switch(permissionType) {
        case PERMISSION:
            return evalSimplePermission(security, userLogin);
        case ENTITY_PERMISSION:
            return evalEntityPermission(security, userLogin);
        case PERMISSION_SERVICE:
            return evalPermissionService(serviceModel, dctx, context);
        default:
            Debug.logWarning("Invalid permission type [" + permissionType + "] for permission named : " + nameOrRole + " on service : " + serviceModel.name, module);
            return false;
    }
}
Also used : GenericValue(org.apache.ofbiz.entity.GenericValue) Security(org.apache.ofbiz.security.Security)

Example 74 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class CheckPermission method exec.

@Override
public boolean exec(MethodContext methodContext) throws MiniLangException {
    boolean hasPermission = false;
    GenericValue userLogin = methodContext.getUserLogin();
    if (userLogin != null) {
        Security security = methodContext.getSecurity();
        hasPermission = this.primaryPermissionInfo.hasPermission(methodContext, userLogin, security);
        if (!hasPermission && altPermissionInfoList != null) {
            for (PermissionInfo altPermInfo : altPermissionInfoList) {
                if (altPermInfo.hasPermission(methodContext, userLogin, security)) {
                    hasPermission = true;
                    break;
                }
            }
        }
    }
    if (!hasPermission && messageElement != null) {
        List<String> messages = errorListFma.get(methodContext.getEnvMap());
        if (messages == null) {
            messages = new LinkedList<String>();
            errorListFma.put(methodContext.getEnvMap(), messages);
        }
        messages.add(messageElement.getMessage(methodContext));
    }
    return true;
}
Also used : GenericValue(org.apache.ofbiz.entity.GenericValue) Security(org.apache.ofbiz.security.Security)

Example 75 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class GenericWebEvent method updateGeneric.

