admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#35733 betere _FACILITOR autorisering

Browse Source 
svn path=/Website/trunk/; revision=28421
This commit is contained in:
Jos Groot Lipman
2016-03-10 11:01:27 +00:00
parent e65bd4ae2e
commit 20765d360e
11 changed files with 101 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
APPL/API2/model_reportcolumns.inc
View File

@@ -25,7 +25,7 @@ function model_reportcolumns(usrrap_key, params)
this.record_name = "column";
this.records_title = L("lcl_rap_columns");
this.record_title = L("lcl_rap_column");
this.autfunction = "WEB_PRSSYS",
this.autfunction = "WEB_UDRMAN",
this.edit = { modal: true };
this.fields =
@@ -117,10 +117,11 @@ function model_reportcolumns(usrrap_key, params)
if (i != -1)
view_name_short = view_name_short.substring(i+1);
var hasFACFAC = user.checkAutorisation("WEB_FACFAC", true); // Die mag ook tabellen doen
var sql = "SELECT object_name, object_type, last_ddl_time, status"
+ " FROM user_objects"
+ " WHERE "
+ (user.oslogin() == "_FACILITOR" ? "object_type IN ('VIEW', 'TABLE')" : " object_type = 'VIEW'")
+ (hasFACFAC ? "object_type IN ('VIEW', 'TABLE')" : " object_type = 'VIEW'")
+ " AND object_name = UPPER(" + safe.quoted_sql(view_name_short) + ")";
var oRs = Oracle.Execute(sql);
if (oRs.Eof)

12
APPL/API2/model_reportsx.inc
View File

@@ -80,13 +80,15 @@ function model_reportsx(usrrap_key, rapparams)
this._check_authorization = function(params, method)
{
params.message = "";
var autfunction = "WEB_PRSSYS";
var autfunction = "WEB_UDRMAN";
params.authparams = user.checkAutorisation(autfunction); // pessimistisch
};
var hasFACFAC = user.checkAutorisation("WEB_FACFAC", true); // Die mag ook tabellen doen
this._analyze_fields = function (dbfields, params, jsondata) /* analyseer inkomende data, common voor PUT en POST */
{
if (user.oslogin() != "_FACILITOR") // Die mag alles
if (hasFACFAC) // Die mag alles
{
// viewname zit alleen in dbfields als het een insert is. In edit-mode is dit veld readonly, dus niet in dbfields.
if ("viewname" in dbfields)
@@ -126,7 +128,7 @@ function model_reportsx(usrrap_key, rapparams)
var wheres = api2.sqlfilter(params, this);
query.wheres = query.wheres.concat(wheres);
var authparams = user.checkAutorisation("WEB_PRSSYS", true);
var authparams = user.checkAutorisation("WEB_UDRMAN", true);
if (!authparams)
{
query.wheres.push("(fac_functie_key IN"
@@ -222,7 +224,7 @@ function model_reportsx(usrrap_key, rapparams)
if (!rapparams.internal)
{
if (user.oslogin() == "_FACILITOR")
if (hasFACFAC)
settings.overrule_setting("fac_usrrap_mode", 1); // _FACILITOR mag alles
else
{
@@ -235,7 +237,7 @@ function model_reportsx(usrrap_key, rapparams)
this.fields["pivot"].readonly = true;
this.fields["graph"].readonly = true;
}
if (!user.checkAutorisation("WEB_PRSSYS", true))
if (!user.checkAutorisation("WEB_UDRMAN", true))
{ // Dit heeft betrekking op de zoekvelden van appl/fac/fac_reportx_show.asp?mode=search
// Omdat wij standaard linken naar mode=list speelt dit zelden.
for (var fld in this.fields)

