project BLF > class BSystem > method ValidateComponent

Description

Write here all tests on database update (new / modify / delete) that cannot be coded with a validation mask.
The type of update can be found in tc_status (N/C/D).
If you find incorrect data, you must write an entry in tFcMessages (using SetMessage) and set the return status of this method to either +1 or -1.
Return status +1 = data will still be accepted.
Return status -1 = data will not be accepted.
This method is run from SetPublicTables, before transferring the received data into the class temp-tables.


Parameters


oiReturnStatusoutputinteger


Internal usage


unused


program code (program/bsystem.p)

define buffer Resources1 for Resources.
define buffer Resources2 for Resources.
define buffer RoleResource1 for RoleResource.
define buffer RoleResource2 for RoleResource.
define buffer Role1 for Role.
define buffer Role2 for Role.
define buffer UsrRoleCompany1 for UsrRoleCompany.
define buffer UsrRoleCompany2 for UsrRoleCompany.

/* ======================================================== */
/* Stop all previously accesed components                   */
/* ======================================================== */
<M-25 run StopExternalInstances
   (output viFcReturnSuper (oiReturnStatus)) in BSystem>
    
/* ===================================================================== */
/* Make sure to validate tcLangCode and to set Lng_ID based on tcLngCode */
/* ===================================================================== */
for each t_sSyst where
         t_sSyst.tc_Status = "N":U or
         t_sSyst.tc_Status = "C":U on error undo, throw:

    if t_sSyst.tcLngCode  = "":U or
       t_sSyst.tcLngCode  = ?
    then do:
        assign vcMessage      = trim(#T-9'You must enter the language code.':255(447)T-9#)
               oiReturnStatus = -1.
        <M-7 run SetMessage
      (input  vcMessage (icMessage), 
       input  '':U (icArguments), 
       input  't_sSyst.tcLngCode':U (icFieldName), 
       input  t_sSyst.tcLngCode (icFieldValue), 
       input  'E':U (icType), 
       input  3 (iiSeverity), 
       input  t_sSyst.tc_Rowid (icRowid), 
       input  'BLF-220':U (icFcMsgNumber), 
       input  '' (icFcExplanation), 
       input  '' (icFcIdentification), 
       input  '' (icFcContext), 
       output viFcReturnSuper (oiReturnStatus)) in BSystem>
    end. /* if tSys.tcLngCode  = "":U or */
    else do:
        if t_sSyst.tc_Status = "N":U or
           (t_sSyst.tc_Status = "C":U and
            can-find (t_iSyst where
                      t_iSyst.tc_Rowid   = t_sSyst.tc_Rowid and
                      t_iSyst.tcLngCode <> t_sSyst.tcLngCode))
        then do :
            <Q-4 run LanguagePrim (all) (Read) (Cache)
      (input t_sSyst.tcLngCode, (LngCode)
       input ?, (LngID)
       output dataset tqLanguagePrim) in BLanguage >
            find first tqLanguagePrim no-lock no-error.
            if not available tqLanguagePrim
            then do :
                assign vcMessage      = trim(substitute(#T-10'Invalid language code: &1.':255(448)T-10#,t_sSyst.tcLngCode))
                       oiReturnStatus = -1.
                <M-8 run SetMessage
      (input  vcMessage (icMessage), 
       input  '':U (icArguments), 
       input  'Syst.tcLngCode':U (icFieldName), 
       input  t_sSyst.tcLngCode (icFieldValue), 
       input  'E':U (icType), 
       input  3 (iiSeverity), 
       input  t_sSyst.tc_Rowid (icRowid), 
       input  'BLF-221':U (icFcMsgNumber), 
       input  '' (icFcExplanation), 
       input  '' (icFcIdentification), 
       input  '' (icFcContext), 
       output viFcReturnSuper (oiReturnStatus)) in BSystem>
           end. /* if not available tqLanguagePrim */
           else assign t_sSyst.Lng_ID = tqLanguagePrim.tiLng_ID.
        end. /* end if t_sSyst.tc_Status = "N":U or .. */
    end. /* if t_sSyst.tcLngCode <> "":U */
    
end. /* for each t_sSyst where */

    
<ANCESTOR-CODE>

/* Encode the password */

for each t_sSyst where
         t_sSyst.tc_Status = "N":U on error undo, throw:
         
    assign vhFcComponent = ?.
    <M-11 run MainBlock
       () in TCrypt>
    assign vhCrypthandle = vhFcComponent.
    
