Attached Files | restrictrole.diff [^] (24,125 bytes) 2013-01-09 16:14 [Show Content] [Hide Content]diff --git a/modules/org.openbravo.client.application/src-db/database/sourcedata/AD_MESSAGE.xml b/modules/org.openbravo.client.application/src-db/database/sourcedata/AD_MESSAGE.xml
--- a/modules/org.openbravo.client.application/src-db/database/sourcedata/AD_MESSAGE.xml
+++ b/modules/org.openbravo.client.application/src-db/database/sourcedata/AD_MESSAGE.xml
@@ -242,6 +242,17 @@
<!--2052DF26669F4864B295C17502F53E38--> <AD_MODULE_ID><![CDATA[9BA0836A3CD74EE4AB48753A47211BCC]]></AD_MODULE_ID>
<!--2052DF26669F4864B295C17502F53E38--></AD_MESSAGE>
+<!--20EBBDD0DE864992AD7B8090D1126A06--><AD_MESSAGE>
+<!--20EBBDD0DE864992AD7B8090D1126A06--> <AD_MESSAGE_ID><![CDATA[20EBBDD0DE864992AD7B8090D1126A06]]></AD_MESSAGE_ID>
+<!--20EBBDD0DE864992AD7B8090D1126A06--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--20EBBDD0DE864992AD7B8090D1126A06--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--20EBBDD0DE864992AD7B8090D1126A06--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--20EBBDD0DE864992AD7B8090D1126A06--> <VALUE><![CDATA[OBUIAPP_RestrictedUser]]></VALUE>
+<!--20EBBDD0DE864992AD7B8090D1126A06--> <MSGTEXT><![CDATA[This user doesn't have access to the backend. To be able to access Openbravo, a user needs a role with access to the backend.]]></MSGTEXT>
+<!--20EBBDD0DE864992AD7B8090D1126A06--> <MSGTYPE><![CDATA[I]]></MSGTYPE>
+<!--20EBBDD0DE864992AD7B8090D1126A06--> <AD_MODULE_ID><![CDATA[9BA0836A3CD74EE4AB48753A47211BCC]]></AD_MODULE_ID>
+<!--20EBBDD0DE864992AD7B8090D1126A06--></AD_MESSAGE>
+
<!--2C8A8843F1E04317AD38623A3C52F978--><AD_MESSAGE>
<!--2C8A8843F1E04317AD38623A3C52F978--> <AD_MESSAGE_ID><![CDATA[2C8A8843F1E04317AD38623A3C52F978]]></AD_MESSAGE_ID>
<!--2C8A8843F1E04317AD38623A3C52F978--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
@@ -1039,6 +1050,17 @@
<!--D514BC49ED374B7288B215D94DAC3177--> <AD_MODULE_ID><![CDATA[9BA0836A3CD74EE4AB48753A47211BCC]]></AD_MODULE_ID>
<!--D514BC49ED374B7288B215D94DAC3177--></AD_MESSAGE>
+<!--D71BBF4693BD45329F17355A907B9D39--><AD_MESSAGE>
+<!--D71BBF4693BD45329F17355A907B9D39--> <AD_MESSAGE_ID><![CDATA[D71BBF4693BD45329F17355A907B9D39]]></AD_MESSAGE_ID>
+<!--D71BBF4693BD45329F17355A907B9D39--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--D71BBF4693BD45329F17355A907B9D39--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--D71BBF4693BD45329F17355A907B9D39--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--D71BBF4693BD45329F17355A907B9D39--> <VALUE><![CDATA[OBUIAPP_RestrictedUserTitle]]></VALUE>
+<!--D71BBF4693BD45329F17355A907B9D39--> <MSGTEXT><![CDATA[Access Restricted]]></MSGTEXT>
+<!--D71BBF4693BD45329F17355A907B9D39--> <MSGTYPE><![CDATA[I]]></MSGTYPE>
+<!--D71BBF4693BD45329F17355A907B9D39--> <AD_MODULE_ID><![CDATA[9BA0836A3CD74EE4AB48753A47211BCC]]></AD_MODULE_ID>
+<!--D71BBF4693BD45329F17355A907B9D39--></AD_MESSAGE>
+
<!--DAC8C406FB1D497CAF91619E6B8A5458--><AD_MESSAGE>
