Use Cases | Programming Model | |
BOPF | RAP | |
#2 Authorization on standard CUD operations |
| Authorization Master:
Feature Control:
|
RV_FAILED | The value (true/false) indicates whether the authorization check failed |
METHOD /bobf/if_lib_auth_draft_active~check_static_authority.
" Check the creation of new instance here
AUTHORITY-CHECK OBJECT 'ZPB_APPLICATION' FOR USER sy-uname
ID 'ACTVT' FIELD is_ctx-activity
IF sy-subrc EQ 0.
rv_failed = abap_false.
ELSE.
rv_failed = abap_true.
ENDIF.
" Message handling if authorization check failed
IF rv_failed = abap_true AND is_ctx-activity EQ /bobf/cl_frw_authority_check=>sc_activity-create.
CALL METHOD /scmtms/cl_common_helper=>msg_helper_add_symsg(
CHANGING
co_message = eo_message ).
eo_message->add_message(
is_msg = VALUE #( msgid = 'S7'
msgno = 000
msgv1 = | No authorization to create a record |
msgty = /bobf/cm_frw=>co_severity_error
)
iv_node = is_ctx-node_key
iv_key = is_ctx-bo_key
iv_attribute = zif_i_pb_application_c=>sc_node_attribute-zi_pb_application-node_data
).
ENDIF.
ENDMETHOD.
METHOD /bobf/if_lib_auth_draft_active~check_instance_authority.
DATA: lt_context_data TYPE ztipb_application,
ls_message_textid TYPE scx_t100key. " T100 key with parameters
" Retrieve the data of the requested node instance
io_read->retrieve(
exporting
iv_node = is_ctx-node_key
it_key = it_key
importing
et_data = lt_context_data
et_failed_key = et_failed_key
).
LOOP AT lt_context_data ASSIGNING FIELD-SYMBOLS(<ls_context>).
DATA(lv_denied) = abap_true. " Deny access by default
" Check Update/Delete of selected instance here
AUTHORITY-CHECK OBJECT 'ZPB_APPLICATION'
ID 'ACTVT' FIELD is_ctx-activity
ID 'ZPB_STATUS' FIELD <ls_context>-isActive.
IF sy-subrc EQ 0.
lv_denied = abap_false.
ENDIF.
" Message handling if authorization check failed
IF lv_denied = abap_true.
INSERT VALUE #( key = <ls_context>-key ) INTO TABLE et_failed_key.
ENDIF.
ENDLOOP.
ENDMETHOD.
define behavior for ZI_PB_ACTIVE_APPL alias Application
implementation in class zcl_i_pb_active_appl unique
persistent table zpb_active_appl
lock master
authorization master ( global, instance )
etag master LocalLastChangedAt
{
create ;
update ;
delete ;
association _Company { create; }
}
define behavior for ZI_PB_ACTIVE_COMP alias Company
implementation in class zcl_i_pb_active_comp unique
persistent table zpb_active_comp
lock dependent by _Application
authorization dependent by _Application
etag master LocalLastChangedAt
{
update ;
delete ;
}
METHOD get_global_authorizations.
" Check the creation of new instance here
AUTHORITY-CHECK OBJECT 'ZPB_APPLICATION' FOR USER sy-uname
ID 'ACTVT' FIELD '01'.
IF sy-subrc = 0.
DATA(lv_authorized) = abap_true.
ENDIF.
result = VALUE #( %create = COND #( WHEN lv_authorized IS INITIAL THEN if_abap_behv=>fc-o-disabled ELSE if_abap_behv=>fc-o-enabled ) ).
CHECK lv_authorized IS INITIAL.
APPEND VALUE #( %state_area = 'AUTH_CREATE'
%msg = NEW zcx_pb_application( iv_severity = if_abap_behv_message=>severity-error
is_textid = zcx_pb_application=>tys_create_not_allowed
iv_userid = CONV #( cl_abap_context_info=>get_user_technical_name( ) )
iv_context = 'Application' )
) TO reported-application.