    <M-12 run EncryptString
       (input  t_sSyst.SystAdminUserPwd (icInputString), 
        output t_sSyst.SystAdminUserPwd (ocOutputString), 
        output viFcReturnSuper (oiReturnStatus)) in TCrypt>   
             
    run gipr_DeleteProcedure in vhCrypthandle.
    delete procedure vhCrypthandle.
        
end.

for each t_sSyst where
         t_sSyst.tc_Status = "C":U,
    each t_iSyst where
         t_iSyst.tc_Rowid = t_sSyst.tc_Rowid and
         t_iSyst.SystAdminUserPwd <> t_sSyst.SystAdminUserPwd on error undo, throw:
         
    assign vhFcComponent = ?.
    <M-13 run MainBlock
       () in TCrypt>
    assign vhCrypthandle = vhFcComponent.
    
    <M-14 run EncryptString
       (input  t_sSyst.SystAdminUserPwd (icInputString), 
        output t_sSyst.SystAdminUserPwd (ocOutputString), 
        output viFcReturnSuper (oiReturnStatus)) in TCrypt>   
             
    run gipr_DeleteProcedure in vhCrypthandle.
    delete procedure vhCrypthandle.
end.

for each t_sSyst where
        (t_sSyst.tc_Status = "N":U         or
         t_sSyst.tc_Status = "C":U)        And
         t_sSyst.tcSystAdminUsrLogin <> '' And
         t_sSyst.tcSystAdminUsrLogin <> ? on error undo, throw:
                      
    assign vhFcComponent = ?.
    <M-17 run MainBlock
       () in TCrypt>
    assign vhCrypthandle = vhFcComponent.
    
    <M-18 run DecryptString
       (input  t_sSyst.SystAdminUserPwd (icInputString), 
        output vcPwd (ocOutputString), 
        output viFcReturnSuper (oiReturnStatus)) in TCrypt>
             
    run gipr_DeleteProcedure in vhCrypthandle.
    delete procedure vhCrypthandle.

    <I-24 {bFcOpenInstance
            &CLASS           = "Session"}>
            
    <M-23 run ValidateLogin
       (input  t_sSyst.tcSystAdminUsrLogin (icUsrLogin), 
        input  vcPwd (icUsrPassword), 
        output viFcReturnSuper (oiReturnStatus)) in Session>    
    if viFcReturnSuper < 0
    then Do:
        Assign oiReturnStatus = viFcReturnSuper.        
        <M-20 run SetMessage
          (input  #T-22'Some errors occurred while validating user and password.':100(8460)T-22# (icMessage), 
           input  '' (icArguments), 
           input  't_sSyst.tcSystAdminUsrLogin':U (icFieldName), 
           input  t_sSyst.tcSystAdminUsrLogin (icFieldValue), 
           input  'E':U (icType), 
           input  3 (iiSeverity), 
           input  t_sSyst.tc_Rowid (icRowid), 
           input  'BLF-222':U (icFcMsgNumber), 
           input  '' (icFcExplanation), 
           input  '' (icFcIdentification), 
           input  '' (icFcContext), 
           output viFcReturnSuper (oiReturnStatus)) in BSystem>
    end.

    <I-21 {bFcCloseInstance
            &CLASS           = "Session"}>
                        
End. /*for each t_sSyst where*/

/* ===================================================================== */
/* SOD blocking flag can only be set when currently no violations exist. */
/* When SOD is already active, violations are available in the database. */
/* When SOD is not yet active, violations must be validated here.        */
/* These validations may take a long time. Do not run them if other      */
/* errors are already reported.                                          */
/* ===================================================================== */
if oiReturnStatus >= 0
then
for each t_sSyst where
         t_sSyst.SystSODBlockViolations and
        (t_sSyst.tc_Status = "N" or
         t_sSyst.tc_Status = "C")
         on error undo, throw:

    if t_sSyst.tc_Status = "C"
    and can-find (first t_iSyst where t_iSyst.SystSODBlockViolations)
    then next.