<!--DAC8C406FB1D497CAF91619E6B8A5458--> <AD_MESSAGE_ID><![CDATA[DAC8C406FB1D497CAF91619E6B8A5458]]></AD_MESSAGE_ID>
<!--DAC8C406FB1D497CAF91619E6B8A5458--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
diff --git a/modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoWidgetActionHandler.java b/modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoWidgetActionHandler.java
--- a/modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoWidgetActionHandler.java
+++ b/modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoWidgetActionHandler.java
@@ -308,7 +308,7 @@
// " AND A_U_R.AD_USER_ID = ?" +
// " ORDER BY A_R.NAME";
final OBQuery<UserRoles> rolesQuery = OBDal.getInstance().createQuery(UserRoles.class,
- " userContact.id=? and role.active=true");
+ " userContact.id=? and role.active=true and role.isrestrictbackend=false");
rolesQuery.setFilterOnReadableClients(false);
rolesQuery.setFilterOnReadableOrganization(false);
rolesQuery.setParameters(Collections.singletonList((Object) OBContext.getOBContext().getUser()
diff --git a/src-db/database/model/tables/AD_ROLE.xml b/src-db/database/model/tables/AD_ROLE.xml
--- a/src-db/database/model/tables/AD_ROLE.xml
+++ b/src-db/database/model/tables/AD_ROLE.xml
@@ -81,6 +81,10 @@
<default><![CDATA[Y]]></default>
<onCreateDefault><![CDATA['Y']]></onCreateDefault>
</column>
+ <column name="ISRESTRICTBACKEND" primaryKey="false" required="true" type="CHAR" size="1" autoIncrement="false">
+ <default><![CDATA[N]]></default>
+ <onCreateDefault><![CDATA['N']]></onCreateDefault>
+ </column>
<foreign-key foreignTable="AD_TREE" name="AD_ROLE_AD_TREE_MENU">
<reference local="AD_TREE_MENU_ID" foreign="AD_TREE_ID"/>
</foreign-key>
@@ -100,5 +104,6 @@
<check name="AD_ROLE_ADV_CHECK"><![CDATA[ISADVANCED IN ('Y', 'N')]]></check>
<check name="AD_ROLE_ISACTIVE_CHECK"><![CDATA[ISACTIVE IN ('Y', 'N')]]></check>
<check name="AD_ROLE_ISCLIENTADMIN_CHECK"><![CDATA[IS_CLIENT_ADMIN IN ('Y', 'N')]]></check>
+ <check name="AD_ROLE_RESTRICTBACKEND"><![CDATA[ISRESTRICTBACKEND IN ('Y', 'N')]]></check>
</table>
</database>
diff --git a/src-db/database/sourcedata/AD_COLUMN.xml b/src-db/database/sourcedata/AD_COLUMN.xml
--- a/src-db/database/sourcedata/AD_COLUMN.xml
+++ b/src-db/database/sourcedata/AD_COLUMN.xml
@@ -305056,6 +305056,41 @@
<!--D44EC8E368A74AEA8AD7EFF13B1FBA6A--> <ISUSEDSEQUENCE><![CDATA[N]]></ISUSEDSEQUENCE>
<!--D44EC8E368A74AEA8AD7EFF13B1FBA6A--></AD_COLUMN>
+<!--D45692C2890144AFBB6F139CDC38457A--><AD_COLUMN>
+<!--D45692C2890144AFBB6F139CDC38457A--> <AD_COLUMN_ID><![CDATA[D45692C2890144AFBB6F139CDC38457A]]></AD_COLUMN_ID>
+<!--D45692C2890144AFBB6F139CDC38457A--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--D45692C2890144AFBB6F139CDC38457A--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--D45692C2890144AFBB6F139CDC38457A--> <NAME><![CDATA[Isrestrictbackend]]></NAME>
+<!--D45692C2890144AFBB6F139CDC38457A--> <DESCRIPTION><![CDATA[If checked, this role will not have access to the backend (ERP). It will however have access to other applications (such as the WebPOS)]]></DESCRIPTION>
