admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#35850 Api-key toegankelijk voor FACTAB

Browse Source 
Ook: autorisatiecontrole op save-script

svn path=/Website/trunk/; revision=28604
This commit is contained in:
Jos Groot Lipman
2016-03-23 16:04:25 +00:00
parent 35be56ed15
commit d26ff0c98b
3 changed files with 71 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
APPL/PRS/prs_edit_perslid.asp
View File

@@ -60,6 +60,7 @@ if (prs_key > -1)
+ " prs_perslid_lang, "
+ " prs_perslid_oslogin, "
+ " prs_perslid_oslogin2, "
+ " prs_perslid_apikey, "
+ " prs_perslid_ingangsdatum, "
+ " prs_perslid_einddatum, "
+ " d.prs_bedrijf_key, "
@@ -91,6 +92,7 @@ if (prs_key > -1)
var prs_lang = oRsMes("prs_perslid_lang").value;
var prs_oslog = oRsMes("prs_perslid_oslogin").value;
var prs_oslog2 = oRsMes("prs_perslid_oslogin2").value;
var prs_apikey = oRsMes("prs_perslid_apikey").value;
var prs_ingdat = oRsMes("prs_perslid_ingangsdatum").value;
var prs_enddat = oRsMes("prs_perslid_einddatum").value;
var prs_bdrkey = oRsMes("prs_bedrijf_key").value;
@@ -238,9 +240,11 @@ if (prs_key > 0) // Fotoblokje alleen bij bestaande records
useRWFIELD("prs_mobiel", "fld", L("lcl_prs_person_mobile"), prs_mobiel, {maxlength: 15});
manRWFIELD("prs_email", "fld", L("lcl_prs_person_email"), prs_email, {maxlength: 200});
}
if (prsauthparams.writesys || (S("prs_mgt_edit_login")?xfunc.canWrite("WEB_FACMGT"):false)) {
if (prsauthparams.writesys || (S("prs_mgt_edit_login") && xfunc.canWrite("WEB_FACMGT"))) {
RWFIELDTR("prs_oslog", "fld", L("lcl_prs_person_login"), prs_oslog, {maxlength: 30});
RWFIELDTR("prs_oslog2", "fld", L("lcl_prs_person_login2"), prs_oslog2, {maxlength: 30});
if (prsauthparams.writetab)
RWFIELDTR("prs_apikey", "fld", L("lcl_prs_apiuser"), prs_apikey, {maxlength: 64});
}
if (prs_key > 0)

