public List getModifiableMonitors(Table paramTable, UserWebImpl usr) throws Exception { // this = (this = TableManager.getInstance()).getTable("ad_monitor"); Table mo_table = TableManager.getInstance().getTable("ad_monitor"); QueryRequestImpl query; query = QueryEngine.getInstance().createRequest(usr.getSession()); query.setMainTable(mo_table.getId()); query.addSelection(mo_table.getColumn("id").getId()); query.addSelection(mo_table.getColumn("name").getId()); query.addSelection(mo_table.getColumn("monitor_type").getId()); query.addSelection(mo_table.getColumn("check_type").getId()); query.addSelection(mo_table.getColumn("isactive").getId()); query.addOrderBy(new int[] {mo_table.getColumn("name").getId()}, true); Expression localExpression = (localExpression = (localExpression = (localExpression = new Expression( new ColumnLink("ad_monitor.monitor_type"), "=obj", null)) .combine( new Expression( new ColumnLink("ad_monitor.monitor_type"), "=list", null), 2, null)) .combine(usr.getSecurityFilter(mo_table.getName(), 3), 1, null)) .combine( new Expression( new ColumnLink("ad_monitor.ad_table_id"), "=" + paramTable.getId(), null), 1, null); query.addParam(localExpression); logger.debug("getModifiableMonitors sql is:" + query.toSQL()); return QueryEngine.getInstance().doQueryList(query.toSQL()); }
/** * MU_FAVORITE * * @throws Exception cyl * @param request * @return elements are Table or WebAction and menu list * @paqram includeAction if true?not now */ public List getSubSystemsOfmufavorite(HttpServletRequest request) throws Exception { ArrayList mufavorite = new ArrayList(); TableManager manager = TableManager.getInstance(); // Table table; try { UserWebImpl userWeb = ((UserWebImpl) WebUtils.getSessionContextManager(request.getSession()) .getActor(nds.util.WebKeys.USER)); int userid = userWeb.getUserId(); List al = QueryEngine.getInstance() .doQueryList( "select t.ad_table_id,t.fa_menu,t.menu_re,t.IS_REPORT from MU_FAVORITE t where t.ownerid=" + String.valueOf(userid) + " group by t.ad_table_id,t.menu_no,t.fa_menu,t.menu_re,t.IS_REPORT,t.creationdate order by t.menu_no,t.creationdate asc"); logger.debug("MU_FAVORITE size is " + String.valueOf(al.size())); if (al.size() > 0) { for (int i = 0; i < al.size(); i++) { // ArrayList catschild= new ArrayList(); List als = (List) al.get(i); String fa_menu = (String) als.get(1); String menu_re = (String) als.get(2); String isreport = (String) als.get(3); int table_id = Tools.getInt(als.get(0), -1); Table table = manager.getTable(table_id); logger.debug(table.getName()); /* if(!table.isMenuObject()){ continue; //because many table is webaction not ismenuobject }*/ try { WebUtils.checkTableQueryPermission(table.getName(), request); } catch (NDSSecurityException e) { continue; } logger.debug("add_table ->" + table.getName()); ArrayList row = new ArrayList(); row.add(fa_menu); row.add(menu_re); row.add(isreport); row.add(table); mufavorite.add(row); } } } catch (Throwable t) { logger.error("Fail to load mufavorite", t); } return mufavorite; }