24
APPL/FAC/fac_edit_api.asp
View File

@@ -19,7 +19,7 @@ FCLTHeader.Requires({ plugins:["jQuery"] })
var api_key = getQParamInt("api_key", -1);
user.auth_required_or_abort(user.oslogin() == "_FACILITOR");
var hasFACFAC = user.checkAutorisation("WEB_FACFAC");
var api_name;
var api_omschrijving;
@@ -37,7 +37,7 @@ function prettyJson(j)
{
try
{
var xx = JSON.stringify(eval("("+j + ")"), null, 2);
var xx = JSON.stringify(eval("(" + j + ")"), null, 2);
if (xx == "null")
return "";
return xx;
@@ -53,16 +53,16 @@ if (api_key > 0)
var sql = "SELECT * FROM fac_api a"
+ " WHERE fac_api_key =" + api_key;
var oRs = Oracle.Execute(sql);
api_name = oRs("fac_api_name").Value;
api_omschrijving = oRs("fac_api_omschrijving").Value;
api_filepath = oRs("fac_api_filepath").Value;
api_loglevel = oRs("fac_api_loglevel").Value;
usrrap_key = oRs("fac_usrrap_key").Value;
api_viewmapping_json = prettyJson(oRs("fac_api_viewmapping_json").Value);
api_stylesheet = oRs("fac_api_stylesheet").Value;
import_app_key = oRs("fac_import_app_key").Value;
api_options_json = prettyJson(oRs("fac_api_options_json").Value);
var api_name = oRs("fac_api_name").Value;
var api_omschrijving = oRs("fac_api_omschrijving").Value;
var api_filepath = oRs("fac_api_filepath").Value;
var api_loglevel = oRs("fac_api_loglevel").Value;
var usrrap_key = oRs("fac_usrrap_key").Value;
var api_viewmapping_json = prettyJson(oRs("fac_api_viewmapping_json").Value);
var api_stylesheet = oRs("fac_api_stylesheet").Value;
var import_app_key = oRs("fac_import_app_key").Value;
var api_options_json = prettyJson(oRs("fac_api_options_json").Value);
oRs.Close();
}
%>

2
APPL/FAC/fac_edit_api_save.asp
View File

@@ -21,7 +21,7 @@ var JSON_Result = true;
<%
var api_key = getQParamInt("api_key", -1 );
user.auth_required_or_abort(user.oslogin() == "_FACILITOR");
var hasFACFAC = user.checkAutorisation("WEB_FACFAC");
var viewoptions = getFParam("fac_api_options_json", "");
if (viewoptions)

4
APPL/FAC/fac_edit_template.asp
View File

@@ -24,7 +24,7 @@ function prettyJson(j)
{
try
{
var xx = JSON.stringify(eval("("+j + ")"), null, 2);
var xx = JSON.stringify(eval("(" + j + ")"), null, 2);
if (xx == "null")
return "";
return xx;
@@ -35,8 +35,6 @@ function prettyJson(j)
};
};
//var canChange = (user.oslogin() == "_FACILITOR");
%>
<html>

15
APPL/FAC/fac_setting.asp
View File

@@ -19,9 +19,9 @@ FCLTHeader.Requires({ plugins:["jQuery"],
var fac_key = getQParamInt("fac_key");
var autfunction = "WEB_PRSSYS";
var authparams = user.checkAutorisation(autfunction);
var authPRSSYS = user.checkAutorisation("WEB_PRSSYS");
var authFACFAC = user.checkAutorisation("WEB_FACFAC", true);
var authFACTAB = user.checkAutorisation("WEB_FACTAB", true);
function prettyJson(j)
{
@@ -44,11 +44,14 @@ var sql = "SELECT * FROM fac_setting s, prs_v_perslid_fullnames pf"
var oRs = Oracle.Execute(sql);
if (user.oslogin() != "_FACILITOR")
if (!authFACFAC)
user.auth_required_or_abort(oRs("fac_setting_flags").Value & 1); // moet zichtbaar zijn voor PRSSYS
var isProtected = (oRs("fac_setting_flags").Value & 2) == 0;
var canChange = (user.oslogin() == "_FACILITOR" || !isProtected); // 2 is wijzigbaar PRSSYS
var functie_key = oRs("fac_functie_key").Value;
var isProtected = (functie_key != authPRSSYS.autfunctionkey);
canChange = (!isProtected ||
authFACFAC && functie_key == authFACFAC.autfunctionkey ||
authFACTAB && functie_key == authFACTAB.autfunctionkey)
%>

