admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#35733 betere _FACILITOR autorisering

Browse Source 
svn path=/Website/trunk/; revision=28421
This commit is contained in:
Jos Groot Lipman
2016-03-10 11:01:27 +00:00
parent e65bd4ae2e
commit 20765d360e
11 changed files with 101 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
APPL/API2/model_reportcolumns.inc
View File

@@ -25,7 +25,7 @@ function model_reportcolumns(usrrap_key, params)
this.record_name = "column"; this.record_name = "column";
this.records_title = L("lcl_rap_columns"); this.records_title = L("lcl_rap_columns");
this.record_title = L("lcl_rap_column"); this.record_title = L("lcl_rap_column");
this.autfunction = "WEB_PRSSYS", this.autfunction = "WEB_UDRMAN",
this.edit = { modal: true }; this.edit = { modal: true };
this.fields = this.fields =
@@ -117,10 +117,11 @@ function model_reportcolumns(usrrap_key, params)
if (i != -1) if (i != -1)
view_name_short = view_name_short.substring(i+1); view_name_short = view_name_short.substring(i+1);
var hasFACFAC = user.checkAutorisation("WEB_FACFAC", true); // Die mag ook tabellen doen
var sql = "SELECT object_name, object_type, last_ddl_time, status" var sql = "SELECT object_name, object_type, last_ddl_time, status"
+ " FROM user_objects" + " FROM user_objects"
+ " WHERE " + " WHERE "
+ (user.oslogin() == "_FACILITOR" ? "object_type IN ('VIEW', 'TABLE')" : " object_type = 'VIEW'") + (hasFACFAC ? "object_type IN ('VIEW', 'TABLE')" : " object_type = 'VIEW'")
+ " AND object_name = UPPER(" + safe.quoted_sql(view_name_short) + ")"; + " AND object_name = UPPER(" + safe.quoted_sql(view_name_short) + ")";
var oRs = Oracle.Execute(sql); var oRs = Oracle.Execute(sql);
if (oRs.Eof) if (oRs.Eof)

12
APPL/API2/model_reportsx.inc
View File

@@ -80,13 +80,15 @@ function model_reportsx(usrrap_key, rapparams)
this._check_authorization = function(params, method) this._check_authorization = function(params, method)
{ {
params.message = ""; params.message = "";
var autfunction = "WEB_PRSSYS"; var autfunction = "WEB_UDRMAN";
params.authparams = user.checkAutorisation(autfunction); // pessimistisch params.authparams = user.checkAutorisation(autfunction); // pessimistisch
}; };
var hasFACFAC = user.checkAutorisation("WEB_FACFAC", true); // Die mag ook tabellen doen
this._analyze_fields = function (dbfields, params, jsondata) /* analyseer inkomende data, common voor PUT en POST */ this._analyze_fields = function (dbfields, params, jsondata) /* analyseer inkomende data, common voor PUT en POST */
{ {
if (user.oslogin() != "_FACILITOR") // Die mag alles if (hasFACFAC) // Die mag alles
{ {
// viewname zit alleen in dbfields als het een insert is. In edit-mode is dit veld readonly, dus niet in dbfields. // viewname zit alleen in dbfields als het een insert is. In edit-mode is dit veld readonly, dus niet in dbfields.
if ("viewname" in dbfields) if ("viewname" in dbfields)
@@ -126,7 +128,7 @@ function model_reportsx(usrrap_key, rapparams)
var wheres = api2.sqlfilter(params, this); var wheres = api2.sqlfilter(params, this);
query.wheres = query.wheres.concat(wheres); query.wheres = query.wheres.concat(wheres);
var authparams = user.checkAutorisation("WEB_PRSSYS", true); var authparams = user.checkAutorisation("WEB_UDRMAN", true);
if (!authparams) if (!authparams)
{ {
query.wheres.push("(fac_functie_key IN" query.wheres.push("(fac_functie_key IN"
@@ -222,7 +224,7 @@ function model_reportsx(usrrap_key, rapparams)
if (!rapparams.internal) if (!rapparams.internal)
{ {
if (user.oslogin() == "_FACILITOR") if (hasFACFAC)
settings.overrule_setting("fac_usrrap_mode", 1); // _FACILITOR mag alles settings.overrule_setting("fac_usrrap_mode", 1); // _FACILITOR mag alles
else else
{ {
@@ -235,7 +237,7 @@ function model_reportsx(usrrap_key, rapparams)
this.fields["pivot"].readonly = true; this.fields["pivot"].readonly = true;
this.fields["graph"].readonly = true; this.fields["graph"].readonly = true;
} }
if (!user.checkAutorisation("WEB_PRSSYS", true)) if (!user.checkAutorisation("WEB_UDRMAN", true))
{ // Dit heeft betrekking op de zoekvelden van appl/fac/fac_reportx_show.asp?mode=search { // Dit heeft betrekking op de zoekvelden van appl/fac/fac_reportx_show.asp?mode=search
// Omdat wij standaard linken naar mode=list speelt dit zelden. // Omdat wij standaard linken naar mode=list speelt dit zelden.
for (var fld in this.fields) for (var fld in this.fields)