/**
 * An HTTP WebEvent handler that updates a Generic entity
 *
 * @param request The HTTP request object for the current JSP or Servlet request.
 * @param response The HTTP response object for the current JSP or Servlet request.
 * @return Returns a String specifying the outcome state of the event. This is used to decide which event
 * to run next or which view to display. If null no event is run nor view displayed, allowing the event to
 * call a forward on a RequestDispatcher.
 */
public static String updateGeneric(HttpServletRequest request, HttpServletResponse response) {
    String entityName = request.getParameter("entityName");
    Locale locale = UtilHttp.getLocale(request);
    if (UtilValidate.isEmpty(entityName)) {
        String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.entity_name_not_specified", locale) + ".";
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
        Debug.logWarning("[GenericWebEvent.updateGeneric] The entityName was not specified, but is required.", module);
        return "error";
    }
    Security security = (Security) request.getAttribute("security");
    Delegator delegator = (Delegator) request.getAttribute("delegator");
    if (security == null) {
        String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.security_object_not_found", locale) + ".";
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
        Debug.logWarning("[updateGeneric] The security object was not found in the request, please check the control servlet init.", module);
        return "error";
    }
    if (delegator == null) {
        String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.delegator_object_not_found", locale) + ".";
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
        Debug.logWarning("[updateGeneric] The delegator object was not found in the request, please check the control servlet init.", module);
        return "error";
    }
    ModelReader reader = delegator.getModelReader();
    ModelEntity entity = null;
    try {
        entity = reader.getModelEntity(entityName);
    } catch (GenericEntityException e) {
        Debug.logError(e, module);
    }
    String updateMode = request.getParameter("UPDATE_MODE");
    if (UtilValidate.isEmpty(updateMode)) {
        String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.update_mode_not_specified", locale) + ".";
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
        Debug.logWarning("[updateGeneric] Update Mode was not specified, but is required; entityName: " + entityName, module);
        return "error";
    }
    // check permissions before moving on...
    if (!security.hasEntityPermission("ENTITY_DATA", "_" + updateMode, request.getSession()) && !security.hasEntityPermission(entity.getPlainTableName(), "_" + updateMode, request.getSession())) {
        Map<String, String> messageMap = UtilMisc.toMap("updateMode", updateMode, "entityName", entity.getEntityName(), "entityPlainTableName", entity.getPlainTableName());
        String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.not_sufficient_permissions_01", messageMap, locale);
        errMsg += UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.not_sufficient_permissions_02", messageMap, locale) + ".";
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
        // not really successful, but error return through ERROR_MESSAGE, so quietly fail
        return "error";
    }
    GenericValue findByEntity = delegator.makeValue(entityName);
    // get the primary key parameters...
    String errMsgPk = "";
    Iterator<ModelField> pksIter = entity.getPksIterator();
    while (pksIter.hasNext()) {
        String errMsg = "";
        ModelField field = pksIter.next();
        ModelFieldType type = null;
        try {
            type = delegator.getEntityFieldType(entity, field.getType());
        } catch (GenericEntityException e) {
            Debug.logWarning(e, module);
            Map<String, String> messageMap = UtilMisc.toMap("fieldType", field.getType());
            errMsg += UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.fatal_error_param", messageMap, locale) + ".";
        }
        String fval = request.getParameter(field.getName());
        if (UtilValidate.isNotEmpty(fval)) {
            try {
                findByEntity.setString(field.getName(), fval);
            } catch (Exception e) {
                Map<String, String> messageMap = UtilMisc.toMap("fval", fval);
                errMsg = errMsg + "<li>" + field.getColName() + UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.conversion_failed", messageMap, locale) + type.getJavaType() + ".";
                Debug.logWarning("[updateGeneric] " + field.getColName() + " conversion failed: \"" + fval + "\" is not a valid " + type.getJavaType() + "; entityName: " + entityName, module);
            }
        }
    }
    if (errMsgPk.length() > 0) {
        request.setAttribute("_ERROR_MESSAGE_", errMsgPk);
        return "error";
    }
    // if this is a delete, do that before getting all of the non-pk parameters and validating them
    if ("DELETE".equals(updateMode)) {
        // Delete actual main entity last, just in case database is set up to do a cascading delete, caches won't get cleared
        try {
            delegator.removeByPrimaryKey(findByEntity.getPrimaryKey());
        } catch (GenericEntityException e) {
            String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.delete_failed", locale) + ": " + e.toString();
            Debug.logWarning(e, errMsg, module);
            request.setAttribute("_ERROR_MESSAGE_", errMsg);
            return "error";
        }
        return "success";
    }
    // get the non-primary key parameters
    String errMsgNonPk = "";
    Iterator<ModelField> nopksIter = entity.getNopksIterator();
    while (nopksIter.hasNext()) {
        ModelField field = nopksIter.next();
        ModelFieldType type = null;
        try {
            type = delegator.getEntityFieldType(entity, field.getType());
        } catch (GenericEntityException e) {
            Debug.logWarning(e, module);
            Map<String, String> messageMap = UtilMisc.toMap("fieldType", field.getType());
            errMsgNonPk += UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.fatal_error_param", messageMap, locale) + ".";
        }
        String fval = request.getParameter(field.getName());
        if (UtilValidate.isNotEmpty(fval)) {
            try {
                findByEntity.setString(field.getName(), fval);
            } catch (Exception e) {
                Map<String, String> messageMap = UtilMisc.toMap("fval", fval);
                errMsgNonPk += field.getColName() + UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.conversion_failed", messageMap, locale) + type.getJavaType() + ".";
                Debug.logWarning("[updateGeneric] " + field.getColName() + " conversion failed: \"" + fval + "\" is not a valid " + type.getJavaType() + "; entityName: " + entityName, module);
            }
        } else {
            findByEntity.set(field.getName(), null);
        }
    }
    if (errMsgNonPk.length() > 0) {
        request.setAttribute("_ERROR_MESSAGE_", errMsgNonPk);
        return "error";
    }
    // if the updateMode is CREATE, check to see if an entity with the specified primary key already exists
