Hi,
i found a somewhat strange situation that deals with the feaeture of using the attributes “constraintOperationType” and “constraintCode” via XML.
I created an example that has four buttons on a table:
The xml looks like this:
<!-- why is this action active for user: mario, since he is a user, which is not allowed to greet or print? -->
<action
id="greet"
constraintOperationType="custom"
constraintCode="greet"
invoke="greetCustomer"
caption="msg://greetCustomer"
trackSelection="true"
/>
<!-- why is this action active for user: mario, since he is a user, which is not allowed to greet or print? -->
<action
id="greetViaActionClass"
constraintOperationType="custom"
constraintCode="greet"
caption="msg://greetViaActionClass"
/>
<!-- why is this action active for user: mario, since he is a user, which is not allowed to greet or print? -->
<action
id="print"
constraintOperationType="custom"
constraintCode="print"
invoke="printCustomer"
caption="msg://printCustomer"
trackSelection="true"
/>
<!--
this works although it does not use the xml attributes constraintOperationType and constraintCode but the ActionClass
definitions
-->
<action
id="printViaActionClass"
constraintOperationType="custom"
constraintCode="print"
caption="msg://printViaActionClass"
/>
The controller looks like this:
public class CustomerBrowse extends AbstractLookup {
@Inject
private GroupTable<Customer> customersTable;
@Inject
private Security security;
@Override
public void init(Map<String, Object> params) {
super.init(params);
customersTable.addAction(new GreetAction());
customersTable.addAction(new PrintAction());
}
public void greetCustomer() {
/*
it works correct for user mario (security.isPermitted(customersTable.getSingleSelected(), "greet")),
since he has not the right to greet, but why is the action enabled at all,
I assumed that the XML attribute customCode="greet" would have checked if this option is
*/
if (security.isPermitted(customersTable.getSingleSelected(), "greet")) {
showNotification("Hi, " + customersTable.getSingleSelected().getName(), NotificationType.TRAY);
}
else {
showNotification("You are a non-greeter...", NotificationType.ERROR);
}
}
public void printCustomer() {
doPrint();
}
private void doPrint() {
showNotification("<img src='https://media.giphy.com/media/l2SqeXtTjrMyDbolO/giphy.gif' />", NotificationType.TRAY_HTML);
}
protected class GreetAction extends ItemTrackingAction {
public GreetAction() {
super("greetViaActionClass");
/*
removing this lines will result in the situation that the action does not care about the constraint code in
the XML. It seems it is not possible to do it only through XML.
@see PrintAction for another example
*/
/*
setConstraintOperationType(ConstraintOperationType.CUSTOM);
setConstraintCode("greet");
*/
}
@Override
public void actionPerform(Component component) {
showNotification("Hi, " + customersTable.getSingleSelected().getName(), NotificationType.TRAY);
}
}
protected class PrintAction extends ItemTrackingAction {
public PrintAction() {
super("printViaActionClass");
/*
In the PrintAction class i enabled these lines and it worked, but the XML attributes are not used as well. Only
since i added both attributes programatically it worked.
*/
setConstraintOperationType(ConstraintOperationType.CUSTOM);
setConstraintCode("print");
}
@Override
public void actionPerform(Component component) {
doPrint();
}
}
}
I commented the xml and the controller for more information. Basically i would expect that all of the examples will be disabled when i click on a customer while beeing logged in as “mario:mario”, because “mario” has the following constraints applied (you can find them in the example project as well:
[
{
"id": "sec$Constraint-e7f277cc-2469-f21f-4a01-48d76d0328f7",
"checkType": "MEMORY",
"code": "print",
"groovyScript": "return false",
"isActive": true,
"version": 1,
"createdBy": "mario",
"entityName": "cpccis$Customer",
"createTs": "2017-04-07 13:16:51.000",
"operationType": "CUSTOM",
"updateTs": "2017-04-07 13:16:51.000",
"group": {
"id": "sec$Group-d87375f8-dfc5-7c2d-4bf9-a1a8ea3f0da1",
"version": 3,
"name": "users"
}
},
{
"id": "sec$Constraint-f63c749e-3132-c80e-9a74-629b44a15a8d",
"checkType": "MEMORY",
"updatedBy": "admin",
"code": "greet",
"groovyScript": "return false",
"isActive": true,
"version": 2,
"createdBy": "admin",
"entityName": "cpccis$Customer",
"createTs": "2017-04-07 13:08:20.000",
"operationType": "CUSTOM",
"updateTs": "2017-04-07 13:08:32.000",
"group": {
"id": "sec$Group-d87375f8-dfc5-7c2d-4bf9-a1a8ea3f0da1",
"version": 3,
"name": "users"
}
}
]
It seems that the DeclarativeAction is not overriding `isPermitted` with looking at the corresponding xml attributes. If i use the same attributes on a standard action like EditAction it works.
You might have a look at that.
Bye
Mario
See the following issue in our bug tracker: