Examples of OBSecurityException

• org.openbravo.base.exception.OBSecurityException
  This exception is used in case of Security violation. For example updating an object of another client. @author mtaal

Examples of org.openbravo.base.exception.OBSecurityException

            + " ur where " + " ur." + UserRoles.PROPERTY_USERCONTACT + "." + User.PROPERTY_ID
            + "='" + u.getId() + "' and ur." + UserRoles.PROPERTY_ACTIVE + "='Y' and ur."
            + UserRoles.PROPERTY_ROLE + "." + Role.PROPERTY_ACTIVE + "='Y' order by ur."
            + UserRoles.PROPERTY_ROLE + "." + Role.PROPERTY_ID + " asc", false);
        if (ur == null) {
          throw new OBSecurityException(
              "Your user is not assigned to a Role and it is required to login into Openbravo. Ask the Security Administrator");
        }
        Hibernate.initialize(ur.getRole());
        setRole(ur.getRole());
      }

Examples of org.openbravo.base.exception.OBSecurityException

        final OrganizationEnabled oe = (OrganizationEnabled) currentState[i];
        final Organization o2 = oe.getOrganization();

        if (!obContext.getOrganizationStructureProvider(o1.getClient().getId()).isInNaturalTree(o1,
            o2)) {
          throw new OBSecurityException("Entity " + bob.getIdentifier() + " ("
              + bob.getEntityName() + ") with organization " + o1.getIdentifier()
              + " references an entity " + ((BaseOBObject) currentState[i]).getIdentifier()
              + " through its property " + propertyNames[i] + " but this referenced entity"
              + " belongs to an organization " + o2.getIdentifier()
              + " which is not part of the natural tree of " + o1.getIdentifier());

Examples of org.openbravo.base.exception.OBSecurityException

   *          the entity to check
   * @throws OBSecurityException
   */
  public void checkWritable(Entity entity) {
    if (!isWritable(entity)) {
      throw new OBSecurityException("Entity " + entity + " is not writable by this user");
    }
  }

Examples of org.openbravo.base.exception.OBSecurityException

    if (obContext.isInAdministratorMode()) {
      return;
    }

    if (nonReadableEntities.contains(entity)) {
      throw new OBSecurityException("Entity " + entity + " is not readable by this user");
    }

    if (derivedReadableEntities.contains(entity)) {
      return;
    }

    if (!readableEntities.contains(entity)) {
      throw new OBSecurityException("Entity " + entity + " is not readable by the user "
          + obContext.getUser().getId());
    }
  }

Examples of org.openbravo.base.exception.OBSecurityException

  public void checkDeleteAllowed(Object o) {
    if (!OBContext.getOBContext().isInAdministratorMode() && o instanceof BaseOBObject) {
      final BaseOBObject bob = (BaseOBObject) o;
      final Entity entity = ModelProvider.getInstance().getEntity(bob.getEntityName());
      if (!entity.isDeletable()) {
        throw new OBSecurityException("Entity " + entity.getName() + " is not deletable");
      }
    }
    checkWriteAccess(o);
  }

Examples of org.openbravo.base.exception.OBSecurityException

    if (!obContext.isInAdministratorMode() && clientId.length() > 0) {
      if (obj instanceof ClientEnabled) {
        if (!obContext.getCurrentClient().getId().equals(clientId)) {
          // TODO: maybe move rollback to exception throwing
          SessionHandler.getInstance().setDoRollback(true);
          throw new OBSecurityException("Client (" + clientId + ") of object (" + obj
              + ") is not present in ClientList " + obContext.getCurrentClient().getId());
        }
      }

      // todo can be improved by only checking if the client or
      // organization
      // actually changed...
      obContext.getEntityAccessChecker().checkWritable(entity);

      if (obj instanceof OrganizationEnabled && orgId != null && orgId.length() > 0) {
        // todo as only the id is required this can be made much more
        // efficient
        // by
        // not loading the hibernate proxy
        if (!obContext.getWritableOrganizations().contains(orgId)) {
          // TODO: maybe move rollback to exception throwing
          SessionHandler.getInstance().setDoRollback(true);
          throw new OBSecurityException("Organization " + orgId + " of object (" + obj
              + ") is not present in OrganizationList " + obContext.getWritableOrganizations());
        }
      }
    }

Examples of org.openbravo.base.exception.OBSecurityException

  }

  protected void failOnZeroClient(String entity, String clientId) {
    // cliendId == null is by definition unequal to 0
    if (clientId != null && clientId.equals("0")) {
      throw new OBSecurityException("Entity " + entity + " may not have instances with client 0");
    }
  }

Examples of org.openbravo.base.exception.OBSecurityException

    }
  }

  protected void failOnNonZeroClient(String entity, String clientId) {
    if (clientId == null || !clientId.equals("0")) {
      throw new OBSecurityException("Entity " + entity + " may only have instances with client 0");
    }
  }

Examples of org.openbravo.base.exception.OBSecurityException

  protected void failOnZeroOrg(String entity, String orgId) {
    // orgId can be null for a new Organization which by default is not
    // the zero organization
    if (orgId != null && orgId.equals("0")) {
      throw new OBSecurityException("Entity " + entity
          + " may not have instances with organization *");
    }
  }

Examples of org.openbravo.base.exception.OBSecurityException

  protected void failOnNonZeroOrg(String entity, String orgId) {
    // orgId can be null for a new Organization which by default is not
    // the zero organization
    if (orgId == null || !orgId.equals("0")) {
      throw new OBSecurityException("Entity " + entity
          + " may only have instances with organization *");
    }
  }