admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

YKPN#40781: Persoon zonder ALGMAN autorisatie kan toch gebouwen verwijderen.

Browse Source 
svn path=/Website/branches/v2017.1/; revision=34220
This commit is contained in:
Maykel Geerdink
2017-06-12 11:47:40 +00:00
parent cb0d7ad5ed
commit 94379b0378
1 changed files with 81 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
APPL/ALG/alg_delete.asp
View File

@@ -17,6 +17,7 @@ var JSON_Result = true;
%>
<!--#include file="../Shared/common.inc"-->
<!--#include file="../Shared/json2.js" -->
<!--#include file="alg.inc" -->
<%
protectRequest.validateToken();
@@ -34,6 +35,54 @@ var autfunction = {D : "WEB_ALGMAN",
PW: "WEB_PRSBOF"}[level];
var authParams = user.checkAutorisation(autfunction);
var authparamsAlg = alg.checkAutorisation();
var tobedeleted = 0;
var ingesloten = [];
// Bepaal de opdrachten in de selectie die
// ook echt geaccepteerd kunnen of mogen worden.
for (var i = 0; i < dis_key_arr.length; i++)
{
var canDelete = false;
switch (level)
{
case "RE": canDelete = alg.canWriteRegio(dis_key_arr[i], authparamsAlg.mALGwritelevel);
break;
case "D": canDelete = alg.canWriteDistrict(dis_key_arr[i], authparamsAlg.mALGwritelevel);
break;
case "L": canDelete = alg.canWriteLocatie(dis_key_arr[i], authparamsAlg.mALGwritelevel);
break;
case "T": var sql = "SELECT alg_locatie_key"
+ " FROM alg_v_aanwezigterreinsector"
+ " WHERE alg_terreinsector_key = " + dis_key_arr[i];
oRs = Oracle.Execute(sql);
canDelete = alg.canWriteLocatie(oRs("alg_locatie_key").Value, authparamsAlg.mALGwritelevel);
oRs.Close()
break;
case "G": canDelete = alg.canWriteGebouw(dis_key_arr[i], authparamsAlg.mALGwritelevel);
break;
case "V": canDelete = alg.canWriteVerdieping(dis_key_arr[i], authparamsAlg.mALGwritelevel);
break;
case "R": canDelete = alg.canWriteRuimte(dis_key_arr[i], authparamsAlg.mALGwritelevel);
break;
case "W": var sql = "SELECT alg_ruimte_key"
+ " FROM prs_v_werkplek_gegevens"
+ " WHERE prs_werkplek_key = " + dis_key_arr[i];
oRs = Oracle.Execute(sql);
canDelete = alg.canWriteRuimte(oRs("alg_ruimte_key").Value, authparamsAlg.mALGwritelevel);
oRs.Close()
break;
case "PW": canDelete = authparamsAlg.ALGwritelevel < 9;
break;
}
if (canDelete)
{
ingesloten.push(dis_key_arr[i]);
tobedeleted++;
}
}
user.auth_required_or_abort(tobedeleted > 0); // We klagen niet over enkele wel en enkele niet
var table = {D : "ALG_DISTRICT",
RE: "ALG_REGIO",
@@ -46,7 +95,7 @@ var table = {D : "ALG_DISTRICT",
PW: "PRS_PERSLIDWERKPLEK"}[level];
result = { success: true, deleted: true };
for (var i = 0; i < dis_key_arr.length; i++)
for (var i = 0; i < ingesloten.length; i++)
{
// W en WP hebben geen verwijderveld (meer), die gaan echt weg.
if (level == "W" || level == "PW")
@@ -62,7 +111,7 @@ for (var i = 0; i < dis_key_arr.length; i++)
+ " WHERE prs_werkplek_key IN "
+ " (SELECT prs_werkplek_key "
+ " FROM prs_perslidwerkplek"
+ " WHERE prs_perslidwerkplek_key IN (" + dis_key_arr[i] + "))"
+ " WHERE prs_perslidwerkplek_key IN (" + ingesloten[i] + "))"
var err = Oracle.Execute(sql, true);
if (err.friendlyMsg)
abort_with_warning(err.friendlyMsg);
@@ -70,13 +119,13 @@ for (var i = 0; i < dis_key_arr.length; i++)
// En dit moet ongeacht impliciet of expliciet.
// Alleen bij PW&implicit zal dit niets meer verwijderen vanwege de cascade hiervoor
sql = "DELETE FROM " + table
+ " WHERE " + table + "_key IN (" + dis_key_arr[i] + ")";
+ " WHERE " + table + "_key IN (" + ingesloten[i] + ")";
}
else
{
sql = "UPDATE " + table
+ " SET " + table + "_VERWIJDER = " + "SYSDATE"
+ " WHERE " + table + "_key IN (" + dis_key_arr[i] + ")";
+ " WHERE " + table + "_key IN (" + ingesloten[i] + ")";
}
var err = Oracle.Execute(sql, true);
if (err.friendlyMsg)