Versions Compared

Old Version 5

changes.mady.by.user Olivier Grenet

Saved on

compared with

New Version 6

changes.mady.by.user Guillaume LEPICARD

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
@pkgV1Objectdata('view') AND @pkgV1Objectdata('update')

Adapting PreparedWhere

As of

Status
title2021.3.0
, the engine is not able to parse the security rules to augment SQL where clauses. While such improvement could be introduced in a future version of the engine, the PACKAGED_Security plugin leverages on AbstractPreparedWhereBusinessService to resolve bases according to users’ given permissions:

2 contexts are available:

  • base_pkgsecurity_view will return a PreparedWhere following user’s given VIEW permissions

  • base_pkgsecurity_update will return a PreparedWhere following user’s given UPDATE permissions

You can easily make use of those context to augment base_list, base_edit_list, base_search… in your project accordingly:

Code Block
languagejava
import com.noheto.extensions.interfaces.services.AbstractPreparedWhereBusinessService;
import com.noheto.preparedwhere.PreparedWhereService;
import wsnoheto.engine.*;

public class ProjectExtendedBaseList extends AbstractPreparedWhereBusinessService {
  @Override
  public PreparedWhere getPreparedWhere(String contextName, CTSurfer surfer, String objectName, IObjectStructureReadOnly struct, IObjectTableReadOnly table) throws PreparedWhereException {
    PreparedWhere pwProjectConstraints = PreparedWhere.load("");
    // ... your project specific constraint
  
    // retrieve a PreparedWhere compliant with surfer's permission
    // note that if user has no permission, you will get 0=1 constraint
    PreparedWhere pwPackagedSecurity = PreparedWhereService.getInstance()
      .getPreparedWhere("base_pkgsecurity_view", surfer, objectName);
      
    return pwProjectConstraints.and(pwPackagedSecurity);
  }
}

Extending capabilities

Meta statuses definitions

...