57
APPL/FAC/fac_setting_save.asp
View File

@@ -19,41 +19,46 @@
<% FCLTHeader.Requires({ plugins:["jQuery"] }) %>
<%
var fac_key = getQParamInt( "fac_key", -1 );
var fac_key = getQParamInt( "fac_key" );
var autfunction = "WEB_PRSSYS";
var authparams = user.checkAutorisation(autfunction);
var authPRSSYS = user.checkAutorisation("WEB_PRSSYS");
var authFACFAC = user.checkAutorisation("WEB_FACFAC", true);
var authFACTAB = user.checkAutorisation("WEB_FACTAB", true);
var sql = "SELECT * FROM fac_setting s"
+ " WHERE fac_setting_key ="+fac_key;
var sql = "SELECT * FROM fac_setting s"
+ " WHERE fac_setting_key ="+fac_key;
var oRs = Oracle.Execute(sql);
var canChange = (user.oslogin() == "_FACILITOR" || oRs("fac_setting_flags").Value & 2); // 2 is wijzigbaar PRSSYS
var oRs = Oracle.Execute(sql);
user.auth_required_or_abort(canChange);
var functie_key = oRs("fac_functie_key").Value;
var isProtected = (functie_key != authPRSSYS.autfunctionkey);
canChange = (!isProtected ||
authFACFAC && functie_key == authFACFAC.autfunctionkey ||
authFACTAB && functie_key == authFACTAB.autfunctionkey)
var pvalue = getFParam("pvalue", "");
if (oRs("fac_setting_type").value == 'float')
{
pvalue = pvalue.replace(",", ".");
}
user.auth_required_or_abort(canChange);
var fields = [ { dbs: "fac_setting_pvalue", typ: "varchar", val: pvalue, len: 1024 },
{ dbs: "fac_setting_datum", typ: "sql", val: "SYSDATE" },
{ dbs: "prs_perslid_key", typ: "key", val: user_key }];
var pvalue = getFParam("pvalue", "");
if (oRs("fac_setting_type").value == 'float')
{
pvalue = pvalue.replace(",", ".");
}
var fields = [ { dbs: "fac_setting_pvalue", typ: "varchar", val: pvalue, len: 1024 },
{ dbs: "fac_setting_datum", typ: "sql", val: "SYSDATE" },
{ dbs: "prs_perslid_key", typ: "key", val: user_key }];
var warning = "";
if (fac_key > 0)
{
sql = buildUpdate("fac_setting", fields)
+ " fac_setting_key = " + fac_key;
var err = Oracle.Execute(sql, true);
if (err.friendlyMsg)
warning = err.friendlyMsg;
settings.loadSET(true); // Forceer caching opnieuw
}
%>
sql = buildUpdate("fac_setting", fields)
+ " fac_setting_key = " + fac_key;
var err = Oracle.Execute(sql, true);
if (err.friendlyMsg)
warning = err.friendlyMsg;
settings.loadSET(true); // Forceer caching opnieuw
%>
<html>
<head>
<% FCLTHeader.Generate() %>

20
APPL/FAC/fac_settings_list.asp
View File

@@ -27,6 +27,7 @@ var outputmode = getQParamInt("outputmode", 0);
var autfunction = "WEB_PRSSYS";
var authparams = user.checkAutorisation(autfunction);
var hasFACFAC = user.checkAutorisation("WEB_FACFAC", true);
FCLTHeader.Requires({ plugins: ["jQuery"] })
%>
@@ -46,18 +47,22 @@ FCLTHeader.Requires({ plugins: ["jQuery"] })
}
</script>
<%
var sqln = "SELECT * FROM fac_setting s, prs_v_perslid_fullnames pf"
var sqln = "SELECT *"
+ " FROM fac_setting s, "
+ " fac_functie f, "
+ " prs_v_perslid_fullnames pf"
+ " WHERE s.prs_perslid_key = pf.prs_perslid_key(+)"
+ (zoek ? " AND (UPPER(fac_setting_name) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ " AND s.fac_functie_key = f.fac_functie_key"
+ (zoek ? " AND (UPPER(fac_setting_name) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ " OR UPPER(fac_setting_description) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ " OR UPPER(fac_setting_default) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ " OR UPPER(fac_setting_pvalue) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ " OR UPPER(fac_setting_default) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ " OR UPPER(fac_setting_pvalue) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ ")"
: "")
+ (smodule != "-1"
? "AND fac_setting_module = " + safe.quoted_sql(smodule)
: "")
+ (user.oslogin() != "_FACILITOR"
+ (!hasFACFAC
? " AND BITAND (fac_setting_flags, 1) = 1" // zichtbaar voor PRSSYS
:"")
+ " ORDER BY fac_setting_name";
@@ -88,10 +93,9 @@ function prettyJson(j)
}
function fnprotected(oRs)
{
if (oRs("fac_setting_flags").Value & 2)
if (oRs("fac_functie_code").Value == 'WEB_PRSSYS')
return "";
else
return "<span class='facsetreado' title='Protected setting'>Protected</span>";
return "<span class='facsetreado' title='Protected setting'>Protected</span>";
}
var rst = new ResultsetTable({ sql: sqln,
keyColumn: "fac_setting_key",

