fix: closes #39 upcase issue in MPE_SECURITY
All checks were successful
Build / Build-and-ng-test (pull_request) Successful in 1m23s
All checks were successful
Build / Build-and-ng-test (pull_request) Successful in 1m23s
adding frontend validation rule, backend upcase enforcement rule, and modification to service code to ensure values are upcased before comparison
This commit is contained in:
parent
40fe707287
commit
a00d31caf3
@ -1,21 +1,22 @@
|
||||
/**
|
||||
@file
|
||||
@brief Checks the level of access a user has to the MP Editor
|
||||
@brief Checks group access level for a table or library
|
||||
@details In order for a user to be able to EDIT or APPROVE a table they must
|
||||
be in a metadata group that has been granted access to that table in the
|
||||
&mpelib..mpe_security table. Alternatively, they may be in the
|
||||
&mpeadmins group (has overall access).
|
||||
be in a group that has been granted access to that table in the
|
||||
MPE_SECURITY table. Alternatively, they may be in the &mpeadmins
|
||||
group (which has full access to everything).
|
||||
|
||||
<h4> SAS Macros </h4>
|
||||
@li mp_abort.sas
|
||||
@li mf_getuser.sas
|
||||
@li mf_verifymacvars.sas
|
||||
@li mpe_getgroups.sas
|
||||
@li mp_dropmembers.sas
|
||||
@li mpe_getgroups.sas
|
||||
|
||||
@param [in] access_level= access_level (per &mpelib..mp_editor_security) reqd
|
||||
|
||||
@returns outds A table containing all the groups that user is a member of,
|
||||
which are granted the access_level requested.
|
||||
@param [in] base_table The base table to check for
|
||||
@param [in] access_level= (APPROVE) access_level (per MPE_SECURITY) reqd
|
||||
@param [out] outds= (MED_ACCESSCHECK) Output table containing all the groups
|
||||
the user is a member of, which are granted the access_level requested.
|
||||
|
||||
@version 9.2
|
||||
@author 4GL Apps Ltd
|
||||
@ -25,7 +26,7 @@
|
||||
**/
|
||||
|
||||
%macro mpe_accesscheck(
|
||||
base_table /* base table to check for */
|
||||
base_table
|
||||
,outds=med_accesscheck /* WORK table to contain access details */
|
||||
,user= /* metadata user to check for */
|
||||
,access_level=APPROVE
|
||||
@ -53,37 +54,42 @@
|
||||
/* ensure any existing table is dropped */
|
||||
%mp_dropmembers(&ds)
|
||||
|
||||
/* create a new table for temp use */
|
||||
data; run;
|
||||
%local tempds; %let tempds=&syslast;
|
||||
|
||||
/* overwrite with the list of groups */
|
||||
%mpe_getgroups(user=&user,outds=&tempds);
|
||||
/* get list of user groups */
|
||||
%local tempds1;
|
||||
%let tempds1=%mf_getuniquename(prefix=usergroups);
|
||||
%mpe_getgroups(user=&user,outds=&tempds1)
|
||||
|
||||
/* get list of groups with access for that table */
|
||||
%local tempds2;
|
||||
%let tempds2=%mf_getuniquename(prefix=tablegroups);
|
||||
proc sql;
|
||||
create table &tempds2 as
|
||||
select distinct sas_group
|
||||
from &mpelib..mpe_security
|
||||
where &dc_dttmtfmt. lt tx_to
|
||||
and access_level="&access_level"
|
||||
and (
|
||||
(libref="%scan(&base_table,1,.)" and upcase(dsn)="%scan(&base_table,2,.)")
|
||||
or (libref="%scan(&base_table,1,.)" and dsn="*ALL*")
|
||||
or (libref="*ALL*")
|
||||
);
|
||||
%if &_debug ge 131 %then %do;
|
||||
data _null_;
|
||||
set &tempds;
|
||||
set &tempds1;
|
||||
putlog (_all_)(=);
|
||||
run;
|
||||
data _null_;
|
||||
set &tempds2;
|
||||
putlog (_all_)(=);
|
||||
run;
|
||||
%end;
|
||||
|
||||
proc sql;
|
||||
create table &outds as
|
||||
select * from &tempds
|
||||
select * from &tempds1
|
||||
where groupname="&mpeadmins"
|
||||
or groupname in
|
||||
(select sas_group from &mpelib..mpe_security
|
||||
where &dc_dttmtfmt. lt tx_to
|
||||
and access_level="&access_level"
|
||||
& (
|
||||
(libref="%scan(&base_table,1,.)" and dsn="%scan(&base_table,2,.)")
