Close #229

Open Lowcode SAS · Open Lowcode SAS · commit 0998c415c618 · 2020-09-26T22:22:42.000+02:00
diff --git a/src/org/openlowcode/server/action/SActionRef.java b/src/org/openlowcode/server/action/SActionRef.java
@@ -21,6 +21,8 @@
 import org.openlowcode.server.graphic.widget.SObjectDisplay;
 import org.openlowcode.server.runtime.OLcServer;
 import org.openlowcode.server.runtime.SModule;
+import org.openlowcode.server.security.ActionSecurityManager;
+import org.openlowcode.server.security.SecurityBuffer;
 import org.openlowcode.tools.messages.MessageWriter;
 import org.openlowcode.tools.misc.Named;
 import org.openlowcode.tools.misc.NamedList;
@@ -271,4 +273,26 @@ public ActionExecution getAction() {
 	public SActionDataLoc<?> getActionData(String name) {
 		return actiondata.lookupOnName(name);
 	}
+	/**
+	 * @return true if the action is authorized, false if not
+	 * @since 1.12
+	 */
+	public boolean isAuthorized(String context,SPageData input, SecurityBuffer buffer) {
+		ActionSecurityManager[] securitymanagers = getAction().getActionSecurityManager();
+		if (securitymanagers == null) {
+			logger.info(" no security manager, hide = true");
+			return false;
+		}
+		if (buffer == null)
+			return true;
+		for (int i = 0; i < securitymanagers.length; i++) {
+			ActionSecurityManager thismanager = securitymanagers[i];
+			SActionData actiondata = this.generatePotentialActionDataForSecurity(input);
+			if (thismanager.isAuthorizedForCurrentUser(context, actiondata, buffer)) {
+				logger.info(" found security manager with authorization for user " + thismanager.toString());
+				return true;
+			}
+		}
+		return false;
+	}
 }
diff --git a/src/org/openlowcode/server/graphic/widget/SGrid.java b/src/org/openlowcode/server/graphic/widget/SGrid.java
@@ -395,10 +395,14 @@ public void WritePayloadToCDL(MessageWriter writer, SPageData input, SecurityBuf
 		}
 		writer.startStructure("MENACTS");
 		for (int i=0;i<this.menuactions.size();i++) {
+			// checks that the action is visible
+			SActionRef thisaction = menuactions.get(i);						
+			if (thisaction.isAuthorized("Menu for SGrid "+this.name, input, buffer)) {
 			writer.startStructure("MENACT");
 			writer.addStringField("MENLBL",this.menuactionslabel.get(i));
-			this.menuactions.get(i).writeToCML(writer);
+			thisaction.writeToCML(writer);
 			writer.endStructure("MENACT");
+			}
 		}
 		writer.endStructure("MENACTS");
 	}

Original file line number	Diff line number	Diff line change
`@@ -395,10 +395,14 @@ public void WritePayloadToCDL(MessageWriter writer, SPageData input, SecurityBuf`
`395`	`395`	`}`
`396`	`396`	`writer.startStructure("MENACTS");`
`397`	`397`	`for (int i=0;i<this.menuactions.size();i++) {`
	`398`	`+ // checks that the action is visible`
	`399`	`+ SActionRef thisaction = menuactions.get(i);`
	`400`	`+ if (thisaction.isAuthorized("Menu for SGrid "+this.name, input, buffer)) {`
`398`	`401`	`writer.startStructure("MENACT");`
`399`	`402`	`writer.addStringField("MENLBL",this.menuactionslabel.get(i));`
`400`		`- this.menuactions.get(i).writeToCML(writer);`
	`403`	`+ thisaction.writeToCML(writer);`
`401`	`404`	`writer.endStructure("MENACT");`
	`405`	`+ }`
`402`	`406`	`}`
`403`	`407`	`writer.endStructure("MENACTS");`
`404`	`408`	`}`