3
APPL/FAC/fac_show_api.asp
View File

@@ -20,7 +20,8 @@ var api_key = getQParamInt("api_key");
var autfunction = "WEB_PRSSYS";
var authparams = user.checkAutorisation(autfunction);
var canChange = (user.oslogin() == "_FACILITOR");
var canChange = user.checkAutorisation("WEB_FACFAC", true);
canChange = true;
var sql = "SELECT * FROM fac_api a"

24
APPL/PDA/reservering.asp
View File

@@ -16,8 +16,11 @@
<!-- #include file="./mobile.inc" -->
<!-- #include file="./iface.inc" -->
<!-- #include file="../PRS/prs.inc" -->
<!-- #include file="../RES/res.inc" -->
<!-- #include file="../Shared/discxalg3d.inc" -->
<!-- #include file="../RES/res.inc" -->
<!-- #include file="../Shared/getkenmerksql.inc" -->
<!-- #include file="../Shared/discx3d.inc" -->
<!-- #include file="../Shared/discxalg3d.inc" -->
<!-- #include file="../mld/mld.inc" -->
<!-- #include file="../RES/res_plan_room.inc" -->
<!-- #include file="../RES/res_flexkenmerk.inc" -->
@@ -553,7 +556,22 @@ else
if (this_res.canChange || rsv_ruimte_key == -1)
BUTTON((rsv_ruimte_key > -1 ? L("lcl_submit") : L("lcl_newsubmit")), {click: "res_submit()", dataicon: "refresh"});
if (this_res.canChange && rsv_ruimte_key > -1)
BUTTON(L("lcl_mobile_bezoek"), {click: "res_vis()", dataicon: "grid"});
BUTTON(L("lcl_mobile_bezoek"), {click: "res_vis()", dataicon: "grid"});
// Toon meldingenknop als er bijbehorende lopende meldingen zijn en ik die mag zien (kan vast nog scherper)
if (user.checkAutorisation( "WEB_MLDBOF", true)) {
// De prijs is wel dat ik mld.inc moet includen..
var perform=false; // ???? JGL: MLD.INC gebruikt deze illegaal globaal
var frontend=false;
var tsql = "SELECT COUNT(m.mld_melding_key), MAX(m.mld_melding_key)"+ mld.getfromwherelist_sql("WEB_MLDBOF", {"rsv_ruimte_key": rsv_ruimte_key})
+ " AND m.mld_melding_status IN (0,2,3,4,7)";
toRs = Oracle.Execute(tsql);
if (toRs(0).value == 1) { // eentje slechts, dan naar de details; max is vanzelfsprekend die ene
BUTTON(L("lcl_mobile_meldingen")+ " (1)", {linkid: "./melding.asp?mld_key="+toRs(1).value , dataicon: "alert", dataajax: 'false'});
} else if (toRs(0).value > 0) { // meerdere, dan naar lijst
BUTTON(L("lcl_mobile_meldingen")+" ("+toRs(0).value+")", {linkid: "./mld_list.asp?res_rsv_ruimte_key="+rsv_ruimte_key , dataicon: "alert", dataajax: 'false'});
}
}
CONTROLGROUP_END()
IFACE.FORM_END();
%>

3
APPL/RES/res_show_rsv_ruimte.asp
View File

@@ -333,7 +333,8 @@ FCLTHeader.Requires({plugins: ["jQuery"]})
<% var buttons = [];
if (rrr.rsv_ruimte_verwijder == null) // Anders mag je niets meer
{
// Undocumented 'DEMO' feature voor _FACILITOR
// Hier (altijd) testen op user.checkAutorisation("WEB_FACFAC", true) vind ik te veel eer
if ((user.oslogin() == "_FACILITOR") && S("mobile_enabled") && restype == "R")
{
buttons.push( {title: "Touch", icon: "../Pictures/hand_point.png", action: "res_touch()" });