fix: closes #39 upcase issue in MPE_SECURITY

adding frontend validation rule, backend upcase enforcement rule, and modification to service code to ensure values are upcased before comparison

sas/sasjs/macros/mpe_accesscheck.sas

@@ -1,21 +1,22 @@
 /**
   @file
-  @brief Checks the level of access a user has to the MP Editor
+  @brief Checks group access level for a table or library
   @details In order for a user to be able to EDIT or APPROVE a table they must
-    be in a metadata group that has been granted access to that table in the
-    &mpelib..mpe_security table.  Alternatively, they may be in the
-    &mpeadmins group (has overall access).
+    be in a group that has been granted access to that table in the
+    MPE_SECURITY table.  Alternatively, they may be in the &mpeadmins
+    group (which has full access to everything).
 
   <h4> SAS Macros </h4>
   @li mp_abort.sas
+  @li mf_getuser.sas
   @li mf_verifymacvars.sas
-  @li mpe_getgroups.sas
   @li mp_dropmembers.sas
+  @li mpe_getgroups.sas
 
-  @param [in] access_level= access_level (per &mpelib..mp_editor_security) reqd
-
-  @returns outds A table containing all the groups that user is a member of,
-    which are granted the access_level requested.
+  @param [in] base_table The base table to check for
+  @param [in] access_level= (APPROVE) access_level (per MPE_SECURITY) reqd
+  @param [out] outds= (MED_ACCESSCHECK) Output table containing all the groups
+    the user is a member of, which are granted the access_level requested.
 
   @version 9.2
   @author 4GL Apps Ltd
@@ -25,7 +26,7 @@
 **/
 
 %macro mpe_accesscheck(
-    base_table   /* base table to check for */
+    base_table
     ,outds=med_accesscheck /* WORK table to contain access details */
     ,user= /* metadata user to check for */
     ,access_level=APPROVE
@@ -53,37 +54,42 @@
   /* ensure any existing table is dropped */
   %mp_dropmembers(&ds)
 
-  /* create a new table for temp use */
-  data; run;
-  %local tempds; %let tempds=&syslast;
-
-  /* overwrite with the list of groups */
-  %mpe_getgroups(user=&user,outds=&tempds);
+  /* get list of user groups */
+  %local tempds1;
+  %let tempds1=%mf_getuniquename(prefix=usergroups);
+  %mpe_getgroups(user=&user,outds=&tempds1)
 
+  /* get list of groups with access for that table */
+  %local tempds2;
+  %let tempds2=%mf_getuniquename(prefix=tablegroups);
+  proc sql;
+  create table &tempds2 as
+    select distinct sas_group
+    from &mpelib..mpe_security
+    where &dc_dttmtfmt. lt tx_to
+    and access_level="&access_level"
+    and (
+      (libref="%scan(&base_table,1,.)" and upcase(dsn)="%scan(&base_table,2,.)")
+      or (libref="%scan(&base_table,1,.)" and dsn="*ALL*")
+      or (libref="*ALL*")
+    );
   %if &_debug ge 131 %then %do;
     data _null_;
-      set &tempds;
+      set &tempds1;
+      putlog (_all_)(=);
+    run;
+    data _null_;
+      set &tempds2;
       putlog (_all_)(=);
     run;
   %end;
 
   proc sql;
   create table &outds as
-  select * from &tempds
+  select * from &tempds1
     where groupname="&mpeadmins"
-      or groupname in
-      (select sas_group from &mpelib..mpe_security
-        where &dc_dttmtfmt. lt tx_to
-        and access_level="&access_level"
-          & (
-            (libref="%scan(&base_table,1,.)" and dsn="%scan(&base_table,2,.)")
-            or (libref="%scan(&base_table,1,.)" and dsn="*ALL*")
-            or (libref="*ALL*")
-          )
-      );
+      or groupname in (select * from &tempds2);
 
-%put base_table=&base_table;
-%put libref=%scan(&base_table,1,.);
-%put dsn=%scan(&base_table,2,.);
-%put access_level=&access_level;
+  %put &sysmacroname: base_table=&base_table;
+  %put &sysmacroname: access_level=&access_level;
 %mend mpe_accesscheck;

sas/sasjs/macros/mpe_makedata.sas

@@ -1351,6 +1351,15 @@ insert into &lib..MPE_VALIDATIONS set
     ,rule_value='UPCASE'
     ,rule_active=1
     ,tx_to='31DEC5999:23:59:59'dt;
+insert into &lib..MPE_VALIDATIONS set
+    tx_from=0
+    ,base_lib="&lib"
+    ,base_ds="MPE_SECURITY"
+    ,base_col="LIBREF"
+    ,rule_type='CASE'
+    ,rule_value="UPCASE"
+    ,rule_active=1
+    ,tx_to='31DEC5999:23:59:59'dt;
 insert into &lib..MPE_VALIDATIONS set
     tx_from=0
     ,base_lib="&lib"
@@ -1369,6 +1378,15 @@ insert into &lib..MPE_VALIDATIONS set
     ,rule_value="&lib..MPE_TABLES.LIBREF"
     ,rule_active=1
     ,tx_to='31DEC5999:23:59:59'dt;
+insert into &lib..MPE_VALIDATIONS set
+    tx_from=0
+    ,base_lib="&lib"
+    ,base_ds="MPE_SECURITY"
+    ,base_col="DSN"
+    ,rule_type='CASE'
+    ,rule_value="UPCASE"
+    ,rule_active=1
+    ,tx_to='31DEC5999:23:59:59'dt;
 insert into &lib..MPE_VALIDATIONS set
     tx_from=0
     ,base_lib="&lib"

sas/sasjs/services/hooks/mpe_security_postedit.sas

@@ -0,0 +1,29 @@
+/**
+  @file
+  @brief Post Edit Hook script for the MPE_SECURITY table
+  @details Post edit hooks provide additional backend validation against
+  user-sourced data.  The incoming dataset is always `work.staging_ds` and this
+  file is included from the mpe_loader.sas macro.
+
+  Available (at runtime) macro variables:
+    @li DC_LIBREF - The DC control library for your site
+    @li LIBREF - The library of the dataset being edited (is assigned)
+    @li DS - The dataset being edited
+
+
+**/
+
+/* ensure upcase */
+data work.staging_ds;
+  set work.staging_ds;
+  LIBREF=upcase(LIBREF);
+  DSN=upcase(DSN);
+  ACCESS_LEVEL=upcase(ACCESS_LEVEL);
+run;
+
+%mp_abort(iftrue=(&syscc ne 0)
+  ,mac=mpe_tables_postedit
+  ,msg=%superq(errmsg)
+)
+
+