24
APPL/FAC/fac_edit_api.asp
View File

@@ -19,7 +19,7 @@ FCLTHeader.Requires({ plugins:["jQuery"] })
var api_key = getQParamInt("api_key", -1); var api_key = getQParamInt("api_key", -1);
user.auth_required_or_abort(user.oslogin() == "_FACILITOR"); var hasFACFAC = user.checkAutorisation("WEB_FACFAC");
var api_name; var api_name;
var api_omschrijving; var api_omschrijving;
@@ -37,7 +37,7 @@ function prettyJson(j)
{ {
try try
{ {
var xx = JSON.stringify(eval("("+j + ")"), null, 2); var xx = JSON.stringify(eval("(" + j + ")"), null, 2);
if (xx == "null") if (xx == "null")
return ""; return "";
return xx; return xx;
@@ -53,16 +53,16 @@ if (api_key > 0)
var sql = "SELECT * FROM fac_api a" var sql = "SELECT * FROM fac_api a"
+ " WHERE fac_api_key =" + api_key; + " WHERE fac_api_key =" + api_key;
var oRs = Oracle.Execute(sql); var oRs = Oracle.Execute(sql);
api_name = oRs("fac_api_name").Value; var api_name = oRs("fac_api_name").Value;
api_omschrijving = oRs("fac_api_omschrijving").Value; var api_omschrijving = oRs("fac_api_omschrijving").Value;
api_filepath = oRs("fac_api_filepath").Value; var api_filepath = oRs("fac_api_filepath").Value;
api_loglevel = oRs("fac_api_loglevel").Value; var api_loglevel = oRs("fac_api_loglevel").Value;
usrrap_key = oRs("fac_usrrap_key").Value; var usrrap_key = oRs("fac_usrrap_key").Value;
api_viewmapping_json = prettyJson(oRs("fac_api_viewmapping_json").Value); var api_viewmapping_json = prettyJson(oRs("fac_api_viewmapping_json").Value);
api_stylesheet = oRs("fac_api_stylesheet").Value; var api_stylesheet = oRs("fac_api_stylesheet").Value;
import_app_key = oRs("fac_import_app_key").Value; var import_app_key = oRs("fac_import_app_key").Value;
api_options_json = prettyJson(oRs("fac_api_options_json").Value); var api_options_json = prettyJson(oRs("fac_api_options_json").Value);
oRs.Close();
} }
%> %>

2
APPL/FAC/fac_edit_api_save.asp
View File

@@ -21,7 +21,7 @@ var JSON_Result = true;
<% <%
var api_key = getQParamInt("api_key", -1 ); var api_key = getQParamInt("api_key", -1 );
user.auth_required_or_abort(user.oslogin() == "_FACILITOR"); var hasFACFAC = user.checkAutorisation("WEB_FACFAC");
var viewoptions = getFParam("fac_api_options_json", ""); var viewoptions = getFParam("fac_api_options_json", "");
if (viewoptions) if (viewoptions)

4
APPL/FAC/fac_edit_template.asp
View File

@@ -24,7 +24,7 @@ function prettyJson(j)
{ {
try try
{ {
var xx = JSON.stringify(eval("("+j + ")"), null, 2); var xx = JSON.stringify(eval("(" + j + ")"), null, 2);
if (xx == "null") if (xx == "null")
return ""; return "";
return xx; return xx;
@@ -35,8 +35,6 @@ function prettyJson(j)
}; };
}; };
//var canChange = (user.oslogin() == "_FACILITOR");
%> %>
<html> <html>