    if can-find (first t_iSyst where t_iSyst.SystSODActive)
    then do:
        if can-find (first SODViolation1)
        then do:
            oiReturnStatus = -1.
            <M-66 run SetMessage
               (input  #T-48'You cannot set the SOD blocking flag when violations ($1) still exist.':255(459643195)T-48# (icMessage), 
                input  'RULE 1' (icArguments), 
                input  'tSyst.SystSODBlockViolations' (icFieldName), 
                input  'true' (icFieldValue), 
                input  'E' (icType), 
                input  3 (iiSeverity), 
                input  t_sSyst.tc_Rowid (icRowid), 
                input  'blf-286421':U (icFcMsgNumber), 
                input  '' (icFcExplanation), 
                input  '' (icFcIdentification), 
                input  '' (icFcContext), 
                output viFcReturnSuper (oiReturnStatus)) in BSystem>
        end.    /* can-find (first SODViolation1) */
        
        if can-find (first SODViolation2)
        then do:
            oiReturnStatus = -1.
            <M-31 run SetMessage
               (input  #T-80'You cannot set the SOD blocking flag when violations ($1) still exist.':255(459643195)T-80# (icMessage), 
                input  'RULE 2' (icArguments), 
                input  'tSyst.SystSODBlockViolations' (icFieldName), 
                input  'true' (icFieldValue), 
                input  'E' (icType), 
                input  3 (iiSeverity), 
                input  t_sSyst.tc_Rowid (icRowid), 
                input  'blf-375127':U (icFcMsgNumber), 
                input  '' (icFcExplanation), 
                input  '' (icFcIdentification), 
                input  '' (icFcContext), 
                output viFcReturnSuper (oiReturnStatus)) in BSystem>
        end.    /* can-find (first SODViolation2) */
    end.    /* can-find (first t_iSyst) */
    else if can-find (first SODExclusion)
    then for each Role1 fields (Role_ID RoleName RoleSODException) no-lock where
                  Role1.RoleSODException = no on error undo, throw:
                      
        for each RoleResource1 fields (Role_ID Resource_ID) no-lock where
                 RoleResource1.Role_ID = Role1.Role_ID,
            each Resources1 fields (Resource_ID ResourceURI SODcategory_ID) no-lock where
                 Resources1.Resource_ID = RoleResource1.Resource_ID and
                 Resources1.SODcategory_ID <> 0
                 break by Resources1.SODcategory_ID:
            
            /* If no violations are found for a SOD category then skip validations for all next resources in this SOD category.
             * If violations are found keep validating because violations must be reported on resource level.
             */
            if first-of (Resources1.SODcategory_ID)
            then vlConflictFound = no.
            
            /* validate rule 1 */
            if first-of (Resources1.SODcategory_ID)
            or vlConflictFound
            then for each RoleResource2 fields (Role_ID Resource_ID) no-lock where
                          RoleResource2.Role_ID = Role1.Role_ID,
                     each Resources2 fields (Resource_ID ResourceURI SODcategory_ID) no-lock where
                          Resources2.Resource_ID = RoleResource2.Resource_ID and
                          Resources2.SODcategory_ID <> 0,
                     each SODExclusion fields (SODCategory1_ID SODCategory2_ID) no-lock where
                          SODExclusion.SODCategory1_ID = Resources1.SODcategory_ID and
                          SODExclusion.SODCategory2_ID = Resources2.SODcategory_ID on error undo, throw:
            
                vlConflictFound = yes.
                viConflicts = viConflicts + 1.
                if viConflicts > 100 then return.
                
                vcSODCategoryCode1 = "".
                for first SODCategory fields (SODCategory_ID SODCategoryCode) no-lock where
                          SODCategory.SODCategory_ID = Resources1.SODcategory_ID:
                    vcSODCategoryCode1 = SODCategory.SODCategoryCode.
                end.
        
                vcSODCategoryCode2 = "".
                for first SODCategory fields (SODCategory_ID SODCategoryCode) no-lock where
                          SODCategory.SODCategory_ID = Resources2.SODcategory_ID:
                    vcSODCategoryCode2 = SODCategory.SODCategoryCode.
                end.