92
APPL/PRS/prs_edit_perslid_save.asp
View File

@@ -13,11 +13,14 @@ var JSON_Result = true;
<!-- #include file="../shared/save2db.inc" -->
<!-- #include file="../Shared/kenmerk_common.inc"-->
<!-- #include file="../Shared/json2.js" -->
<!-- #include file="prs.inc"-->
<%
var prs_key = getQParamInt( "prs_key", -1 );
var isNew = (prs_key<0);
var prsauthparams = prs.checkAutorisation(prs_key);
user.auth_required_or_abort(prsauthparams.writeman || prsauthparams.writeuse || prsauthparams.writeself);
var fields = [ { dbs: "prs_srtperslid_key", typ: "key", frm: "prs_srtkey" },
{ dbs: "prs_afdeling_key", typ: "key", frm: "prs_afdkey" },
@@ -33,15 +36,25 @@ var fields = [ { dbs: "prs_srtperslid_key", typ: "key", frm: "prs_srtkey" },
{ dbs: "mld_adres_key", typ: "key", frm: "mld_adrkey" },
{ dbs: "prs_perslid_uurloon", typ: "float", frm: "prs_uurln" },
{ dbs: "prs_perslid_telefoonnr", typ: "varchar", frm: "prs_telnr" },
{ dbs: "prs_perslid_oslogin", typ: "varchar", frm: "prs_oslog", track: L("lcl_prs_person_login") },
{ dbs: "prs_perslid_oslogin2", typ: "varchar", frm: "prs_oslog2", track: L("lcl_prs_person_login2") },
{ dbs: "prs_perslid_ingangsdatum", typ: "date", frm: "prs_ingdat" },
{ dbs: "prs_perslid_einddatum", typ: "date", frm: "prs_enddat" },
{ dbs: "prs_perslid_tussenvoegsel", typ: "varchar", frm: "prs_tussen" },
{ dbs: "fac_profiel_key", typ: "key", frm: "fac_prkey", track: L("lcl_prs_profile") , foreign: "fac_profiel"},
{ dbs: "prs_perslid_email", typ: "varchar", frm: "prs_email", track: L("lcl_prs_person_email") },
{ dbs: "prs_perslid_mobiel", typ: "varchar", frm: "prs_mobiel", track: L("lcl_prs_person_mobile") },
{ dbs: "prs_perslid_ingids", typ: "check", frm: "ingids"} ];
{ dbs: "prs_perslid_mobiel", typ: "varchar", frm: "prs_mobiel", track: L("lcl_prs_person_mobile") } ];
if (prsauthparams.writesys || (S("prs_mgt_edit_login")?xfunc.canWrite("WEB_FACMGT"):false))
{
fields.push(
{ dbs: "prs_perslid_oslogin", typ: "varchar", frm: "prs_oslog", track: L("lcl_prs_person_login") },
{ dbs: "prs_perslid_oslogin2", typ: "varchar", frm: "prs_oslog2", track: L("lcl_prs_person_login2") },
{ dbs: "prs_perslid_ingids", typ: "check", frm: "ingids"}
)
}
if (prsauthparams.writetab)
{
fields.push({ dbs: "prs_perslid_apikey", typ: "varchar", frm: "prs_apikey", track: true });
}
var prs_lang = getFParam("prs_lang", "");
if (prs_lang == -1) prs_lang = "";
@@ -69,58 +82,63 @@ if (Request.Form("has_" + "noti1").count == 1) // Dan zijn ze er allemaal
fields.push({ dbs: "prs_perslid_srtnoti_mode", typ: "number", val: (srtnoti_mode >= 0? srtnoti_mode : "") });
}
var warning = "";
if (prs_key > 0)
{
{
var prsUpd = buildTrackingUpdate("prs_perslid", " prs_perslid_key = " + prs_key, fields);
sql = buildUpdate("prs_perslid", fields)
+ " prs_perslid_key = " + prs_key;
var err = Oracle.Execute(sql, true);
if (err.friendlyMsg)
warning = err.friendlyMsg;
else
shared.trackaction("PRSUPD", prs_key, (prsUpd.trackarray.length ? prsUpd.trackarray.join("\n") : null) );
}
abort_with_warning(err.friendlyMsg);
var oldapi = prsUpd.oldjsvals["prs_perslid_apikey"];
var newapi = getFParam("prs_apikey", "")
if (prsauthparams.writetab && oldapi != newapi)
{
var txt = L("lcl_prs_api_key_upd");
if (oldapi && !newapi)
txt = L("lcl_tracktoempty")
else if (!oldapi && newapi)
txt = L("lcl_prs_api_key_set");
prsUpd.trackarray.push(L("lcl_prs_apiuser")+ " " + txt);
}
shared.trackaction("PRSUPD", prs_key, (prsUpd.trackarray.length ? prsUpd.trackarray.join("\n") : null) );
}
else
{
{
fields.push({ dbs: "prs_perslid_key", typ: "key", seq: "prs_s_prs_alluitvoerende_keys" });
var regIns = buildInsert("prs_perslid", fields);
var prs_key = regIns.sequences["prs_perslid_key"];
sql = regIns.sql;
var err = Oracle.Execute(sql, true);
if (err.friendlyMsg)
warning = err.friendlyMsg;
else
shared.trackaction("PRSNEW", prs_key);
}
abort_with_warning(err.friendlyMsg);
shared.trackaction("PRSNEW", prs_key);
}
if (!warning)
{
currentKenmerkenSQL = "SELECT kl.prs_kenmerk_key " +
" , kl.prs_kenmerklink_waarde" +
" FROM PRS_KENMERKLINK kl, PRS_KENMERK k " +
" WHERE k.PRS_KENMERK_KEY = kl.PRS_KENMERK_KEY " +
" AND PRS_KENMERKLINK_VERWIJDER IS NULL " +
" AND PRS_LINK_KEY = " + prs_key;
currentKenmerkenSQL = "SELECT kl.prs_kenmerk_key " +
" , kl.prs_kenmerklink_waarde" +
" FROM PRS_KENMERKLINK kl, PRS_KENMERK k " +
" WHERE k.PRS_KENMERK_KEY = kl.PRS_KENMERK_KEY " +
" AND PRS_KENMERKLINK_VERWIJDER IS NULL " +
" AND PRS_LINK_KEY = " + prs_key;
saveFlexKenmerken(prs_key, { kenmerkTable: "PRS_KENMERKLINK",
kenmerkParentKey : "PRS_LINK_KEY",
kenmerkWaarde: "prs_kenmerklink_waarde",
kenmerkKey: "PRS_KENMERK_KEY",
currentKenmerkenSQL: currentKenmerkenSQL,
requestQF: Request.Form,
moduleName: "PRS_KENMERKLINK_NIVEAU",
moduleVal: "P",
isNew: isNew,
flexPath: "PRS/P"
});
}
saveFlexKenmerken(prs_key, { kenmerkTable: "PRS_KENMERKLINK",
kenmerkParentKey : "PRS_LINK_KEY",
kenmerkWaarde: "prs_kenmerklink_waarde",
kenmerkKey: "PRS_KENMERK_KEY",
currentKenmerkenSQL: currentKenmerkenSQL,
requestQF: Request.Form,
moduleName: "PRS_KENMERKLINK_NIVEAU",
moduleVal: "P",
isNew: isNew,
flexPath: "PRS/P"
});
result = { success: true
, prs_key: prs_key
, warning: warning
, keepForm: (warning?true:false)
};
Response.Write(JSON.stringify(result));
%>

30
APPL/PRS/prs_show_perslid.asp
View File

@@ -43,6 +43,7 @@ var sql = "SELECT p.prs_perslid_key, "
+ " prs_perslid_lang, "
+ " prs_perslid_oslogin, "
+ " prs_perslid_oslogin2, "
+ " prs_perslid_apikey, "
+ " prs_perslid_ingangsdatum, "
+ " prs_perslid_einddatum, "
+ " d.prs_bedrijf_key, "
@@ -93,6 +94,7 @@ var prs_telnr = oRs("prs_perslid_telefoonnr").value;
var prs_lang = oRs("prs_perslid_lang").value;
var prs_oslog = oRs("prs_perslid_oslogin").value;
var prs_oslog2 = oRs("prs_perslid_oslogin2").value;
var prs_apikey = oRs("prs_perslid_apikey").value;
var prs_ingdat = new Date(oRs("prs_perslid_ingangsdatum").value);
var prs_enddat = oRs("prs_perslid_einddatum").value!=null?new Date(oRs("prs_perslid_einddatum").value):null;
var prs_bdrkey = oRs("prs_bedrijf_key").value;
@@ -171,7 +173,7 @@ var prs_user = new Perslid(prs_key);
}
function impersCallback(json, textStatus)
{
window.top.location.href = "<%=rooturl%>";
window.top.location.href = "<%=rooturl%>/";
};
function prs_impersonate()
{
@@ -185,20 +187,6 @@ var prs_user = new Perslid(prs_key);
"json");
}
}
<%
if (prs_user.prs_perslid_apikey() && prsauthparams.writesys)
{
%>
function prs_apikey()
{
// Idee om hier de apikey te laten wissen om deze user uit de xd-synchronisatie te halen
// en niet daardoor als key-user te laten tellen.
// Maar de aanduiding dat het een apiuser is, is ook al wat.
alert('<%=safe.jsstring(prs_user.prs_perslid_apikey().substr(0,4) +"..."+ prs_user.prs_perslid_apikey().substr(prs_user.prs_perslid_apikey().length-3))%>');
}
<%
}
%>
</script>
</head>
@@ -230,12 +218,9 @@ var prs_user = new Perslid(prs_key);
if (prsauthparams.writesys || xfunc.canWrite("WEB_PRSMSU")) {
buttons.push( { title: L("lcl_menu_fac_autorisaties"), icon: "autorisatie.png", action: "prs_gotoautgroup()" });
}
if (prs_user.prs_perslid_apikey()&& prsauthparams.writesys) {
buttons.push({ title: L("lcl_prs_apiuser"), icon: "key.png", action: "prs_apikey()", id: "bapikey" });
}
if (S("prs_allow_impersonate") && prsauthparams.writesys && prs_key != user_key && typeof Session("org_user_key") == "undefined") {
buttons.push({ title: L("lcl_prs_impersonate"), icon: "key.png", action: "prs_impersonate()", id: "bimpers" });
buttons.push({ title: L("lcl_prs_impersonate"), icon: "impersonate.png", action: "prs_impersonate()", id: "bimpers" });
}
}
IFRAMER_HEADER(L("lcl_prs_persoon_frame"), buttons);
@@ -265,6 +250,13 @@ var prs_user = new Perslid(prs_key);
ROFIELDTR("fld", "System URL", systeemadres, {suppressEmpty: true});
ROFIELDTR("fld", L("lcl_prs_person_login"), prs_oslog, {suppressEmpty: true});
ROFIELDTR("fld", L("lcl_prs_person_login2"), prs_oslog2, {suppressEmpty: true});
if (prs_apikey)
{
var showkey = prs_apikey;
if (!prsauthparams.writetab)
var showkey = showkey.substr(0,3) + "..." + showkey.substr(showkey.length-3);
ROFIELDTR("fld", L("lcl_prs_apiuser"), showkey, {suppressEmpty: true});
}
}
var wl = thisPrs.werklocatie.alg_locatie_key? thisPrs.werklocatie.aanduiding : "";