Class MRole

All Implemented Interfaces:
Serializable, Cloneable, Comparator<Object>, I_AD_Role, I_Persistent, Evaluatee, ImmutablePOSupport

public final class MRole extends X_AD_Role implements ImmutablePOSupport
Role Model.
Includes AD_User runtime info for Personal Access.
The class is final, so that you cannot overwrite the security rules.
Version:
$Id: MRole.java,v 1.5 2006/08/09 16:38:47 jjanke Exp $
Author:
Jorg Janke, Karsten Thiemann FR [ 1782412 ], Carlos Ruiz - globalqss - FR [ 1846929 ] - implement ASP
See Also:
  • Field Details

    • SQL_RW

      public static final boolean SQL_RW
      Access SQL Read Write
      See Also:
    • SQL_RO

      public static final boolean SQL_RO
      Access SQL Read Only
      See Also:
    • SQL_FULLYQUALIFIED

      public static final boolean SQL_FULLYQUALIFIED
      Access SQL Fully Qualified
      See Also:
    • SQL_NOTQUALIFIED

      public static final boolean SQL_NOTQUALIFIED
      Access SQL Not Fully Qualified
      See Also:
    • SUPERUSER_USER_ID

      public static final int SUPERUSER_USER_ID
      The AD_User_ID of the SuperUser
      See Also:
    • SYSTEM_USER_ID

      public static final int SYSTEM_USER_ID
      The AD_User_ID of the System Administrator
      See Also:
  • Constructor Details

    • MRole

      public MRole(Properties ctx, String AD_Role_UU, String trxName)
      UUID based Constructor
      Parameters:
      ctx - Context
      AD_Role_UU - UUID key
      trxName - Transaction
    • MRole

      public MRole(Properties ctx, int AD_Role_ID, String trxName)
      Standard Constructor.
        NOTE - This method must not be used when the role is being requested to manage permissions,
               in such case is necessary to use one of the get methods setting AD_User_ID.
        
      Parameters:
      ctx - context
      AD_Role_ID - id
      trxName - transaction
    • MRole

      public MRole(Properties ctx, ResultSet rs, String trxName)
      Load Constructor.
        NOTE - This method must not be used when the role is being requested to manage permissions,
               in such case is necessary to use one of the get methods setting AD_User_ID.
        
      Parameters:
      ctx - context
      rs - result set
      trxName - transaction
    • MRole

      public MRole(MRole copy)
      Copy constructor
      Parameters:
      copy -
    • MRole

      public MRole(Properties ctx, MRole copy)
      Copy constructor
      Parameters:
      ctx -
      copy -
    • MRole

      public MRole(Properties ctx, MRole copy, String trxName)
      Copy constructor
      Parameters:
      ctx -
      copy -
      trxName -
  • Method Details

    • getDefault

      public static MRole getDefault()
      Get role for current session/context
      Returns:
      role
    • getDefault

      public static MRole getDefault(Properties ctx, boolean reload)
      Get role for current session/context
      Parameters:
      ctx - context
      reload - if true forces reload
      Returns:
      role
      See Also:
    • get

      public static MRole get(Properties ctx, int AD_Role_ID, int AD_User_ID, boolean reload)
      Get Role for User from cache
      Parameters:
      ctx - context
      AD_Role_ID - role
      AD_User_ID - user
      reload - if true forces load
      Returns:
      role
    • get

      public static MRole get(Properties ctx, int AD_Role_ID)
      Get Role (cached). Did not set user - so no access loaded.
      Parameters:
      ctx - context
      AD_Role_ID - role
      Returns:
      role
    • getOfClient

      public static MRole[] getOfClient(Properties ctx)
      Get Roles Of Client
      Parameters:
      ctx - context
      Returns:
      roles of client
    • getOfClient

      public static MRole[] getOfClient(Properties ctx, String trxName)
      Get Roles Of Client
      Parameters:
      ctx - context
      trxName -
      Returns:
      roles of client
    • getOf

      public static MRole[] getOf(Properties ctx, String whereClause)
      Get Roles via where clause
      Parameters:
      ctx - context
      whereClause - SQL where clause
      Returns:
      roles matching where clause
    • getConfirmQueryRecords

      public int getConfirmQueryRecords()
      Get Confirm Query Records
      Specified by:
      getConfirmQueryRecords in interface I_AD_Role
      Overrides:
      getConfirmQueryRecords in class X_AD_Role
      Returns:
      value of ConfirmQueryRecords or 500 if value of ConfirmQueryRecords is 0.
    • isQueryRequire

      @Deprecated public boolean isQueryRequire(int noRecords)
      Deprecated.
      Parameters:
      noRecords - records
      Returns:
      true if query required
    • isQueryMax

      @Deprecated public boolean isQueryMax(int noRecords)
      Deprecated.
      Over max Query
      Parameters:
      noRecords - records
      Returns:
      true if over max query
    • beforeSave

      protected boolean beforeSave(boolean newRecord)
      Before Save
      Overrides:
      beforeSave in class PO
      Parameters:
      newRecord - new
      Returns:
      true if it can be saved
    • afterSave

      protected boolean afterSave(boolean newRecord, boolean success)
      After Save
      Overrides:
      afterSave in class PO
      Parameters:
      newRecord - new
      success - success
      Returns:
      success
    • afterDelete

      protected boolean afterDelete(boolean success)
      Executed after Delete operation.
      Overrides:
      afterDelete in class PO
      Parameters:
      success - true if record deleted
      Returns:
      true if delete is a success
    • updateAccessRecords

      public String updateAccessRecords()
      Create Access Records (delete existing access records prior to that)
      Returns:
      info
    • updateAccessRecords

      public String updateAccessRecords(boolean reset)
      Create Access Records
      Parameters:
      reset - true to delete existing access records
      Returns:
      info
    • toString

      public String toString()
      String Representation
      Overrides:
      toString in class X_AD_Role
      Returns:
      info
    • toStringX

      public String toStringX(Properties ctx)
      Extended String Representation
      Parameters:
      ctx - Properties
      Returns:
      extended info
    • setAD_User_ID

      public void setAD_User_ID(int AD_User_ID)
      Set Logged in user
      Parameters:
      AD_User_ID - logged in user id
    • getAD_User_ID

      public int getAD_User_ID()
      Get Logged in user
      Returns:
      AD_User_ID
    • loadAccess

      public void loadAccess(boolean reload)
      Load Access Info
      Parameters:
      reload - re-load from DB
    • getClientWhere

      public String getClientWhere(boolean rw)
      Get Where Clause for client filter
      Parameters:
      rw - read write
      Returns:
      "AD_Client_ID=0" or "AD_Client_ID IN(0,1,...)"
    • isClientAccess

      public boolean isClientAccess(int AD_Client_ID, boolean rw)
      Access to Client
      Parameters:
      AD_Client_ID - client
      rw - read write access
      Returns:
      true if can access
    • getOrgWhere

      public String getOrgWhere(boolean rw)
      Get Where Clause for organization filter
      Parameters:
      rw - read write
      Returns:
      "AD_Org_ID=0" or "AD_Org_ID IN(0,1,...)" or null (if access all org)
    • isOrgAccess

      public boolean isOrgAccess(int AD_Org_ID, boolean rw)
      Access to Org
      Parameters:
      AD_Org_ID - org
      rw - read write access
      Returns:
      true if access
    • isCanReport

      public boolean isCanReport(int AD_Table_ID)
      Can Report on table
      Parameters:
      AD_Table_ID - table
      Returns:
      true if can report
    • isCanExport

      public boolean isCanExport(int AD_Table_ID)
      Can Export Table
      Parameters:
      AD_Table_ID -
      Returns:
      true if can export
    • isTableAccess

      public boolean isTableAccess(int AD_Table_ID, boolean ro)
      Access to Table
      Parameters:
      AD_Table_ID - table
      ro - check read only access otherwise read write access level
      Returns:
      true if has RO/RW access to table
    • isTableAccessLevel

      public boolean isTableAccessLevel(int AD_Table_ID, boolean ro)
      Access to Table based on User Level and Table Access Level
      Parameters:
      AD_Table_ID - table
      ro - check read only access otherwise read write access level
      Returns:
      true if has RO/RW access to table
    • isColumnAccess

      public boolean isColumnAccess(int AD_Table_ID, int AD_Column_ID, boolean ro)
      Access to Column
      Parameters:
      AD_Table_ID - table
      AD_Column_ID - column
      ro - true for read only, false for read write
      Returns:
      true if can access
    • isColumnAccess

      public boolean isColumnAccess(int AD_Table_ID, int AD_Column_ID, boolean ro, String trxName)
      Access to Column
      Parameters:
      AD_Table_ID - table
      AD_Column_ID - column
      ro - true for read only, false for read write
      trxName -
      Returns:
      true if can access
    • isRecordAccess

      public boolean isRecordAccess(int AD_Table_ID, int Record_ID, boolean ro)
      Access to Record (AD_Record_Access)
      Parameters:
      AD_Table_ID - table
      Record_ID - record
      ro - true for read only, false for read write
      Returns:
      true if can access
    • getWindowAccess

      public Boolean getWindowAccess(int AD_Window_ID)
      Get Window Access (AD_Window_Access).
      Check ASP record as well if client is using ASP access control.
      Parameters:
      AD_Window_ID - window
      Returns:
      null if can't access, TRUE if r/w and FALSE if r/o
    • getProcessAccess

      public Boolean getProcessAccess(int AD_Process_ID)
      Get Process Access (AD_Process_Access). Check ASP record as well if client is using ASP access control.
      Parameters:
      AD_Process_ID - process
      Returns:
      null if can't access, TRUE if r/w and FALSE if r/o
    • getTaskAccess

      public Boolean getTaskAccess(int AD_Task_ID)
      Get Task Access (AD_Task_Access).
      Check ASP record as well if client is using ASP access control.
      Parameters:
      AD_Task_ID - task
      Returns:
      null if can't access, TRUE if r/w and FALSE if r/o
    • getFormAccess

