Description
Write here all tests on database update (new / modify / delete) that cannot be coded with a validation mask.
The type of update can be found in tc_status (N/C/D).
If you find incorrect data, you must write an entry in tFcMessages (using SetMessage) and set the return status of this method to either +1 or -1.
Return status +1 = data will still be accepted.
Return status -1 = data will not be accepted.
This method is run from SetPublicTables, before transferring the received data into the class temp-tables.
Parameters
| oiReturnStatus | output | integer | |
Internal usage
unused
program code (program/bsodcategoryexclusion.p)
define buffer Resources1 for Resources.
define buffer Resources2 for Resources.
define buffer RoleResource1 for RoleResource.
define buffer RoleResource2 for RoleResource.
define buffer Role1 for Role.
define buffer Role2 for Role.
define buffer UsrRoleCompany1 for UsrRoleCompany.
define buffer UsrRoleCompany2 for UsrRoleCompany.
<ANCESTOR-CODE>
/* Validate that the exclusion level is blank or from the list of valid values */
for each t_sSODExclusion
where t_sSODExclusion.tc_Status <> "D"
and t_sSODExclusion.SODExclusionLevel <> ""
on error undo, throw:
assign viLevelIndex = lookup(t_sSODExclusion.SODExclusionLevel, {&SOD-EXCLUSION-LEVELS}).
if viLevelIndex <> ? and viLevelIndex <> 0 then next.
<M-23 run SetMessage
(input #T-36'Invalid exclusion level ($1).':255(330622618)T-36# (icMessage),
input t_sSODExclusion.SODExclusionLevel (icArguments),
input 'tSODExclusion.SODExclusionLevel' (icFieldName),
input t_sSODExclusion.SODExclusionLevel (icFieldValue),
input 'E' (icType),
input 3 (iiSeverity),
input t_sSODExclusion.tc_Rowid (icRowid),
input 'blf-616547':U (icFcMsgNumber),
input '' (icFcExplanation),
input '' (icFcIdentification),
input '' (icFcContext),
output viFcReturnSuper (oiReturnStatus)) in BSODCategoryExclusion>
oiReturnStatus = -1.
end.
if can-find (Syst where Syst.SystSODActive and Syst.SystSODBlockViolations)
then do:
vlBlockSOD = yes.
for each t_sSODExclusion where
t_sSODExclusion.SODCategory1_ID <> 0 and
t_sSODExclusion.SODCategory1_ID <> ? and
t_sSODExclusion.SODCategory2_ID <> 0 and
t_sSODExclusion.SODCategory2_ID <> ? and
t_sSODExclusion.SODCategory1_ID > t_sSODExclusion.SODCategory2_ID and /* each combination is created twice but only validated once */
t_sSODExclusion.tc_Status = "N" on error undo, throw:
/* ================================================================= */
/* Validate rule 1 : */
/* find one role with resources from both categories. */
/* ================================================================= */
for each Resources1 fields (Resource_ID SODcategory_ID) no-lock where
Resources1.SODcategory_ID = t_sSODExclusion.SODCategory1_ID,
each RoleResource1 fields (Resource_ID Role_ID) no-lock where
RoleResource1.Resource_ID = Resources1.Resource_ID,
each Role1 fields (Role_ID RoleName RoleSODException) no-lock where
Role1.Role_ID = RoleResource1.Role_ID and
Role1.RoleSODException = no
break by Role1.Role_ID on error undo, throw:
if first-of (Role1.Role_ID)
then for each RoleResource2 fields (Resource_ID Role_ID) no-lock where
RoleResource2.Role_ID = Role1.Role_ID,
each Resources2 fields (Resource_ID SODcategory_ID) no-lock where
Resources2.Resource_ID = RoleResource2.Resource_ID and
Resources2.SODcategory_ID = t_sSODExclusion.SODCategory2_ID on error undo, throw:
viErrorsReported = viErrorsReported + 1.
if viErrorsReported > 100
then return.
oiReturnStatus = -1.
<M-56 run SetMessage
(input #T-44'Cannot create exclusion, a role ($1) exists that contains resources from both categories.':255(253138281)T-44# (icMessage),
input Role1.RoleName (icArguments),
input 'tSODExclusion.tcSODCategory1Code' (icFieldName),
input t_sSODExclusion.tcSODCategory1Code (icFieldValue),
input 'E' (icType),
input 3 (iiSeverity),
input t_sSODExclusion.tc_Rowid (icRowid),
input 'blf-595980':U (icFcMsgNumber),
input '' (icFcExplanation),
input '' (icFcIdentification),
input '' (icFcContext),
output viFcReturnSuper (oiReturnStatus)) in BSODCategoryExclusion>
leave.