+<!--D45692C2890144AFBB6F139CDC38457A--> <HELP><![CDATA[If checked, this role will not have access to the backend (ERP). It will however have access to other applications (such as the WebPOS)]]></HELP>
+<!--D45692C2890144AFBB6F139CDC38457A--> <COLUMNNAME><![CDATA[Isrestrictbackend]]></COLUMNNAME>
+<!--D45692C2890144AFBB6F139CDC38457A--> <AD_TABLE_ID><![CDATA[156]]></AD_TABLE_ID>
+<!--D45692C2890144AFBB6F139CDC38457A--> <AD_REFERENCE_ID><![CDATA[20]]></AD_REFERENCE_ID>
+<!--D45692C2890144AFBB6F139CDC38457A--> <FIELDLENGTH><![CDATA[1]]></FIELDLENGTH>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISKEY><![CDATA[N]]></ISKEY>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISPARENT><![CDATA[N]]></ISPARENT>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISMANDATORY><![CDATA[N]]></ISMANDATORY>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISUPDATEABLE><![CDATA[Y]]></ISUPDATEABLE>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISIDENTIFIER><![CDATA[N]]></ISIDENTIFIER>
+<!--D45692C2890144AFBB6F139CDC38457A--> <SEQNO><![CDATA[51]]></SEQNO>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISTRANSLATED><![CDATA[N]]></ISTRANSLATED>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISENCRYPTED><![CDATA[N]]></ISENCRYPTED>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISSELECTIONCOLUMN><![CDATA[N]]></ISSELECTIONCOLUMN>
+<!--D45692C2890144AFBB6F139CDC38457A--> <AD_ELEMENT_ID><![CDATA[9C8C7BB9DEB84E3A9B8E4A1C3F200F99]]></AD_ELEMENT_ID>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISSESSIONATTR><![CDATA[N]]></ISSESSIONATTR>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISSECONDARYKEY><![CDATA[N]]></ISSECONDARYKEY>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISDESENCRYPTABLE><![CDATA[N]]></ISDESENCRYPTABLE>
+<!--D45692C2890144AFBB6F139CDC38457A--> <DEVELOPMENTSTATUS><![CDATA[RE]]></DEVELOPMENTSTATUS>
+<!--D45692C2890144AFBB6F139CDC38457A--> <AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
+<!--D45692C2890144AFBB6F139CDC38457A--> <POSITION><![CDATA[21]]></POSITION>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISTRANSIENT><![CDATA[N]]></ISTRANSIENT>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISAUTOSAVE><![CDATA[Y]]></ISAUTOSAVE>
+<!--D45692C2890144AFBB6F139CDC38457A--> <VALIDATEONNEW><![CDATA[Y]]></VALIDATEONNEW>
+<!--D45692C2890144AFBB6F139CDC38457A--> <IMAGESIZEVALUESACTION><![CDATA[N]]></IMAGESIZEVALUESACTION>
+<!--D45692C2890144AFBB6F139CDC38457A--> <ISUSEDSEQUENCE><![CDATA[N]]></ISUSEDSEQUENCE>
+<!--D45692C2890144AFBB6F139CDC38457A--></AD_COLUMN>
+
<!--D463F52ACB6611DD87FACF0742499ECD--><AD_COLUMN>
<!--D463F52ACB6611DD87FACF0742499ECD--> <AD_COLUMN_ID><![CDATA[D463F52ACB6611DD87FACF0742499ECD]]></AD_COLUMN_ID>
<!--D463F52ACB6611DD87FACF0742499ECD--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
diff --git a/src-db/database/sourcedata/AD_ELEMENT.xml b/src-db/database/sourcedata/AD_ELEMENT.xml
--- a/src-db/database/sourcedata/AD_ELEMENT.xml
+++ b/src-db/database/sourcedata/AD_ELEMENT.xml