|
||||
or (libref="%scan(&base_table,1,.)" and dsn="*ALL*")
|
||||
or (libref="*ALL*")
|
||||
)
|
||||
);
|
||||
or groupname in (select * from &tempds2);
|
||||
|
||||
%put base_table=&base_table;
|
||||
%put libref=%scan(&base_table,1,.);
|
||||
%put dsn=%scan(&base_table,2,.);
|
||||
%put access_level=&access_level;
|
||||
%put &sysmacroname: base_table=&base_table;
|
||||
%put &sysmacroname: access_level=&access_level;
|
||||
%mend mpe_accesscheck;
|
||||
|
@ -1351,6 +1351,15 @@ insert into &lib..MPE_VALIDATIONS set
|
||||
,rule_value='UPCASE'
|
||||
,rule_active=1
|
||||
,tx_to='31DEC5999:23:59:59'dt;
|
||||
insert into &lib..MPE_VALIDATIONS set
|
||||
tx_from=0
|
||||
,base_lib="&lib"
|
||||
,base_ds="MPE_SECURITY"
|
||||
,base_col="LIBREF"
|
||||
,rule_type='CASE'
|
||||
,rule_value="UPCASE"
|
||||
,rule_active=1
|
||||
,tx_to='31DEC5999:23:59:59'dt;
|
||||
insert into &lib..MPE_VALIDATIONS set
|
||||
tx_from=0
|
||||
,base_lib="&lib"
|
||||
@ -1369,6 +1378,15 @@ insert into &lib..MPE_VALIDATIONS set
|
||||
,rule_value="&lib..MPE_TABLES.LIBREF"
|
||||
,rule_active=1
|
||||
,tx_to='31DEC5999:23:59:59'dt;
|
||||
insert into &lib..MPE_VALIDATIONS set
|
||||
tx_from=0
|
||||
,base_lib="&lib"
|
||||
,base_ds="MPE_SECURITY"
|
||||
,base_col="DSN"
|
||||
,rule_type='CASE'
|
||||
,rule_value="UPCASE"
|
||||
,rule_active=1
|
||||
,tx_to='31DEC5999:23:59:59'dt;
|
||||
insert into &lib..MPE_VALIDATIONS set
|
||||
tx_from=0
|
||||
,base_lib="&lib"
|
||||
|
29
sas/sasjs/services/hooks/mpe_security_postedit.sas
Normal file
29
sas/sasjs/services/hooks/mpe_security_postedit.sas
Normal file
@ -0,0 +1,29 @@
|
||||
/**
|
||||
@file
|
||||
@brief Post Edit Hook script for the MPE_SECURITY table
|
||||
@details Post edit hooks provide additional backend validation against
|
||||
user-sourced data. The incoming dataset is always `work.staging_ds` and this
|
||||
file is included from the mpe_loader.sas macro.
|
||||
|
||||
Available (at runtime) macro variables:
|
||||
@li DC_LIBREF - The DC control library for your site
|
||||
@li LIBREF - The library of the dataset being edited (is assigned)
|
||||
@li DS - The dataset being edited
|
||||
|
||||
|
||||
**/
|
||||
|
||||
/* ensure upcase */
|
||||
data work.staging_ds;
|
||||
set work.staging_ds;
|
||||
LIBREF=upcase(LIBREF);
|
||||
DSN=upcase(DSN);
|
||||
ACCESS_LEVEL=upcase(ACCESS_LEVEL);
|
||||
run;
|
||||
|
||||
%mp_abort(iftrue=(&syscc ne 0)
|
||||
,mac=mpe_tables_postedit
|
||||
,msg=%superq(errmsg)
|
||||
)
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user