[Home] [Help]
PACKAGE BODY: APPS.RRS_SECURITY_PUB
Source
1 PACKAGE BODY RRS_SECURITY_PUB AS
2 /* $Header: RRSPSECB.pls 120.3 2010/12/04 02:09:19 jijiao noship $ */
3
4 /*Check Object VIEW Privilege*/
5 FUNCTION Check_Object_View_Privilege
6 (
7 p_api_version IN NUMBER,
8 p_object_name IN VARCHAR2,
9 p_object_key IN NUMBER
10 )
11 RETURN VARCHAR2
12 IS
13 BEGIN
14 RETURN Check_Object_Privilege(p_priv_type => 'VIEW',
15 p_object_name => p_object_name,
16 p_object_key => p_object_key);
17 END;
18
19 /*Check Object EDIT Privilege*/
20 FUNCTION Check_Object_Edit_Privilege
21 (
22 p_api_version IN NUMBER,
23 p_object_name IN VARCHAR2,
24 p_object_key IN NUMBER
25 )
26 RETURN VARCHAR2
27 IS
28 BEGIN
29 RETURN Check_Object_Privilege(p_priv_type => 'EDIT',
30 p_object_name => p_object_name,
31 p_object_key => p_object_key);
32 END;
33
34 /*Check Object Privilege*/
35 FUNCTION Check_Object_Privilege
36 (
37 p_priv_type IN VARCHAR2,
38 p_object_name IN VARCHAR2,
39 p_object_key IN NUMBER
40 )
41 RETURN VARCHAR2
42 IS
43 l_priv_name VARCHAR2(30);
44 BEGIN
45 --First check whether user has enabled the RBAC profile option. If hasn't, we skip security checking
46 IF FND_PROFILE.VALUE('RRS_ROLE_BASED_SECURITY_ENABLED') = 'N' THEN
47 RETURN FND_API.G_TRUE;
48 END IF;
49
50 IF p_priv_type = 'VIEW' AND p_object_name = 'RRS_SITE' THEN
51 l_priv_name := 'RRS_VIEW_SITE';
52 ELSIF p_priv_type = 'VIEW' AND p_object_name = 'RRS_HIERARCHY' THEN
53 l_priv_name := 'RRS_VIEW_HIER';
54 ELSIF p_priv_type = 'EDIT' THEN
55 --For Edit Priv, we need check VIEW first.
56 IF Check_Object_Privilege('VIEW', p_object_name, p_object_key) <> FND_API.G_TRUE THEN
57 RETURN FND_API.G_FALSE;
58 END IF;
59 IF p_object_name = 'RRS_SITE' THEN
60 l_priv_name := 'RRS_EDIT_SITE';
61 ELSIF p_object_name = 'RRS_HIERARCHY' THEN
62 l_priv_name := 'RRS_EDIT_HIER';
63 ELSE
64 DBMS_OUTPUT.PUT_LINE('Never should reach here.');
65 END IF;
66 ELSE
67 DBMS_OUTPUT.PUT_LINE('Never should reach here.');
68 END IF;
69
70 RETURN EGO_SECURITY_PUB.check_party_privilege(p_api_version => 1.0,
71 p_privilege => l_priv_name,
72 p_object_name => p_object_name,
73 p_object_key => p_object_key,
74 p_party_id => FND_GLOBAL.party_id);
75 END;
76
77 /*Check UDA VIEW Privilege*/
78 FUNCTION Check_UDA_View_Privilege
79 (
80 p_api_version IN NUMBER,
81 p_attr_group_id IN NUMBER,
82 p_object_name IN VARCHAR2,
83 p_object_key IN NUMBER
84 )
85 RETURN VARCHAR2
86 IS
87 BEGIN
88
89 RETURN Check_UDA_Privilege(p_priv_type => 'VIEW',
90 p_attr_group_id => p_attr_group_id,
91 p_object_name => p_object_name,
92 p_object_key => p_object_key);
93
94 END Check_UDA_View_Privilege;
95
96 /*Check UDA EDIT Privilege*/
97 FUNCTION Check_UDA_Edit_Privilege
98 (
99 p_api_version IN NUMBER,
100 p_attr_group_id IN NUMBER,
101 p_object_name IN VARCHAR2,
102 p_object_key IN NUMBER
103 )
104 RETURN VARCHAR2
105 IS
106 BEGIN
107
108 RETURN Check_UDA_Privilege(p_priv_type => 'EDIT',
109 p_attr_group_id => p_attr_group_id,
110 p_object_name => p_object_name,
111 p_object_key => p_object_key);
112 END Check_UDA_Edit_Privilege;
113
114 /*Check UDA Privilege*/
115 FUNCTION Check_UDA_Privilege
116 (
117 p_priv_type IN VARCHAR2,
118 p_attr_group_id IN NUMBER,
119 p_object_name IN VARCHAR2,
120 p_object_key IN NUMBER
121 )
122 RETURN VARCHAR2
123 IS
124 l_ag_priv_name VARCHAR2(30);
125 l_ego_check_result VARCHAR2(30);
126 BEGIN
127 --First check whether user has enabled the RBAC profile option. If hasn't, we skip security checking
128 IF FND_PROFILE.VALUE('RRS_ROLE_BASED_SECURITY_ENABLED') = 'N' THEN
129 RETURN FND_API.G_TRUE;
130 END IF;
131
132 BEGIN
133 --If user has enabled the RBAC profile option, we do the checking.
134 IF p_priv_type = 'VIEW' THEN
135 --RBAC Phase 2, added object security
136 IF Check_Object_Privilege(p_priv_type, p_object_name, p_object_key) <> FND_API.G_TRUE THEN
137 RETURN FND_API.G_FALSE;
138 END IF;
139
140 SELECT F.FUNCTION_NAME
141 INTO l_ag_priv_name
142 FROM EGO_ATTR_GROUP_DL E, FND_FORM_FUNCTIONS F
143 WHERE E.VIEW_PRIVILEGE_ID = F.FUNCTION_ID
144 AND ATTR_GROUP_ID = p_attr_group_id;
145
146 ELSIF p_priv_type = 'EDIT' THEN
147 --To check edit privilege, we need check view privilege first.
148 l_ego_check_result := Check_UDA_View_Privilege(p_api_version => 1.0,
149 p_attr_group_id => p_attr_group_id,
150 p_object_name => p_object_name,
151 p_object_key => p_object_key);
152 -- If user does not have view privilege for the attribute group, then we don't even check edit privielge.
153 IF l_ego_check_result <> FND_API.G_TRUE THEN
154 RETURN FND_API.G_FALSE;
155 END IF;
156 --Check Object Edit Privilege first
157 IF Check_Object_Privilege(p_priv_type, p_object_name, p_object_key) <> FND_API.G_TRUE THEN
158 RETURN FND_API.G_FALSE;
159 END IF;
160
161 SELECT F.FUNCTION_NAME
162 INTO l_ag_priv_name
163 FROM EGO_ATTR_GROUP_DL E, FND_FORM_FUNCTIONS F
164 WHERE E.EDIT_PRIVILEGE_ID = F.FUNCTION_ID
165 AND ATTR_GROUP_ID = p_attr_group_id;
166
167 END IF;
168 EXCEPTION
169 -- No data found means no security setting. So viewable or editable.
170 WHEN NO_DATA_FOUND THEN
171 RETURN FND_API.G_TRUE;
172 WHEN OTHERS THEN
173 RETURN FND_API.G_RET_STS_ERROR;
174 END;
175
176 --Bug Fix 10141984/10119971: Here we change check_user_privilege function to check_party_privilege function
177 --Because in check_user_privilege function, to convert user_id to party_id, EGO has to use CustomerID, which is not necessarily populated.
178
179 --l_ego_check_result:= EGO_SECURITY_PUB.check_user_privilege(p_api_version => 1.0,
180 l_ego_check_result:= EGO_SECURITY_PUB.check_party_privilege(p_api_version => 1.0,
181 p_privilege => l_ag_priv_name,
182 p_object_name => p_object_name,
183 p_object_key => p_object_key,
184 p_party_id => FND_GLOBAL.party_id);
185 --p_user_id => FND_GLOBAL.user_id);
186 --End Bug Fix 10141984/10119971
187
188 RETURN l_ego_check_result;
189 END Check_UDA_Privilege;
190
191 /*TEST METHODS*/
192 /*
193 PROCEDURE TEST IS
194
195 l_has_view_priv VARCHAR2(10);
196
197 BEGIN
198
199 l_has_view_priv := Check_UDA_View_Privilege(p_api_version => 1.0,
200 p_attr_group_id => 2707,
201 p_object_name => 'RRS_SITE',
202 p_object_key => 62142);
203 IF l_has_view_priv = FND_API.G_TRUE THEN
204 DBMS_OUTPUT.PUT_LINE('Can View');
205 ELSE
206 DBMS_OUTPUT.PUT_LINE('Cannot View');
207 END IF;
208
209 l_has_view_priv := Check_Object_View_Privilege(p_api_version => 1.0,
210 p_object_name => 'RRS_HIERARCHY',
211 p_object_key => 20000);
212 IF l_has_view_priv = FND_API.G_TRUE THEN
213 DBMS_OUTPUT.PUT_LINE('Can View');
214 ELSE
215 DBMS_OUTPUT.PUT_LINE('Cannot View');
216 END IF;
217
218 l_has_view_priv := Check_Object_Edit_Privilege(p_api_version => 1.0,
219 p_object_name => 'RRS_HIERARCHY',
220 p_object_key => 20000);
221 IF l_has_view_priv = FND_API.G_TRUE THEN
222 DBMS_OUTPUT.PUT_LINE('Can Edit');
223 ELSE
224 DBMS_OUTPUT.PUT_LINE('Cannot Edit');
225 END IF;
226 END TEST;*/
227
228 END RRS_SECURITY_PUB;