15
APPL/FAC/fac_setting.asp
View File

@@ -19,9 +19,9 @@ FCLTHeader.Requires({ plugins:["jQuery"],
var fac_key = getQParamInt("fac_key"); var fac_key = getQParamInt("fac_key");
var autfunction = "WEB_PRSSYS"; var authPRSSYS = user.checkAutorisation("WEB_PRSSYS");
var authparams = user.checkAutorisation(autfunction); var authFACFAC = user.checkAutorisation("WEB_FACFAC", true);
var authFACTAB = user.checkAutorisation("WEB_FACTAB", true);
function prettyJson(j) function prettyJson(j)
{ {
@@ -44,11 +44,14 @@ var sql = "SELECT * FROM fac_setting s, prs_v_perslid_fullnames pf"
var oRs = Oracle.Execute(sql); var oRs = Oracle.Execute(sql);
if (user.oslogin() != "_FACILITOR") if (!authFACFAC)
user.auth_required_or_abort(oRs("fac_setting_flags").Value & 1); // moet zichtbaar zijn voor PRSSYS user.auth_required_or_abort(oRs("fac_setting_flags").Value & 1); // moet zichtbaar zijn voor PRSSYS
var isProtected = (oRs("fac_setting_flags").Value & 2) == 0; var functie_key = oRs("fac_functie_key").Value;
var canChange = (user.oslogin() == "_FACILITOR" || !isProtected); // 2 is wijzigbaar PRSSYS var isProtected = (functie_key != authPRSSYS.autfunctionkey);
canChange = (!isProtected ||
authFACFAC && functie_key == authFACFAC.autfunctionkey ||
authFACTAB && functie_key == authFACTAB.autfunctionkey)
%> %>

57
APPL/FAC/fac_setting_save.asp
View File

@@ -19,41 +19,46 @@
<% FCLTHeader.Requires({ plugins:["jQuery"] }) %> <% FCLTHeader.Requires({ plugins:["jQuery"] }) %>
<% <%
var fac_key = getQParamInt( "fac_key", -1 ); var fac_key = getQParamInt( "fac_key" );
var autfunction = "WEB_PRSSYS"; var authPRSSYS = user.checkAutorisation("WEB_PRSSYS");
var authparams = user.checkAutorisation(autfunction); var authFACFAC = user.checkAutorisation("WEB_FACFAC", true);
var authFACTAB = user.checkAutorisation("WEB_FACTAB", true);
var sql = "SELECT * FROM fac_setting s" var sql = "SELECT * FROM fac_setting s"
+ " WHERE fac_setting_key ="+fac_key; + " WHERE fac_setting_key ="+fac_key;
var oRs = Oracle.Execute(sql); var oRs = Oracle.Execute(sql);
var canChange = (user.oslogin() == "_FACILITOR" || oRs("fac_setting_flags").Value & 2); // 2 is wijzigbaar PRSSYS
user.auth_required_or_abort(canChange); var functie_key = oRs("fac_functie_key").Value;
var isProtected = (functie_key != authPRSSYS.autfunctionkey);
canChange = (!isProtected ||
authFACFAC && functie_key == authFACFAC.autfunctionkey ||
authFACTAB && functie_key == authFACTAB.autfunctionkey)
var pvalue = getFParam("pvalue", ""); user.auth_required_or_abort(canChange);
if (oRs("fac_setting_type").value == 'float')
{
pvalue = pvalue.replace(",", ".");
}
var fields = [ { dbs: "fac_setting_pvalue", typ: "varchar", val: pvalue, len: 1024 }, var pvalue = getFParam("pvalue", "");
{ dbs: "fac_setting_datum", typ: "sql", val: "SYSDATE" }, if (oRs("fac_setting_type").value == 'float')
{ dbs: "prs_perslid_key", typ: "key", val: user_key }]; {
pvalue = pvalue.replace(",", ".");
}
var fields = [ { dbs: "fac_setting_pvalue", typ: "varchar", val: pvalue, len: 1024 },
{ dbs: "fac_setting_datum", typ: "sql", val: "SYSDATE" },
{ dbs: "prs_perslid_key", typ: "key", val: user_key }];
var warning = ""; var warning = "";
if (fac_key > 0)
{
sql = buildUpdate("fac_setting", fields)
+ " fac_setting_key = " + fac_key;
var err = Oracle.Execute(sql, true); sql = buildUpdate("fac_setting", fields)
if (err.friendlyMsg) + " fac_setting_key = " + fac_key;
warning = err.friendlyMsg;
settings.loadSET(true); // Forceer caching opnieuw var err = Oracle.Execute(sql, true);
} if (err.friendlyMsg)
%> warning = err.friendlyMsg;
settings.loadSET(true); // Forceer caching opnieuw
%>
<html> <html>
<head> <head>
<% FCLTHeader.Generate() %> <% FCLTHeader.Generate() %>