      public Boolean getFormAccess(int AD_Form_ID)
      Get Form Access (AD_Form_Access).
      Check ASP record as well if client is using ASP access control.
      Parameters:
      AD_Form_ID - form
      Returns:
      null if can't access, TRUE if r/w and FALSE if r/o
    • getWorkflowAccess

      public Boolean getWorkflowAccess(int AD_Workflow_ID)
      Get Workflow Access (AD_Workflow_Access).
      Check ASP record as well if client is using ASP access control.
      Parameters:
      AD_Workflow_ID - workflow
      Returns:
      null if can't access, TRUE if r/w and FALSE if r/o
    • addAccessSQL

      public String addAccessSQL(String SQL, String TableNameIn, boolean fullyQualified, boolean rw)
      Appends access where clause to SQL statement for Tables
      Parameters:
      SQL - existing SQL statement
      TableNameIn - Table Name or list of table names AAA, BBB or AAA a, BBB b
      fullyQualified - fullyQualified column name
      rw - if false, includes records belongs to System client (AD_Client_ID=0).
      Returns:
      updated SQL statement
    • canUpdate

      public boolean canUpdate(int AD_Client_ID, int AD_Org_ID, int AD_Table_ID, int Record_ID, boolean createError)
      Check update access. Access error info (AccessTableNoUpdate) is saved in the log
      Parameters:
      AD_Client_ID - context to derive client/org/user level
      AD_Org_ID - number of the current window to retrieve context
      AD_Table_ID - table
      Record_ID - record id
      createError - true to capture error into server log
      Returns:
      true if can update see org.compiere.model.MTable#dataSave(boolean)
    • canView

      public boolean canView(Properties ctx, String TableLevel)
      VIEW - Can I view record in Table with given TableLevel.
              TableLevel              S__ 100         4       System info
                                      SCO 111         7       System shared info
                                      SC_ 110         6       System/Client info
                                      _CO 011         3       Client shared info
                                      _C_ 011         2       Client shared info
                                      __O 001         1       Organization info
        
      Parameters:
      ctx - context
      TableLevel - table access level
      Returns:
      true if can view
      Access error info (AccessTableNoUpdate, AccessTableNoView) is saved in the log
      See Also:
      • GridTabVO.loadTabDetails(GridTabVO, ResultSet)
    • isShowPreference

      public boolean isShowPreference()
      Show (Value) Preference Menu
      Returns:
      true if preference type is not None
    • checkActionAccess

      public int checkActionAccess(int clientId, int docTypeId, String[] options, int maxIndex)
      Checks the access rights of the given role/client for the given document actions.
      Parameters:
      clientId - AD_Client_ID
      docTypeId - C_DocType_ID
      options - array of document actions
      maxIndex - define the range of elements to examine in options (>= 0 and < maxIndex)
      Returns:
      number of valid actions in the String[] options argument
    • getIncludedRoles

      public List<MRole> getIncludedRoles(boolean recursive)
      Parameters:
      recursive -
      Returns:
      unmodifiable list of included roles
    • getIncludedRolesWhereClause

      public String getIncludedRolesWhereClause(String roleColumnSQL, List<Object> params)
      Get Where Clause filter for this role and included roles.
      It will look something like myalias.AD_Role_ID IN (?, ?, ?).
      Parameters:
      roleColumnSQL - role column name or role column SQL (e.g. myalias.AD_Role_ID)
      params - a list where the method will put SQL parameters.
      If null, this method will generate a not parameterized query
      Returns:
      SQL where clause
    • getInfoAccess

      public Boolean getInfoAccess(int AD_InfoWindow_ID)
      Get info window access (AD_InfoWindow_Access)
      Parameters:
      AD_InfoWindow_ID -
      Returns:
      null if can't access, TRUE if r/w and FALSE if r/o
    • canAccess_Info_Product

      public boolean canAccess_Info_Product()
      Returns:
      true if can access info window for product
    • getWhereRoleType

      public static String getWhereRoleType(String roleType, String tableName)
      Get where clause for a role types list
      Parameters:
      roleType - - comma separated list of role types, NULL can be used
      tableName - - if column needs to be qualified
      Returns:
      whereClause, return null if roleType is null or empty
    • isTableAccessExcluded

      public boolean isTableAccessExcluded(int tableID)
      Does the table is excluded for current role (this method doesn't check the access level of the table, use isTableAccessLevel for that purpose)
      Parameters:
      tableID - AD_Table_ID
      Returns:
      true if table access is excluded for this role
    • markImmutable

      public MRole markImmutable()
      Description copied from interface: ImmutablePOSupport
      mark PO as immutable
      Specified by:
      markImmutable in interface ImmutablePOSupport
      Returns:
      PO
    • checkAccessSQL

      public boolean checkAccessSQL(MTable table, int recordId, String uuid, boolean rw)
      Check record access through addAccessSQL(String, String, boolean, boolean) using
      either record id or record uuid
      Parameters:
      table -
      recordId - ignore if uuid is use
      uuid - null to use recordId
      rw - true for writable, false for readonly
      Returns:
      true if role has access to record