@@ -28173,6 +28173,20 @@
<!--9C8C523F49F4BD9DE040007F0100646F--> <ISGLOSSARY><![CDATA[N]]></ISGLOSSARY>
<!--9C8C523F49F4BD9DE040007F0100646F--></AD_ELEMENT>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--><AD_ELEMENT>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <AD_ELEMENT_ID><![CDATA[9C8C7BB9DEB84E3A9B8E4A1C3F200F99]]></AD_ELEMENT_ID>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <COLUMNNAME><![CDATA[Isrestrictbackend]]></COLUMNNAME>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <NAME><![CDATA[Restrict backend access]]></NAME>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <PRINTNAME><![CDATA[Restrict backend access]]></PRINTNAME>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <DESCRIPTION><![CDATA[If checked, this role will not have access to the backend (ERP). It will however have access to other applications (such as the WebPOS)]]></DESCRIPTION>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <HELP><![CDATA[If checked, this role will not have access to the backend (ERP). It will however have access to other applications (such as the WebPOS)]]></HELP>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--> <ISGLOSSARY><![CDATA[N]]></ISGLOSSARY>
+<!--9C8C7BB9DEB84E3A9B8E4A1C3F200F99--></AD_ELEMENT>
+
<!--9D15D8B5B341423585BC661594C01822--><AD_ELEMENT>
<!--9D15D8B5B341423585BC661594C01822--> <AD_ELEMENT_ID><![CDATA[9D15D8B5B341423585BC661594C01822]]></AD_ELEMENT_ID>
<!--9D15D8B5B341423585BC661594C01822--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
diff --git a/src-db/database/sourcedata/AD_FIELD.xml b/src-db/database/sourcedata/AD_FIELD.xml
--- a/src-db/database/sourcedata/AD_FIELD.xml
+++ b/src-db/database/sourcedata/AD_FIELD.xml
@@ -189725,6 +189725,35 @@
<!--4B09CBC5D0D54D36A585EA8F863D9CF1--> <EM_OBUIAPP_SHOWSUMMARY><![CDATA[N]]></EM_OBUIAPP_SHOWSUMMARY>
<!--4B09CBC5D0D54D36A585EA8F863D9CF1--></AD_FIELD>
+<!--4B110273A12A48FD8E4952044C628050--><AD_FIELD>
+<!--4B110273A12A48FD8E4952044C628050--> <AD_FIELD_ID><![CDATA[4B110273A12A48FD8E4952044C628050]]></AD_FIELD_ID>
+<!--4B110273A12A48FD8E4952044C628050--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--4B110273A12A48FD8E4952044C628050--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--4B110273A12A48FD8E4952044C628050--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--4B110273A12A48FD8E4952044C628050--> <NAME><![CDATA[Restrict backend access]]></NAME>
+<!--4B110273A12A48FD8E4952044C628050--> <DESCRIPTION><![CDATA[If checked, this role will not have access to the backend (ERP). It will however have access to other applications (such as the WebPOS)]]></DESCRIPTION>
+<!--4B110273A12A48FD8E4952044C628050--> <HELP><![CDATA[If checked, this role will not have access to the backend (ERP). It will however have access to other applications (such as the WebPOS)]]></HELP>
+<!--4B110273A12A48FD8E4952044C628050--> <ISCENTRALLYMAINTAINED><![CDATA[Y]]></ISCENTRALLYMAINTAINED>
+<!--4B110273A12A48FD8E4952044C628050--> <AD_TAB_ID><![CDATA[119]]></AD_TAB_ID>