20
APPL/FAC/fac_settings_list.asp
View File

@@ -27,6 +27,7 @@ var outputmode = getQParamInt("outputmode", 0);
var autfunction = "WEB_PRSSYS"; var autfunction = "WEB_PRSSYS";
var authparams = user.checkAutorisation(autfunction); var authparams = user.checkAutorisation(autfunction);
var hasFACFAC = user.checkAutorisation("WEB_FACFAC", true);
FCLTHeader.Requires({ plugins: ["jQuery"] }) FCLTHeader.Requires({ plugins: ["jQuery"] })
%> %>
@@ -46,18 +47,22 @@ FCLTHeader.Requires({ plugins: ["jQuery"] })
} }
</script> </script>
<% <%
var sqln = "SELECT * FROM fac_setting s, prs_v_perslid_fullnames pf" var sqln = "SELECT *"
+ " FROM fac_setting s, "
+ " fac_functie f, "
+ " prs_v_perslid_fullnames pf"
+ " WHERE s.prs_perslid_key = pf.prs_perslid_key(+)" + " WHERE s.prs_perslid_key = pf.prs_perslid_key(+)"
+ (zoek ? " AND (UPPER(fac_setting_name) LIKE " + safe.quoted_sql_wild("%" + zoek + "%") + " AND s.fac_functie_key = f.fac_functie_key"
+ (zoek ? " AND (UPPER(fac_setting_name) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ " OR UPPER(fac_setting_description) LIKE " + safe.quoted_sql_wild("%" + zoek + "%") + " OR UPPER(fac_setting_description) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ " OR UPPER(fac_setting_default) LIKE " + safe.quoted_sql_wild("%" + zoek + "%") + " OR UPPER(fac_setting_default) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ " OR UPPER(fac_setting_pvalue) LIKE " + safe.quoted_sql_wild("%" + zoek + "%") + " OR UPPER(fac_setting_pvalue) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ ")" + ")"
: "") : "")
+ (smodule != "-1" + (smodule != "-1"
? "AND fac_setting_module = " + safe.quoted_sql(smodule) ? "AND fac_setting_module = " + safe.quoted_sql(smodule)
: "") : "")
+ (user.oslogin() != "_FACILITOR" + (!hasFACFAC
? " AND BITAND (fac_setting_flags, 1) = 1" // zichtbaar voor PRSSYS ? " AND BITAND (fac_setting_flags, 1) = 1" // zichtbaar voor PRSSYS
:"") :"")
+ " ORDER BY fac_setting_name"; + " ORDER BY fac_setting_name";
@@ -88,10 +93,9 @@ function prettyJson(j)
} }
function fnprotected(oRs) function fnprotected(oRs)
{ {
if (oRs("fac_setting_flags").Value & 2) if (oRs("fac_functie_code").Value == 'WEB_PRSSYS')
return ""; return "";
else return "<span class='facsetreado' title='Protected setting'>Protected</span>";
return "<span class='facsetreado' title='Protected setting'>Protected</span>";
} }
var rst = new ResultsetTable({ sql: sqln, var rst = new ResultsetTable({ sql: sqln,
keyColumn: "fac_setting_key", keyColumn: "fac_setting_key",

3
APPL/FAC/fac_show_api.asp
View File

@@ -20,7 +20,8 @@ var api_key = getQParamInt("api_key");
var autfunction = "WEB_PRSSYS"; var autfunction = "WEB_PRSSYS";
var authparams = user.checkAutorisation(autfunction); var authparams = user.checkAutorisation(autfunction);
var canChange = (user.oslogin() == "_FACILITOR"); var canChange = user.checkAutorisation("WEB_FACFAC", true);
canChange = true; canChange = true;
var sql = "SELECT * FROM fac_api a" var sql = "SELECT * FROM fac_api a"

