Difficulties to correctly define RoleDefinition

Hi,
I’m using cuba 7.2.4 with reporting addon7.2.4 and multi-tenancy addon 2.0.2

I 'm facing difficulties to correcly define my class

@Role(name = "app-my-role")
public class MyAccessRole extends AnnotatedRoleDefinition {
  1. Filter in browser screens
    When I’m logged as user1 (tenant = mytenant), in browser screens, I don’t see “Add search condition” for the filter
    image

2.- Reports:

  • I created a report ad “admin” user (==> no_tenant)

  • When I’m logged as admin, I can find it in Run Reports screen
    image

  • When I’m logged as user1 (tenant = mytenant) I cannot find it and then run it !
    image

Any Idea ?

I don’t know how to arganize it but I think some more documentation would be helpfull to know what are the needed rights to put in a custom RoleDefinition class. I hadded to look at the source code of classes ReportsMinimalRoleDefinition and MinimalRoleDefinition but it was not enough.

Regards, Guillaume

In attachement :a zip with my project.

  • user admin/admin
  • user user1/admin , tenant = mytenant, role = app-my-role (class
    com.company.upload.core.security.MyAccessRole

My RoleDefinition class

@Role(name = "app-my-role")
public class MyAccessRole extends AnnotatedRoleDefinition {

    @ScreenAccess(screenIds = {
        // custom AP[upload.zip|attachment](upload://8BLEdlWu7fPzCm9GSQ3J8AMtt2R.zip) (12.5 MB) P
        "application-upload",
        "upload_NewEntity.browse",
        "upload_NewEntity.edit",

        "settings",

        // from com.haulmont.reports.role.ReportsMinimalRoleDefinition
        "report$inputParameters",
        "report$Report.run",
        "report$showReportTable",
        "report$showPivotTable",
        "report$showChart",
        "commonLookup",

        // from com.haulmont.cuba.security.app.role.MinimalRoleDefinition
        "addCondition",
        "backgroundWorkProgressWindow",
        "backgroundWorkWindow",
        "customConditionEditor",
        "customConditionFrame",
        "dynamicAttributesConditionEditor",
        "dynamicAttributesConditionFrame",
        "editWindowActions",
        "extendedEditWindowActions",
        "fileUploadDialog",
        "filterEditor",
        "filterSelect",
        "groupConditionFrame",
        "layoutAnalyzer",
        "mainWindow",
        "main",
        "loginWindow",
        "login",
        "notFoundScreen",
        "multiuploadDialog",
        "propertyConditionFrame",
        "runtimePropertiesFrame",
        "saveFilter",
        "saveSetInFolder",
        "inputDialog",
        "thirdpartyLicenseWindow"
    })
    public ScreenPermissionsContainer screenPermissions() {
        return super.screenPermissions();
    }

    @Override
    // custom APP
    @EntityAccess(entityClass = NewEntity.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})

    @EntityAccess(entityClass = FileDescriptor.class, operations = {EntityOp.CREATE, EntityOp.READ, EntityOp.UPDATE, EntityOp.DELETE})

    // from com.haulmont.reports.role.ReportsMinimalRoleDefinition
    @EntityAccess(entityClass = Report.class, operations = {EntityOp.READ})
    @EntityAccess(entityClass = ReportGroup.class, operations = {EntityOp.READ})
    @EntityAccess(entityClass = ReportTemplate.class, operations = {EntityOp.READ})

    // from com.haulmont.cuba.security.app.role.MinimalRoleDefinition
    @EntityAccess(entityClass = FilterEntity.class, operations = {EntityOp.READ})
    @EntityAccess(entityClass = KeyValueEntity.class, operations = {EntityOp.READ})
    @EntityAccess(entityClass = User.class, operations = {EntityOp.READ})
    public EntityPermissionsContainer entityPermissions() {
        return super.entityPermissions();
    }

    @Override
    // custom APP
    @EntityAttributeAccess(entityName = "*",modify = "*")
    public EntityAttributePermissionsContainer entityAttributePermissions() {
        return super.entityAttributePermissions();
    }

    @Override
    // custom app

    // from com.haulmont.reports.role.ReportsMinimalRoleDefinition
    // from com.haulmont.cuba.security.app.role.MinimalRoleDefinition
    @SpecificAccess(permissions = "cuba.gui.loginToClient")
    public SpecificPermissionsContainer specificPermissions() {
        return super.specificPermissions();
    }

    @Override
    public String getLocName() {
        return "My Role";
    }
}

Hi @guillaume.lundy,

Please add following specific properties to your role

@SpecificAccess(permissions = {"cuba.gui.loginToClient", "cuba.gui.filter.edit"})
    public SpecificPermissionsContainer specificPermissions() {
        return super.specificPermissions();
    }

and to view all Report attributes add following code to your role

@EntityAttributeAccess(entityClass = Report.class, view = "*")
    @Override
    // custom APP
    public EntityAttributePermissionsContainer entityAttributePermissions() {
        return super.entityAttributePermissions();
    }

Regards,
Evgeny

Hi Evgeny

Thanks for your help.

It worked for the filter but not for the reports.

Any Idea?

Regards,
Guillaume

Hi, after reading the source code of the report addon, I added read rights on all visible entites of the addon.

seems to work. Maybe I added too much rights!

@EntityAccess(entityClass = Report.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = ReportGroup.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = ReportTemplate.class, operations = {EntityOp.READ})

@EntityAccess(entityClass = PivotTableDescription.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = ReportValueFormat.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = TemplateTableDescription.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = TemplateTableBand.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = PivotTableDescription.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = TemplateTableColumn.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = PivotTableProperty.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = PieChartDescription.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = PivotTableAggregation.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = ChartSeries.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = AbstractChartDescription.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = SerialChartDescription.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = DataSet.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = BandDefinition.class, operations = {EntityOp.READ})
@EntityAccess(entityClass = ReportInputParameter.class, operations = {EntityOp.READ})

Regards.