/** * Find sesstion attribute "nds.control.web.ValidateMServlet" defined in ValidateMServlet, and * compare with user input named "verifyCode" */ public NDSEvent processRequest(HttpServletRequest request) throws NDSEventException { String serverValidCode = (String) request.getSession().getAttribute("nds.control.web.ValidateMServlet"); if (serverValidCode == null) throw new NDSEventException( "Internal error, nds.control.web.ValidateMServlet not set in session attribute"); String userValidCode = request.getParameter("verifyCode"); if (serverValidCode.equalsIgnoreCase(userValidCode)) { } else { throw new NDSEventException("@error-verify-code@"); } DefaultWebEvent event = new DefaultWebEvent("CommandEvent"); event.setParameter("command", "RegistrateUser"); /** * add param named "nds.query.querysession", which hold QuerySession object * * @since 2.0 */ SessionContextManager scmanager = WebUtils.getSessionContextManager(request.getSession(true)); UserWebImpl usr = (UserWebImpl) scmanager.getActor(WebKeys.USER); if (usr != null && usr.getSession() != null) event.put("nds.query.querysession", usr.getSession()); event.put("JAVA.UTIL.LOCALE", usr.getLocale()); Enumeration enu = request.getParameterNames(); while (enu.hasMoreElements()) { String name = (String) enu.nextElement(); String[] value = request.getParameterValues(name); if (name.equalsIgnoreCase("command")) { /* ############# tony 's method was deferred to EJB layer to implement, see nds.control.ejb.CommandFactory event.setParameter(name, commandName(value[0])); ######## yfzhu marked above */ event.setParameter(name, value[0]); // nmdemo, ObjectPermit and ObjectRollback will also need spName // if(value[0].endsWith("Submit")) event.setParameter("spName", value[0]); } else if (value.length == 1) event.setParameter(name, value[0]); else event.setParameter(name, value); } return event; }
/** * Get viewable subsystem list * * @param request * @return never null, elements are nds.schema.SubSystem */ public List getSubSystems(HttpServletRequest request) { UserWebImpl userWeb = ((UserWebImpl) WebUtils.getSessionContextManager(request.getSession()) .getActor(nds.util.WebKeys.USER)); ArrayList subs = new ArrayList(); if (userWeb.getUserId() == userWeb.GUEST_ID) { return subs; } List al = (List) userWeb.getProperty("subsystems"); // elements are subystem.id TableManager manager = TableManager.getInstance(); if (al != null) { for (int i = 0; i < al.size(); i++) { int sid = ((Integer) al.get(i)).intValue(); SubSystem ss = manager.getSubSystem(sid); if (ss != null) subs.add(ss); } } else { // search all tablecategoris for subsystem // add users subsystems param al = new ArrayList(); String[] sub_list; try { String subsystems = (String) QueryEngine.getInstance() .doQueryOne("SELECT subsystems from users where id=" + userWeb.getUserId()); if (Validator.isNotNull(subsystems)) { sub_list = subsystems.split(","); for (int m = 0; m < sub_list.length; m++) { SubSystem usersub = manager.getSubSystem(sub_list[m].trim()); if (usersub != null) { if (usersub.getId() == 10) continue; al.add(new Integer(usersub.getId())); subs.add(usersub); } } userWeb.setProperty("subsystems", al); return subs; } } catch (QueryException e) { logger.error("Fail to load subsystems from users", e); } for (int i = 0; i < manager.getSubSystems().size(); i++) { SubSystem ss = (SubSystem) manager.getSubSystems().get(i); if (containsViewableChildren(request, ss)) { al.add(new Integer(ss.getId())); subs.add(ss); } } userWeb.setProperty("subsystems", al); } return subs; }
/** * @param request * @param permissionType PERMISSION_VIEWABLE, PERMISSION_NO_PERM or PERMISSION_NO_LICENSE * @return never null, elements are nds.schema.SubSystem */ public List<SubSystem> getSubSystems(HttpServletRequest request, int permissionType) throws Exception { if (permissionType == PERMISSION_VIEWABLE) return getSubSystems(request); UserWebImpl userWeb = ((UserWebImpl) WebUtils.getSessionContextManager(request.getSession()) .getActor(nds.util.WebKeys.USER)); String subsystems = (String) QueryEngine.getInstance() .doQueryOne("SELECT