+<!--4B110273A12A48FD8E4952044C628050--> <AD_COLUMN_ID><![CDATA[D45692C2890144AFBB6F139CDC38457A]]></AD_COLUMN_ID>
+<!--4B110273A12A48FD8E4952044C628050--> <IGNOREINWAD><![CDATA[N]]></IGNOREINWAD>
+<!--4B110273A12A48FD8E4952044C628050--> <ISDISPLAYED><![CDATA[Y]]></ISDISPLAYED>
+<!--4B110273A12A48FD8E4952044C628050--> <DISPLAYLENGTH><![CDATA[1]]></DISPLAYLENGTH>
+<!--4B110273A12A48FD8E4952044C628050--> <ISREADONLY><![CDATA[N]]></ISREADONLY>
+<!--4B110273A12A48FD8E4952044C628050--> <SEQNO><![CDATA[110]]></SEQNO>
+<!--4B110273A12A48FD8E4952044C628050--> <ISSAMELINE><![CDATA[N]]></ISSAMELINE>
+<!--4B110273A12A48FD8E4952044C628050--> <ISFIELDONLY><![CDATA[N]]></ISFIELDONLY>
+<!--4B110273A12A48FD8E4952044C628050--> <ISENCRYPTED><![CDATA[N]]></ISENCRYPTED>
+<!--4B110273A12A48FD8E4952044C628050--> <SHOWINRELATION><![CDATA[Y]]></SHOWINRELATION>
+<!--4B110273A12A48FD8E4952044C628050--> <ISFIRSTFOCUSEDFIELD><![CDATA[N]]></ISFIRSTFOCUSEDFIELD>
+<!--4B110273A12A48FD8E4952044C628050--> <AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
+<!--4B110273A12A48FD8E4952044C628050--> <GRID_SEQNO><![CDATA[110]]></GRID_SEQNO>
+<!--4B110273A12A48FD8E4952044C628050--> <STARTINODDCOLUMN><![CDATA[N]]></STARTINODDCOLUMN>
+<!--4B110273A12A48FD8E4952044C628050--> <STARTNEWLINE><![CDATA[N]]></STARTNEWLINE>
+<!--4B110273A12A48FD8E4952044C628050--> <ISSHOWNINSTATUSBAR><![CDATA[N]]></ISSHOWNINSTATUSBAR>
+<!--4B110273A12A48FD8E4952044C628050--> <EM_OBUIAPP_SHOWSUMMARY><![CDATA[N]]></EM_OBUIAPP_SHOWSUMMARY>
+<!--4B110273A12A48FD8E4952044C628050--></AD_FIELD>
+
<!--4B536D8ED0CB480BA1A0D5526FCE202F--><AD_FIELD>
<!--4B536D8ED0CB480BA1A0D5526FCE202F--> <AD_FIELD_ID><![CDATA[4B536D8ED0CB480BA1A0D5526FCE202F]]></AD_FIELD_ID>
<!--4B536D8ED0CB480BA1A0D5526FCE202F--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
diff --git a/src-db/database/sourcedata/AD_MESSAGE.xml b/src-db/database/sourcedata/AD_MESSAGE.xml
--- a/src-db/database/sourcedata/AD_MESSAGE.xml
+++ b/src-db/database/sourcedata/AD_MESSAGE.xml
@@ -16742,6 +16742,17 @@
<!--4B01F0CD52ED45D78AD503199D5AB1C6--> <AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
<!--4B01F0CD52ED45D78AD503199D5AB1C6--></AD_MESSAGE>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--><AD_MESSAGE>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--> <AD_MESSAGE_ID><![CDATA[4C2EF2784FD449D3A09E71D41F7AD8E6]]></AD_MESSAGE_ID>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--> <VALUE><![CDATA[NON_RESTRICTED_ROLE_TITLE]]></VALUE>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--> <MSGTEXT><![CDATA[Access Restricted]]></MSGTEXT>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--> <MSGTYPE><![CDATA[I]]></MSGTYPE>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--> <AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
+<!--4C2EF2784FD449D3A09E71D41F7AD8E6--></AD_MESSAGE>
+
<!--4C38766399D14E4C96A65E71A5D85F06--><AD_MESSAGE>
<!--4C38766399D14E4C96A65E71A5D85F06--> <AD_MESSAGE_ID><![CDATA[4C38766399D14E4C96A65E71A5D85F06]]></AD_MESSAGE_ID>
<!--4C38766399D14E4C96A65E71A5D85F06--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
@@ -22038,6 +22049,17 @@
<!--FE88E1D0FB204477983A77FE42C1297A--> <AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
<!--FE88E1D0FB204477983A77FE42C1297A--></AD_MESSAGE>
+<!--FE92320A1F4D4569A3AF41C6F263E786--><AD_MESSAGE>
+<!--FE92320A1F4D4569A3AF41C6F263E786--> <AD_MESSAGE_ID><![CDATA[FE92320A1F4D4569A3AF41C6F263E786]]></AD_MESSAGE_ID>
+<!--FE92320A1F4D4569A3AF41C6F263E786--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--FE92320A1F4D4569A3AF41C6F263E786--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--FE92320A1F4D4569A3AF41C6F263E786--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--FE92320A1F4D4569A3AF41C6F263E786--> <VALUE><![CDATA[NON_RESTRICTED_ROLE]]></VALUE>
+<!--FE92320A1F4D4569A3AF41C6F263E786--> <MSGTEXT><![CDATA[This user doesn't have access to the backend. To be able to access Openbravo, a user needs a role with access to the backend.]]></MSGTEXT>
+<!--FE92320A1F4D4569A3AF41C6F263E786--> <MSGTYPE><![CDATA[I]]></MSGTYPE>
+<!--FE92320A1F4D4569A3AF41C6F263E786--> <AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
+<!--FE92320A1F4D4569A3AF41C6F263E786--></AD_MESSAGE>
+
<!--FEC463B86D204D7982180B6C134F1E8A--><AD_MESSAGE>
<!--FEC463B86D204D7982180B6C134F1E8A--> <AD_MESSAGE_ID><![CDATA[FEC463B86D204D7982180B6C134F1E8A]]></AD_MESSAGE_ID>
<!--FEC463B86D204D7982180B6C134F1E8A--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
diff --git a/src-db/database/sourcedata/AD_REF_LIST.xml b/src-db/database/sourcedata/AD_REF_LIST.xml
--- a/src-db/database/sourcedata/AD_REF_LIST.xml
+++ b/src-db/database/sourcedata/AD_REF_LIST.xml
@@ -8496,6 +8496,18 @@
<!--26BD84560ADA416E8D00B7A07BAB2B23--> <AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
<!--26BD84560ADA416E8D00B7A07BAB2B23--></AD_REF_LIST>
+<!--2726618D177C401C8D764380FD6DA765--><AD_REF_LIST>
+<!--2726618D177C401C8D764380FD6DA765--> <AD_REF_LIST_ID><![CDATA[2726618D177C401C8D764380FD6DA765]]></AD_REF_LIST_ID>
+<!--2726618D177C401C8D764380FD6DA765--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--2726618D177C401C8D764380FD6DA765--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--2726618D177C401C8D764380FD6DA765--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--2726618D177C401C8D764380FD6DA765--> <VALUE><![CDATA[RESTR]]></VALUE>
+<!--2726618D177C401C8D764380FD6DA765--> <NAME><![CDATA[All available roles restricted]]></NAME>
+<!--2726618D177C401C8D764380FD6DA765--> <DESCRIPTION><![CDATA[User doesn't have non-restricted roles]]></DESCRIPTION>
+<!--2726618D177C401C8D764380FD6DA765--> <AD_REFERENCE_ID><![CDATA[86086D70DDBC42B09E2BEB51D25C159F]]></AD_REFERENCE_ID>
+<!--2726618D177C401C8D764380FD6DA765--> <AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
+<!--2726618D177C401C8D764380FD6DA765--></AD_REF_LIST>
+
<!--28F1C8DD5F5746C5928626525EC81BB2--><AD_REF_LIST>
<!--28F1C8DD5F5746C5928626525EC81BB2--> <AD_REF_LIST_ID><![CDATA[28F1C8DD5F5746C5928626525EC81BB2]]></AD_REF_LIST_ID>
<!--28F1C8DD5F5746C5928626525EC81BB2--> <AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
diff --git a/src-db/database/sourcedata/M_OFFER_TYPE.xml b/src-db/database/sourcedata/M_OFFER_TYPE.xml
--- a/src-db/database/sourcedata/M_OFFER_TYPE.xml
+++ b/src-db/database/sourcedata/M_OFFER_TYPE.xml
@@ -8,6 +8,7 @@
<!--5D4BAF6BB86D4D2C9ED3D5A6FC051579--> <AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
<!--5D4BAF6BB86D4D2C9ED3D5A6FC051579--> <NAME><![CDATA[Price Adjustment]]></NAME>
<!--5D4BAF6BB86D4D2C9ED3D5A6FC051579--> <PL_ORDER_IMPLEMENTOR><![CDATA[M_Promotion_Adjustment]]></PL_ORDER_IMPLEMENTOR>
+<!--5D4BAF6BB86D4D2C9ED3D5A6FC051579--> <EM_OBPOS_ISCATEGORY><![CDATA[N]]></EM_OBPOS_ISCATEGORY>
<!--5D4BAF6BB86D4D2C9ED3D5A6FC051579--></M_OFFER_TYPE>
</data>
diff --git a/src-db/database/sourcedata/OBCQL_WIDGET_QUERY.xml b/src-db/database/sourcedata/OBCQL_WIDGET_QUERY.xml
--- a/src-db/database/sourcedata/OBCQL_WIDGET_QUERY.xml
+++ b/src-db/database/sourcedata/OBCQL_WIDGET_QUERY.xml
@@ -18,6 +18,7 @@
and q.organization.id IN (:organizationList)
and @optional_filters@
group by q.documentStatus]]></HQL>
+<!--11D052605994493E905FF9A45591D84D--> <TYPE><![CDATA[HQL]]></TYPE>
<!--11D052605994493E905FF9A45591D84D--></OBCQL_WIDGET_QUERY>
</data>
diff --git a/src/index.jsp b/src/index.jsp
--- a/src/index.jsp
+++ b/src/index.jsp
@@ -1,3 +1,4 @@
+
<%@ page import="java.util.Properties" %>
<%@ page import="org.openbravo.base.HttpBaseServlet" %>
<%@ page import="org.openbravo.dal.core.OBContext"%>
@@ -8,6 +9,9 @@
<%@ page import="org.openbravo.dal.core.OBContext" %>
<%@ page import="org.openbravo.model.ad.module.Module" %>
<%@ page import="org.apache.log4j.Logger" %>
+<%@ page import="org.openbravo.model.ad.access.Role" %>
+<%@ page import="org.openbravo.dal.service.OBDal" %>
+<%@ page import="org.openbravo.base.secureApp.VariablesSecureApp" %>
<%@ page contentType="text/html; charset=UTF-8" %>
<%
/*
@@ -160,6 +164,18 @@
// starts the application is called as the last statement in the StaticResources part
function OBStartApplication() {
+<%
+//If the role has its access to the backend restricted, an error message will be shown
+final VariablesSecureApp vars1 = new VariablesSecureApp(request, false);
+Role role = OBDal.getInstance().get(Role.class, vars1.getRole());
+if(role.isRestrictbackend()){
+%>
+ document.body.removeChild(document.getElementById('OBLoadingDiv'));
+ isc.Dialog.create({message: OB.I18N.getLabel('OBUIAPP_RestrictedUser'), title: OB.I18N.getLabel('OBUIAPP_RestrictedUserTitle'), showCloseButton: false}).show();
+ return;
+<%
+}
+%>
OB.Layout.initialize();
OB.Layout.draw();
OB.Layout.ViewManager.createAddStartTab();
diff --git a/src/org/openbravo/base/secureApp/DefaultOptions_data.xsql b/src/org/openbravo/base/secureApp/DefaultOptions_data.xsql
--- a/src/org/openbravo/base/secureApp/DefaultOptions_data.xsql
+++ b/src/org/openbravo/base/secureApp/DefaultOptions_data.xsql
@@ -37,7 +37,7 @@
INNER JOIN AD_ROLE role ON users.DEFAULT_AD_ROLE_ID = role.AD_ROLE_ID
WHERE users.AD_USER_ID = ?