ENDMETHOD.
METHOD get_instance_authorizations.
** Read the status of current application record
READ ENTITIES OF zi_pb_active_appl IN LOCAL MODE
ENTITY Application
FIELDS ( IsActive ) WITH CORRESPONDING #( keys )
RESULT DATA(lt_context_data)
FAILED failed.
result = VALUE #( FOR ls_data IN lt_context_data
LET lv_authorization = COND #( WHEN _IsAuthorized( ls_data-IsActive ) IS INITIAL THEN if_abap_behv=>auth-unauthorized ELSE if_abap_behv=>auth-allowed )
IN ( %tky = ls_data-%tky
%assoc-_Company = lv_authorization
%delete = lv_authorization
%update = lv_authorization )
).
ENDMETHOD.
METHOD _IsAuthorized.
" Check Create of selected instance here
AUTHORITY-CHECK OBJECT 'ZPB_APPLICATION'
ID 'ACTVT' FIELD '01'
ID 'ZPB_STATUS' FIELD iv_status.
IF sy-subrc EQ 0.
rv_authorized = abap_true.
ENDIF.
ENDMETHOD.
define behavior for ZI_PB_ACTIVE_APPL alias Application
implementation in class zcl_i_pb_active_appl unique
persistent table zpb_active_appl
lock master
authorization master ( instance )
etag master LocalLastChangedAt
{
create ( features : global );
update ( features : instance );
delete ( features : instance );
association _Company { create ( features : instance ); }
}
define behavior for ZI_PB_ACTIVE_COMP alias Company
implementation in class zcl_i_pb_active_comp unique
persistent table zpb_active_comp
lock dependent by _Application
authorization dependent by _Application
etag master LocalLastChangedAt
{
update ( features : instance );
delete ( features : instance );
association _Language { create ( features : instance ); }
association _Application { }
}
METHOD get_global_features.
" Check the creation of new instance here
AUTHORITY-CHECK OBJECT 'ZPB_APPLICATION' FOR USER sy-uname
ID 'ACTVT' FIELD '01'.
IF sy-subrc = 0.
DATA(lv_authorized) = abap_true.
ENDIF.
result = VALUE #( %create = COND #( WHEN lv_authorized IS INITIAL THEN if_abap_behv=>fc-o-disabled ELSE if_abap_behv=>fc-o-enabled ) ).
APPEND VALUE #( %state_area = 'AUTH_CREATE'
%msg = NEW zcx_pb_application( iv_severity = if_abap_behv_message=>severity-error
is_textid = zcx_pb_application=>tys_create_not_allowed
iv_userid = CONV #( cl_abap_context_info=>get_user_technical_name( ) )
iv_context = 'Application' )
) TO reported-application.
ENDMETHOD.
METHOD get_instance_features.
** Read the status of current application record
READ ENTITIES OF zi_pb_active_appl IN LOCAL MODE
ENTITY Application
FIELDS ( IsActive ) WITH CORRESPONDING #( keys )
RESULT DATA(lt_context_data)
FAILED failed.
result = VALUE #( FOR ls_data IN lt_context_data
LET lv_active = COND #( WHEN _IsAuthorized( ls_data-IsActive ) IS INITIAL THEN if_abap_behv=>fc-o-disabled ELSE if_abap_behv=>fc-o-enabled )
IN ( %tky = ls_data-%tky
%assoc-_Company = lv_active
%delete = lv_active
%update = lv_active )
).
ENDMETHOD.
METHOD _IsAuthorized.
" Check Create of selected instance here
AUTHORITY-CHECK OBJECT 'ZPB_APPLICATION'
ID 'ACTVT' FIELD '01'
ID 'ZPB_STATUS' FIELD iv_status.
IF sy-subrc EQ 0.
rv_authorized = abap_true.
ENDIF.
ENDMETHOD.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
6 | |
5 | |
5 | |
5 | |
5 | |
4 | |
4 | |
4 | |
3 | |
3 |