Rem Copyright (c) 1993 by Oracle Corporation Rem NAME Rem ciiacc.pkb - Rem DESCRIPTION Rem Rem RETURNS Rem Rem NOTES Rem Rem MODIFIED (MM/DD/YY) Rem aheath 03/15/95 - Enable shared objects to be accessed Rem jwetherb 10/13/94 - Allow error when PAC id is null Rem jwetherb 08/30/94 - Change operation to UPD for SAC's Rem jwetherb 08/09/93 - Creation rem rem $Header: L:\\\\model\\repman40\\api\\RCS\\CIACC.IPB 1.10 1998/11/11 14:31:28 loldham Exp $ rem CREATE OR REPLACE PACKAGE BODY ciiacc AS --========================== CHECK ACCESS RIGHTS ============================-- PROCEDURE check_access_rights(id rm.reference, type varchar2, acc_type varchar2, supertype varchar2 default null) IS access_type varchar2(30); access_element_reference number; access_element_ivid number; access_element_type varchar2(6); access_element_supertype varchar2(6); tab_name varchar2(40); big_str varchar2(2000); cur_id integer; ret_val integer; BEGIN access_type:=acc_type; if id is null then ciierr.fatal(6001); end if; access_element_reference := check_access_rights.id; if type is null then -- probably wrong error message but I just want this to compile for 4.0.9 !!! ciierr.fatal(6005, 'XXX', cdapi.app_sys_name); -- access_element_type := ciiutl.short_type(access_element_reference); else access_element_type := type; end if; if supertype is null then access_element_supertype := ciisty.supertype(access_element_type, access_element_reference); else access_element_supertype := supertype; end if; if access_element_supertype in ('SAC','SE','OSE','MM') and access_type in ('INS','DEL') then access_type := 'UPD'; end if; -- Need to get owning PAC to check access rights if access_element_supertype in ('SE','OSE','MM', 'SAC') then tab_name := ciiexp.get_table_name(type); cur_id := DBMS_SQL.OPEN_CURSOR; big_str := 'select el.pac_ref, el.parent_ivid'|| ' from ' || tab_name || ' el'|| ' where el.irid = :id'; dbms_sql.parse(cur_id, big_str, dbms_sql.native); dbms_sql.bind_variable(cur_id, ':id', id); dbms_sql.define_column(cur_id, 1, access_element_reference); dbms_sql.define_column(cur_id, 2, access_element_ivid); ret_val := dbms_sql.execute_and_fetch(cur_id); if (ret_val > 0) then dbms_sql.column_value(cur_id, 1, access_element_reference); if (access_element_reference is NULL OR access_element_reference = 0) then /* pac_reference not set in 4.0.5 base freeze so add workaround */ dbms_sql.column_value(cur_id, 2, access_element_ivid); select irid into access_element_reference from sdd_object_versions where ivid = access_element_ivid; end if; access_element_type := NULL; -- set to null as not known yet elsif (ret_val = 0) then --element not contained in workarea views ciierr.fatal(6087,type,id ); end if; DBMS_SQL.CLOSE_CURSOR(cur_id); end if; check_pac(access_element_reference,access_element_type,access_type); EXCEPTION when no_data_found then null; END; --============================== CHECK PAC ================================-- PROCEDURE check_pac(id rm.reference,type varchar2,acc_type access_type) IS a_t varchar2(30); BEGIN --Get access type name from number a_t:=jr_acc_rights.access_names(acc_type); if a_t is not null then check_pac(id,type,a_t); else ciierr.fatal(6005, to_char(acc_type), cdapi.app_sys_name); end if; END; --============================== CHECK PAC ================================-- PROCEDURE check_pac( id rm.reference, type varchar2, acc_type varchar2) IS actual_type varchar2(30); pac_type varchar2(30); actual_app_sys_ref rm.reference; owning_folder rm.reference; owning_folder_name varchar2(256); container_subtype varchar2(30); acc_type_num integer; cnt number; dummy number; BEGIN if id is null then ciierr.fatal(6001); end if; /* -- Commented out in a rush prior to 4.0.9 deadline -- I don't think this is called anymore, but folder_member no longer has element_type_name if acc_type != 'INS' then -- Get the owning application and also the type of the parent pac select