subsystems from users where id=" + userWeb.getUserId()); if (Validator.isNotNull(subsystems)) { return Collections.EMPTY_LIST; } TableManager manager = TableManager.getInstance(); if (permissionType == PERMISSION_NO_PERM) { ArrayList subs = new ArrayList(); List al = (List) userWeb.getProperty("subsystems"); // elements are subystem.id if (al == null) { getSubSystems(request); al = (List) userWeb.getProperty("subsystems"); } // no perm List ss = manager.getSubSystems(); for (int i = 0; i < ss.size(); i++) { SubSystem sa = (SubSystem) ss.get(i); boolean found = false; for (int j = 0; j < al.size(); j++) { if (((Integer) al.get(j)).intValue() == sa.getId()) { found = true; break; } } if (!found) subs.add(sa); } return subs; } // else{ // no license if (subSystemNoLicense == null) { subSystemNoLicense = new ArrayList<SubSystem>(); List al = QueryEngine.getInstance() .doQueryList( "select id, name, orderno, iconurl,url from ad_subsystem s where exists(select 1 from ad_tablecategory c where c.ad_subsystem_id=s.id) order by orderno asc"); for (int i = 0; i < al.size(); i++) { List als = (List) al.get(i); if (manager.getSubSystem(Tools.getInt(als.get(0), -1)) == null) { SubSystem ss = new SubSystem(); ss.setId(Tools.getInt(als.get(0), -1)); ss.setName((String) als.get(1)); ss.setOrderno(Tools.getInt(als.get(2), -1)); ss.setIconURL((String) als.get(3)); ss.setPageURL((String) als.get(4)); subSystemNoLicense.add(ss); } } } return subSystemNoLicense; // } }
/** * 事实表和关联报表属于当前传入数组的交叉报表 * * @param request * @param tables elements are table.id * @return elements are ArrayList, first is cxtab id, second is cxtab name */ public List getCxtabs(HttpServletRequest request, List<Integer> tables) { TableManager manager = TableManager.getInstance(); UserWebImpl userWeb = ((UserWebImpl) WebUtils.getSessionContextManager(request.getSession()) .getActor(nds.util.WebKeys.USER)); StringBuffer sb = new StringBuffer(); for (int i = 0; i < tables.size(); i++) { // Table t= tables.get(i); if (i > 0) sb.append(","); sb.append(tables.get(i)); } String ts = sb.toString(); try { Table cxtabTable = manager.getTable("AD_CXTAB"); QueryRequestImpl queryData; // only pk,dk will be selected, order by ak asc queryData = QueryEngine.getInstance().createRequest(userWeb.getSession()); queryData.setMainTable(cxtabTable.getId()); queryData.addSelection(cxtabTable.getPrimaryKey().getId()); queryData.addSelection(cxtabTable.getDisplayKey().getId()); Column colOrderNo = cxtabTable.getColumn("orderno"); queryData.setOrderBy(new int[] {colOrderNo.getId()}, true); queryData.setRange(0, Integer.MAX_VALUE); Expression expr = new Expression( null, "(AD_CXTAB.AD_TABLE_ID in (" + ts + ") or exists (select 1 from ad_cxtab_reftable r where r.ad_cxtab_id=AD_CXTAB.id and r.ad_table_id in (" + ts + ")))", null); // set reporttype to "S" expr = expr.combine( new Expression(new ColumnLink("AD_CXTAB.REPORTTYPE"), "=S", null), SQLCombination.SQL_AND, null); expr = expr.combine( new Expression(new ColumnLink("AD_CXTAB.ISACTIVE"), "=Y", null), SQLCombination.SQL_AND, null); expr = expr.combine( new Expression(new ColumnLink("AD_CXTAB.ISPUBLIC"), "=Y", null), SQLCombination.SQL_AND, null); expr = expr.combine( userWeb.getSecurityFilter(cxtabTable.getName(), 1), SQLCombination.SQL_AND, null); queryData.addParam(expr); // read permission return QueryEngine.getInstance().doQueryList(queryData.toSQL()); } catch (Throwable t) { logger.error( "Fail to load reports for user " + userWeb.getUserId() + " with table ids: " + ts, t); } return Collections.EMPTY_LIST; }