end. /* first-of (Role1.Role_ID) */
end. /* each Resources1 */
/* ================================================================= */
/* Validate rule 2 : */
/* find one user - company combination with access to resources from */
/* both categories and no exception exists. */
/* ================================================================= */
for each Resources1 fields (Resource_ID SODcategory_ID) no-lock where
Resources1.SODCategory_ID = t_sSODExclusion.SODCategory1_ID,
each RoleResource1 fields (Resource_ID Role_ID) no-lock where
RoleResource1.Resource_ID = Resources1.Resource_ID,
each Role1 fields (Role_ID RoleSODException) no-lock where
Role1.Role_ID = RoleResource1.Role_ID and
Role1.RoleSODException = no,
each UsrRoleCompany1 fields (Usr_ID Role_ID Company_ID Domain_ID) no-lock where
UsrRoleCompany1.Role_ID = Role1.Role_ID,
each UsrRoleCompany2 fields (Usr_ID Role_ID Company_ID) no-lock where
UsrRoleCompany2.Usr_ID = UsrRoleCompany1.Usr_ID and
UsrRoleCompany2.Company_ID = UsrRoleCompany1.Company_ID and
UsrRoleCompany2.Role_ID <> UsrRoleCompany1.Role_ID,
each Role2 fields (Role_ID RoleSODException) no-lock where
Role2.Role_ID = UsrRoleCompany2.Role_ID and
Role2.RoleSODException = no,
each RoleResource2 fields (Resource_ID Role_ID) no-lock where
RoleResource2.Role_ID = Role2.Role_ID,
each Resources2 fields (Resource_ID SODcategory_ID) no-lock where
Resources2.Resource_ID = RoleResource2.Resource_ID and
Resources2.SODCategory_ID = t_sSODExclusion.SODCategory2_ID on error undo, throw:
vlPolicyException = no.
for each SODException fields (SODException_ID Usr_ID) no-lock where
SODException.Usr_ID = UsrRoleCompany1.Usr_ID:
if can-find (first SODExceptionLn where
SODExceptionLn.SODException_ID = SODException.SODException_ID and
SODExceptionLn.SODCategory1_ID = t_sSODExclusion.SODCategory1_ID and
SODExceptionLn.SODCategory2_ID = t_sSODExclusion.SODCategory2_ID and
(SODExceptionLn.Company_ID = UsrRoleCompany1.Company_ID or SODExceptionLn.Company_ID = 0) and
(SODExceptionLn.Domain_ID = UsrRoleCompany1.Domain_ID or SODExceptionLn.Domain_ID = 0))
or can-find (first SODExceptionLn where
SODExceptionLn.SODException_ID = SODException.SODException_ID and
SODExceptionLn.SODCategory1_ID = t_sSODExclusion.SODCategory2_ID and
SODExceptionLn.SODCategory2_ID = t_sSODExclusion.SODCategory1_ID and
(SODExceptionLn.Company_ID = UsrRoleCompany1.Company_ID or SODExceptionLn.Company_ID = 0) and
(SODExceptionLn.Domain_ID = UsrRoleCompany1.Domain_ID or SODExceptionLn.Domain_ID = 0))
then do:
vlPolicyException = yes.
leave.
end.
end. /* each SODException */
if vlPolicyException = no
then do:
viErrorsReported = viErrorsReported + 1.
if viErrorsReported > 100
then return.
vcSODUserName = "".
for first Usr fields (Usr_ID UsrName) no-lock where
Usr.Usr_ID = UsrRoleCompany1.Usr_ID:
vcSODUserName = Usr.UsrName.
end.
oiReturnStatus = -1.
<M-79 run SetMessage
(input #T-21'Cannot create exclusion, a user ($1) exists that has access to resources from both categories':255(459119659)T-21# (icMessage),
input vcSODUserName (icArguments),
input 'tSODExclusion.tcSODCategory1Code' (icFieldName),
input t_sSODExclusion.tcSODCategory1Code (icFieldValue),
input 'E' (icType),
input 3 (iiSeverity),
input t_sSODExclusion.tc_Rowid (icRowid),
input 'blf-702495':U (icFcMsgNumber),
input '' (icFcExplanation),
input '' (icFcIdentification),
input '' (icFcContext),
output viFcReturnSuper (oiReturnStatus)) in BSODCategoryExclusion>
end. /* vlPolicyException = no */
end. /* each Resources1 */
end. /* each t_sSODExclusion */
end. /* Syst.SystSODBlockViolations = yes */
else vlBlockSOD = no.
finally:
if viErrorsReported > 100
then do:
<M-34 run SetMessage
(input #T-92'Validation is aborted after 100 errors were reported.':255(415735840)T-92# (icMessage),
input '' (icArguments),
input '' (icFieldName),
input '' (icFieldValue),
input 'W' (icType),
input 3 (iiSeverity),
input '' (icRowid),
input 'blf-803324':U (icFcMsgNumber),
input '' (icFcExplanation),
input '' (icFcIdentification),
input '' (icFcContext),
output viFcReturnSuper (oiReturnStatus)) in BSODCategoryExclusion>
end.
end finally.