folder_reference, substr(element_type_name, 4) into owning_folder, pac_type from sdd_folder_members where member_object = id and ownership_flag = 'Y'; else owning_folder := cdapi.app_sys_ref; pac_type := type; end if; */ owning_folder := cdapi.app_sys_ref; pac_type := type; select fol.container_subtype into container_subtype from sdd_folders fol where fol.irid = owning_folder; -- Check if owning application is the context application if (owning_folder != cdapi.app_sys_ref) then -- Check access privs in owning application system acc_type_num:=jr_acc_rights.get_acc_type(acc_type); if not privileged(owning_folder, acc_type_num) then -- B1787721 : acc_type => acc_type_num ciierr.fatal(6005 ,jr_acc_rights.access_priv_names(acc_type_num) ,owning_folder_name); end if; -- these checks may pick up internal api coding errors if pac_type is null and acc_type != 'DEL' then ciierr.fatal(6002,ciiutl.type_name(nvl(type, pac_type)),id); elsif pac_type != nvl(type, pac_type) then ciierr.fatal(6003,ciiutl.identify(id, nvl(type, pac_type)),id,nvl(type, pac_type),pac_type); end if; else -- Check global access privs in context application system acc_type_num:=jr_acc_rights.get_acc_type(acc_type); if access_privilege(acc_type_num) = 'N' then ciierr.fatal(6005 ,jr_acc_rights.access_priv_names(acc_type_num) ,cdapi.app_sys_name); end if; end if; EXCEPTION WHEN no_data_found THEN -- Need to flag error if owning folder not found ciierr.fatal(6088,nvl(type, pac_type),ciiutl.identify(id,nvl(type, pac_type))); END; --============================== CHECK SAC ================================-- PROCEDURE check_sac(id rm.reference,type varchar2,acc_type access_type, pac_id rm.reference,pac_type varchar2) IS a_t varchar2(30):=NULL; BEGIN a_t:=jr_acc_rights.access_names(acc_type); if a_t != 'SEL' and cdapi.app_sys_frozen then ciierr.fatal(6011); end if; if a_t is not null then check_sac(id,type,a_t,pac_id,pac_type); end if; END; --============================== CHECK SAC ================================-- -- this is ONLY called for dataflows .... PROCEDURE check_sac(id rm.reference,type varchar2, acc_type varchar2,pac_id rm.reference,pac_type varchar2) IS acc_type_num number; actual_type varchar2(30); actual_app_sys_ref rm.reference; pac_name varchar2(100); pac_actual_type varchar2(30); pac_app_sys_ref rm.reference; BEGIN -- Check that the pac_id is not null if pac_id is null and acc_type != 'DEL' then acc_type_num:=jr_acc_rights.get_acc_type(acc_type); ciierr.fatal(6009 ,jr_acc_rights.access_priv_names(acc_type_num) ,type); elsif pac_id is not null then -- Check out the pac first (it will always be an update) check_pac(pac_id,pac_type,'UPD'); end if; END; --============================== PRIVILEGED? ================================-- FUNCTION privileged(app_sys rm.reference,acc_type number) RETURN boolean IS access_privs sdd_acc_priv_list:=sdd_acc_priv_list(); BEGIN access_privs:=jr_acc_rights.SEL(app_sys,USER); if access_privs(acc_type)='Y' then return TRUE; else return FALSE; end if; END; --=========================== INITIALIZE GLOBALS ============================-- PROCEDURE initialize IS BEGIN -- If there is no context appsys, disable all privs if cdapi.app_sys_ref is null then raise no_data_found; end if; --Get the access rights for the context folder... access_privilege:=jr_acc_rights.SEL(cdapi.app_sys_ref,USER); -- Raise an error if the user has no SELECT privs on this app sys if access_privilege(jr_acc_rights.get_acc_type('SEL')) != 'Y' then ciierr.fatal(6010); end if; cdapi.app_sys_frozen := false; app_sys_locked := false; app_sys_invalid := false; EXCEPTION WHEN no_data_found THEN --Set all access privs to 'N' access_privilege:=jr_acc_rights.NO_ACCESS_RIGHTS; END; --================================= BEGIN ===================================-- BEGIN --=================================== END ===================================-- -- -- Package instantiation block -- is_installed := true; END ciiacc; /