    if ("CREATE".equals(updateMode)) {
        GenericValue tempEntity = null;
        try {
            tempEntity = EntityQuery.use(delegator).from(findByEntity.getEntityName()).where(findByEntity.getPrimaryKey()).queryOne();
        } catch (GenericEntityException e) {
            String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.create_failed_by_check", locale) + ": " + e.toString();
            Debug.logWarning(e, errMsg, module);
            request.setAttribute("_ERROR_MESSAGE_", errMsg);
            return "error";
        }
        if (tempEntity != null) {
            Map<String, String> messageMap = UtilMisc.toMap("primaryKey", findByEntity.getPrimaryKey().toString());
            String errMsg = "[updateGeneric] " + entity.getEntityName() + UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.already_exists_pk", messageMap, locale) + ".";
            Debug.logWarning(errMsg, module);
        }
    }
    // Validate parameters...
    String errMsgParam = "";
    Iterator<ModelField> fieldIter = entity.getFieldsIterator();
    while (fieldIter.hasNext()) {
        ModelField field = fieldIter.next();
        for (String curValidate : field.getValidators()) {
            Class<?>[] paramTypes = new Class[] { String.class };
            Object[] params = new Object[] { findByEntity.get(field.getName()).toString() };
            String className = "org.apache.ofbiz.base.util.UtilValidate";
            String methodName = curValidate;
            if (curValidate.indexOf('.') > 0) {
                className = curValidate.substring(0, curValidate.lastIndexOf('.'));
                methodName = curValidate.substring(curValidate.lastIndexOf('.') + 1);
            }
            Class<?> valClass;
            try {
                ClassLoader loader = Thread.currentThread().getContextClassLoader();
                valClass = loader.loadClass(className);
            } catch (ClassNotFoundException cnfe) {
                Debug.logError("[updateGeneric] Could not find validation class: " + className + "; ignoring.", module);
                continue;
            }
            Method valMethod;
            try {
                valMethod = valClass.getMethod(methodName, paramTypes);
            } catch (NoSuchMethodException cnfe) {
                Debug.logError("[updateGeneric] Could not find validation method: " + methodName + " of class " + className + "; ignoring.", module);
                continue;
            }
            Boolean resultBool;
            try {
                resultBool = (Boolean) valMethod.invoke(null, params);
            } catch (Exception e) {
                Debug.logError("[updateGeneric] Could not access validation method: " + methodName + " of class " + className + "; returning true.", module);
                resultBool = Boolean.TRUE;
            }
            if (!resultBool.booleanValue()) {
                Field msgField;
                String message;
                try {
                    msgField = valClass.getField(curValidate + "Msg");
                    message = (String) msgField.get(null);
                } catch (Exception e) {
                    Debug.logError("[updateGeneric] Could not find validation message field: " + curValidate + "Msg of class " + className + "; returning generic validation failure message.", module);
                    message = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.validation_failed", locale) + ".";
                }
                errMsgParam += field.getColName() + " " + curValidate + " " + UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.failed", locale) + ": " + message;
                Debug.logWarning("[updateGeneric] " + field.getColName() + " " + curValidate + " failed: " + message, module);
            }
        }
    }
    if (errMsgParam.length() > 0) {
        errMsgParam = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.following_error_occurred", locale) + errMsgParam;
        request.setAttribute("_ERROR_MESSAGE_", errMsgParam);
        return "error";
    }
    if ("CREATE".equals(updateMode)) {
        try {
            delegator.create(findByEntity.getEntityName(), findByEntity.getAllFields());
        } catch (GenericEntityException e) {
            Map<String, String> messageMap = UtilMisc.toMap("entityName", entity.getEntityName());
            String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.creation_param_failed", messageMap, locale) + ": " + findByEntity.toString() + ": " + e.toString();
            Debug.logWarning(e, errMsg, module);
            request.setAttribute("_ERROR_MESSAGE_", errMsg);
            return "error";
        }
    } else if ("UPDATE".equals(updateMode)) {
        GenericValue value = delegator.makeValue(findByEntity.getEntityName(), findByEntity.getAllFields());
        try {
            value.store();
        } catch (GenericEntityException e) {
            Map<String, String> messageMap = UtilMisc.toMap("entityName", entity.getEntityName());
            String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.update_of_param_failed", messageMap, locale) + ": " + value.toString() + ": " + e.toString();
            Debug.logWarning(e, errMsg, module);
            request.setAttribute("_ERROR_MESSAGE_", errMsg);
            return "error";
        }
    } else {
        Map<String, String> messageMap = UtilMisc.toMap("updateMode", updateMode);
        String errMsg = UtilProperties.getMessage(GenericWebEvent.err_resource, "genericWebEvent.update_of_param_failed", messageMap, locale) + ".";
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
        Debug.logWarning("updateGeneric: Update Mode specified (" + updateMode + ") was not valid for entity: " + findByEntity.toString(), module);
        return "error";
    }
    return "success";
}
Also used : Locale(java.util.Locale) Security(org.apache.ofbiz.security.Security) ModelField(org.apache.ofbiz.entity.model.ModelField) Field(java.lang.reflect.Field) ModelReader(org.apache.ofbiz.entity.model.ModelReader) ModelField(org.apache.ofbiz.entity.model.ModelField) ModelEntity(org.apache.ofbiz.entity.model.ModelEntity) GenericValue(org.apache.ofbiz.entity.GenericValue) Method(java.lang.reflect.Method) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) Delegator(org.apache.ofbiz.entity.Delegator) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) ModelFieldType(org.apache.ofbiz.entity.model.ModelFieldType) Map(java.util.Map)

Aggregations

Security (org.apache.ofbiz.security.Security)79 GenericValue (org.apache.ofbiz.entity.GenericValue)69 Delegator (org.apache.ofbiz.entity.Delegator)60 Locale (java.util.Locale)56 GenericEntityException (org.apache.ofbiz.entity.GenericEntityException)54 HashMap (java.util.HashMap)36 Timestamp (java.sql.Timestamp)27 LinkedList (java.util.LinkedList)27 LocalDispatcher (org.apache.ofbiz.service.LocalDispatcher)20 GenericServiceException (org.apache.ofbiz.service.GenericServiceException)18 Map (java.util.Map)12 HttpSession (javax.servlet.http.HttpSession)7 GeneralException (org.apache.ofbiz.base.util.GeneralException)7 BigDecimal (java.math.BigDecimal)6 List (java.util.List)5 IOException (java.io.IOException)4 ArrayList (java.util.ArrayList)4 Date (java.util.Date)4 GenericTransactionException (org.apache.ofbiz.entity.transaction.GenericTransactionException)4 File (java.io.File)3