AND NOT users.DEFAULT_AD_ROLE_ID IS NULL
- AND role.ISACTIVE = 'Y'
+ AND role.ISACTIVE = 'Y' and role.isrestrictbackend='N'
]]></Sql>
<Parameter name="aduserid"/>
</SqlMethod>
@@ -127,7 +127,7 @@
INNER JOIN AD_ROLE role
ON userRoles.AD_ROLE_ID = role.AD_ROLE_ID
WHERE userRoles.AD_USER_ID = ?
- AND role.ISACTIVE = 'Y'
+ AND role.ISACTIVE = 'Y' and role.isrestrictbackend='N'
]]></Sql>
<Parameter name="aduserid"/>
</SqlMethod>
diff --git a/src/org/openbravo/base/secureApp/LoginHandler.java b/src/org/openbravo/base/secureApp/LoginHandler.java
--- a/src/org/openbravo/base/secureApp/LoginHandler.java
+++ b/src/org/openbravo/base/secureApp/LoginHandler.java
@@ -33,6 +33,8 @@
import org.openbravo.erpCommon.utility.OBVersion;
import org.openbravo.erpCommon.utility.Utility;
import org.openbravo.model.ad.access.Session;
+import org.openbravo.model.ad.access.User;
+import org.openbravo.model.ad.access.UserRoles;
import org.openbravo.model.ad.module.Module;
import org.openbravo.model.ad.system.Client;
import org.openbravo.model.ad.system.SystemInformation;
@@ -63,7 +65,7 @@
final VariablesSecureApp vars = new VariablesSecureApp(req);
// Empty session
- vars.removeSessionValue("#Authenticated_user");
+ req.getSession().removeAttribute("#Authenticated_user");
vars.removeSessionValue("#AD_Role_ID");
vars.setSessionObject("#loggingIn", "Y");
@@ -228,6 +230,21 @@
break;
}
+ boolean hasNonRestrictedRole = false;
+ User user = OBDal.getInstance().get(User.class, strUserAuth);
+ for (UserRoles userrole : user.getADUserRolesList()) {
+ if (!userrole.getRole().isRestrictbackend()) {
+ hasNonRestrictedRole = true;
+ }
+ }
+ if (!hasNonRestrictedRole) {
+ String msg = Utility.messageBD(myPool, "NON_RESTRICTED_ROLE", vars.getLanguage());
+ String title = Utility.messageBD(myPool, "NON_RESTRICTED_ROLE_TITLE", vars.getLanguage());
+ updateDBSession(sessionId, false, "RESTR");
+ goToRetry(res, vars, msg, title, "Error", action, doRedirect);
+ return;
+ }
+
// Build checks
SystemInformation sysInfo = OBDal.getInstance().get(SystemInformation.class, "0");
if (sysInfo.getSystemStatus() == null || sysInfo.getSystemStatus().equals("RB70")
|