                oiReturnStatus = -1.
                vcMessage = #T-63'You cannot set the SOD blocking flag when violations ($1) still exist.':255(459643195)T-63#.
                vcContext = #T-87'Role Name':10(7027)T-87# + " = " + Role1.RoleName + chr(10)
                          + #T-55'SOD Category 1 Code':20(583998413)T-55# + " = " + vcSODCategoryCode1 + chr(10)
                          + #T-94'Resource 1 URI':20(998717657)T-94# + " = " + Resources1.ResourceURI + chr(10)
                          + #T-78'SOD Category 2 Code':20(52834825)T-78# + " = " + vcSODCategoryCode2 + chr(10)
                          + #T-61'Resource 2 URI':20(117798426)T-61# + " = " + Resources2.ResourceURI.
                <M-60 run SetMessage
                   (input  vcMessage (icMessage), 
                    input  'RULE 1' (icArguments), 
                    input  'tSyst.SystSODBlockViolations' (icFieldName), 
                    input  'true' (icFieldValue), 
                    input  'E' (icType), 
                    input  3 (iiSeverity), 
                    input  t_sSyst.tc_Rowid (icRowid), 
                    input  'blf-689644':U (icFcMsgNumber), 
                    input  '' (icFcExplanation), 
                    input  '' (icFcIdentification), 
                    input  vcContext (icFcContext), 
                    output viFcReturnSuper (oiReturnStatus)) in BSystem>
            end.    /* each RoleResource2 */
            
            /* validate rule 2 */
            if first-of (Resources1.SODcategory_ID)
            or vlConflictFound
            then for each UsrRoleCompany1 fields (Usr_ID Role_ID Company_ID Domain_ID) no-lock where
                          UsrRoleCompany1.Role_ID = Role1.Role_ID,
                     each UsrRoleCompany2 fields (Usr_ID Role_ID Company_ID) no-lock where
                          UsrRoleCompany2.Usr_ID = UsrRoleCompany1.Usr_ID and
                          UsrRoleCompany2.Company_ID = UsrRoleCompany1.Company_ID and
                          UsrRoleCompany2.Role_ID <> Role1.Role_ID,
                     each Role2 fields (Role_ID RoleName RoleSODException) no-lock where
                          Role2.Role_ID = UsrRoleCompany2.Role_ID and
                          Role2.RoleSODException = no,
                     each RoleResource2 fields (Role_ID Resource_ID) no-lock where
                          RoleResource2.Role_ID = Role2.Role_ID,
                     each Resources2 fields (Resource_ID ResourceURI SODcategory_ID) no-lock where
                          Resources2.Resource_ID = RoleResource2.Resource_ID and
                          Resources2.SODcategory_ID <> 0,
                     each SODExclusion fields (SODCategory1_ID SODCategory2_ID) no-lock where
                          SODExclusion.SODCategory1_ID = Resources1.SODcategory_ID and
                          SODExclusion.SODCategory2_ID = Resources2.SODcategory_ID on error undo, throw:
            
                vlPolicyException = no.
                for each SODException fields (SODException_ID Usr_ID) no-lock where
                         SODException.Usr_ID = UsrRoleCompany1.Usr_ID:
                    if can-find (first SODExceptionLn where
                         SODExceptionLn.SODException_ID = SODException.SODException_ID and
                         SODExceptionLn.SODCategory1_ID = Resources1.SODcategory_ID and
                         SODExceptionLn.SODCategory2_ID = Resources2.SODcategory_ID and
                        (SODExceptionLn.Company_ID = UsrRoleCompany1.Company_ID or SODExceptionLn.Company_ID = 0) and
                        (SODExceptionLn.Domain_ID = UsrRoleCompany1.Domain_ID or SODExceptionLn.Domain_ID = 0))
                    or can-find (first SODExceptionLn where
                         SODExceptionLn.SODException_ID = SODException.SODException_ID and
                         SODExceptionLn.SODCategory1_ID = Resources2.SODcategory_ID and
                         SODExceptionLn.SODCategory2_ID = Resources1.SODcategory_ID and
                        (SODExceptionLn.Company_ID = UsrRoleCompany1.Company_ID or SODExceptionLn.Company_ID = 0) and
                        (SODExceptionLn.Domain_ID = UsrRoleCompany1.Domain_ID or SODExceptionLn.Domain_ID = 0))
                    then do:
                        vlPolicyException = yes.
                        leave.
                    end.
                end.    /* each SODException */
                if vlPolicyException = no
                then do:
                    /* conflict found. */
                    viConflicts = viConflicts + 1.
                    if viConflicts > 100 then return.
                    
                    vcSODCompanyCode = "".
                    for first Company fields (Company_ID CompanyCode) no-lock where
                              Company.Company_ID = UsrRoleCompany1.Company_ID:
                        vcSODCompanyCode = Company.CompanyCode.
                    end.
                    
                    vcSODUserName = "".
                    for first Usr fields (Usr_ID UsrName) no-lock where
                              Usr.Usr_ID = UsrRoleCompany1.Usr_ID:
                        vcSODUserName = Usr.UsrName.
                    end.
            
                    vcSODCategoryCode1 = "".
                    for first SODCategory fields (SODCategory_ID SODCategoryCode) no-lock where
                              SODCategory.SODCategory_ID = Resources1.SODcategory_ID:
                        vcSODCategoryCode1 = SODCategory.SODCategoryCode.
                    end.
            
                    vcSODCategoryCode2 = "".
                    for first SODCategory fields (SODCategory_ID SODCategoryCode) no-lock where
                              SODCategory.SODCategory_ID = Resources2.SODcategory_ID:
                        vcSODCategoryCode2 = SODCategory.SODCategoryCode.
                    end.

                    oiReturnStatus = -1.
                    vcMessage = #T-26'You cannot set the SOD blocking flag when violations ($1) still exist.':255(459643195)T-26#.
                    vcContext = #T-77'User Name':17(7033)T-77# + " = " + vcSODUserName + chr(10)
                              + #T-831'Entity Code':24(8770)T-831# + " = " + vcSODCompanyCode + chr(10)
                              + #T-57'Role 1 Name':20(733738256)T-57# + " = " + Role1.RoleName + chr(10)
                              + #T-76'Resource 1 URI':20(998717657)T-76# + " = " + Resources1.ResourceURI + chr(10)
                              + #T-91'SOD Category 1 Code':20(583998413)T-91# + " = " + vcSODCategoryCode1 + chr(10)
                              + #T-6'Role 2 Name':20(73458301)T-6# + " = " + Role2.RoleName + chr(10)
                              + #T-5'Resource 2 URI':20(117798426)T-5# + " = " + Resources2.ResourceURI + chr(10)
                              + #T-35'SOD Category 2 Code':20(52834825)T-35# + " = " + vcSODCategoryCode2.                        
                    <M-47 run SetMessage
                       (input  vcMessage (icMessage), 
                        input  'RULE 2' (icArguments), 
                        input  'tSyst.SystSODBlockViolations' (icFieldName), 
                        input  'true' (icFieldValue), 
                        input  'E' (icType), 
                        input  3 (iiSeverity), 
                        input  t_sSyst.tc_Rowid (icRowid), 
                        input  'blf-442229':U (icFcMsgNumber), 
                        input  '' (icFcExplanation), 
                        input  '' (icFcIdentification), 
                        input  vcContext (icFcContext), 
                        output viFcReturnSuper (oiReturnStatus)) in BSystem>
                end.    /* vlPolicyException = no */
            end.    /* each UsrRoleCompany1 */
        end.    /* each RoleResource1 */
    end.    /* each Role */
end.    /* each t_sSyst */

finally:    
    if viConflicts > 100
    then do:
        <M-45 run SetMessage
           (input  #T-29'Validation is aborted after 100 errors were reported.':255(415735840)T-29# (icMessage), 
            input  '' (icArguments), 
            input  '' (icFieldName), 
            input  '' (icFieldValue), 
            input  'W' (icType), 
            input  3 (iiSeverity), 
            input  '' (icRowid), 
            input  'blf-822986':U (icFcMsgNumber), 
            input  '' (icFcExplanation), 
            input  '' (icFcIdentification), 
            input  '' (icFcContext), 
            output viFcReturnSuper (oiReturnStatus)) in BSystem>
    end.
    
end finally.