24
APPL/PDA/reservering.asp
View File

@@ -16,8 +16,11 @@
<!-- #include file="./mobile.inc" --> <!-- #include file="./mobile.inc" -->
<!-- #include file="./iface.inc" --> <!-- #include file="./iface.inc" -->
<!-- #include file="../PRS/prs.inc" --> <!-- #include file="../PRS/prs.inc" -->
<!-- #include file="../RES/res.inc" --> <!-- #include file="../RES/res.inc" -->
<!-- #include file="../Shared/discxalg3d.inc" --> <!-- #include file="../Shared/getkenmerksql.inc" -->
<!-- #include file="../Shared/discx3d.inc" -->
<!-- #include file="../Shared/discxalg3d.inc" -->
<!-- #include file="../mld/mld.inc" -->
<!-- #include file="../RES/res_plan_room.inc" --> <!-- #include file="../RES/res_plan_room.inc" -->
<!-- #include file="../RES/res_flexkenmerk.inc" --> <!-- #include file="../RES/res_flexkenmerk.inc" -->
@@ -553,7 +556,22 @@ else
if (this_res.canChange || rsv_ruimte_key == -1) if (this_res.canChange || rsv_ruimte_key == -1)
BUTTON((rsv_ruimte_key > -1 ? L("lcl_submit") : L("lcl_newsubmit")), {click: "res_submit()", dataicon: "refresh"}); BUTTON((rsv_ruimte_key > -1 ? L("lcl_submit") : L("lcl_newsubmit")), {click: "res_submit()", dataicon: "refresh"});
if (this_res.canChange && rsv_ruimte_key > -1) if (this_res.canChange && rsv_ruimte_key > -1)
BUTTON(L("lcl_mobile_bezoek"), {click: "res_vis()", dataicon: "grid"}); BUTTON(L("lcl_mobile_bezoek"), {click: "res_vis()", dataicon: "grid"});
// Toon meldingenknop als er bijbehorende lopende meldingen zijn en ik die mag zien (kan vast nog scherper)
if (user.checkAutorisation( "WEB_MLDBOF", true)) {
// De prijs is wel dat ik mld.inc moet includen..
var perform=false; // ???? JGL: MLD.INC gebruikt deze illegaal globaal
var frontend=false;
var tsql = "SELECT COUNT(m.mld_melding_key), MAX(m.mld_melding_key)"+ mld.getfromwherelist_sql("WEB_MLDBOF", {"rsv_ruimte_key": rsv_ruimte_key})
+ " AND m.mld_melding_status IN (0,2,3,4,7)";
toRs = Oracle.Execute(tsql);
if (toRs(0).value == 1) { // eentje slechts, dan naar de details; max is vanzelfsprekend die ene
BUTTON(L("lcl_mobile_meldingen")+ " (1)", {linkid: "./melding.asp?mld_key="+toRs(1).value , dataicon: "alert", dataajax: 'false'});
} else if (toRs(0).value > 0) { // meerdere, dan naar lijst
BUTTON(L("lcl_mobile_meldingen")+" ("+toRs(0).value+")", {linkid: "./mld_list.asp?res_rsv_ruimte_key="+rsv_ruimte_key , dataicon: "alert", dataajax: 'false'});
}
}
CONTROLGROUP_END() CONTROLGROUP_END()
IFACE.FORM_END(); IFACE.FORM_END();
%> %>

3
APPL/RES/res_show_rsv_ruimte.asp
View File

@@ -333,7 +333,8 @@ FCLTHeader.Requires({plugins: ["jQuery"]})
<% var buttons = []; <% var buttons = [];
if (rrr.rsv_ruimte_verwijder == null) // Anders mag je niets meer if (rrr.rsv_ruimte_verwijder == null) // Anders mag je niets meer
{ {
// Undocumented 'DEMO' feature voor _FACILITOR
// Hier (altijd) testen op user.checkAutorisation("WEB_FACFAC", true) vind ik te veel eer
if ((user.oslogin() == "_FACILITOR") && S("mobile_enabled") && restype == "R") if ((user.oslogin() == "_FACILITOR") && S("mobile_enabled") && restype == "R")
{ {
buttons.push( {title: "Touch", icon: "../Pictures/hand_point.png", action: "res_touch()" }); buttons.push( {title: "Touch", icon: "../Pictures/hand_point.png", action: "res_touch()" });