Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Importing Permissions with Overwrite Option #3184

Merged
merged 2 commits into from
Mar 20, 2025
Merged

Importing Permissions with Overwrite Option #3184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
77b8da3
Importing Permissions with Overwrite Option
miljance Mar 5, 2025
ad408b5
Fixing code cop warnings and removing undocumented change
miljance Mar 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions src/System Application/App/Permission Sets/src/xmlports/ImportPermissionSets.xmlport.al
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,9 +120,20 @@ xmlport 9864 "Import Permission Sets"
}

trigger OnBeforeInsertRecord()
var
TenantPermission: Record "Tenant Permission";
TenantPermissionSetRel: Record "Tenant Permission Set Rel.";
begin
if TempTenantPermissionSet.Get(TempTenantPermissionSet."App ID", TempTenantPermissionSet."Role ID") then
currXMLport.Skip();
if not UpdatePermissions then begin
TenantPermissionSetRel.SetFilter("App ID", TempTenantPermissionSet."App ID");
TenantPermissionSetRel.SetFilter("Role ID", TempTenantPermissionSet."Role ID");
TenantPermissionSetRel.DeleteAll();
TenantPermission.SetFilter("App ID", TempTenantPermissionSet."App ID");
TenantPermission.SetFilter("Role ID", TempTenantPermissionSet."Role ID");
TenantPermission.DeleteAll();
end;
end;
}
tableelement(TempMetadataPermissionSet; "Metadata Permission Set")
Expand Down Expand Up @@ -211,9 +222,20 @@ xmlport 9864 "Import Permission Sets"
}

trigger OnBeforeInsertRecord()
var
MetadataPermission: Record "Metadata Permission";
MetadataPermissionSetRel: Record "Metadata Permission Set Rel.";
begin
if TempMetadataPermissionSet.Get(TempMetadataPermissionSet."App ID", TempMetadataPermissionSet."Role ID") then
currXMLport.Skip();
if not UpdatePermissions then begin
MetadataPermissionSetRel.SetFilter("App ID", TempMetadataPermissionSet."App ID");
MetadataPermissionSetRel.SetFilter("Role ID", TempMetadataPermissionSet."Role ID");
MetadataPermissionSetRel.DeleteAll();
MetadataPermission.SetFilter("App ID", TempMetadataPermissionSet."App ID");
MetadataPermission.SetFilter("Role ID", TempTenantPermissionSet."Role ID");
MetadataPermission.DeleteAll();
end;
end;
}
}
Expand Down
131 changes: 125 additions & 6 deletions src/System Application/Test/Permission Sets/src/PermissionImportExportTests.Codeunit.al
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ codeunit 132437 "Permission Import Export Tests"
MetadataPermissionSet: Record "Metadata Permission Set";
TenantPermissionSetRel: Record "Tenant Permission Set Rel.";
TempBlob: Codeunit "Temp Blob";
ImportPermissionSets: XmlPort "Import Permission Sets";
OutStr: OutStream;
InStr: InStream;
ZeroGuid: Guid;
Expand All @@ -52,7 +53,9 @@ codeunit 132437 "Permission Import Export Tests"

// [WHEN] Import exported permission set
TempBlob.CreateInStream(InStr);
Xmlport.Import(Xmlport::"Import Permission Sets", InStr);
ImportPermissionSets.SetSource(InStr);
ImportPermissionSets.SetUpdatePermissions(true);
ImportPermissionSets.Import();

MetadataPermissionSet.SetFilter("Role ID", 'Permission Set A');
MetadataPermissionSet.FindFirst();
Expand All @@ -72,6 +75,7 @@ codeunit 132437 "Permission Import Export Tests"
MetadataPermissionSet: Record "Metadata Permission Set";
TenantPermissionSetRel: Record "Tenant Permission Set Rel.";
TempBlob: Codeunit "Temp Blob";
ImportPermissionSets: XmlPort "Import Permission Sets";
OutStr: OutStream;
InStr: InStream;
ZeroGuid: Guid;
Expand All @@ -96,7 +100,9 @@ codeunit 132437 "Permission Import Export Tests"

// [WHEN] Import exported permission set
TempBlob.CreateInStream(InStr);
Xmlport.Import(Xmlport::"Import Permission Sets", InStr);
ImportPermissionSets.SetSource(InStr);
ImportPermissionSets.SetUpdatePermissions(true);
ImportPermissionSets.Import();

// [THEN] System PS "Permission Set C" is now found as a tenant permission set with relation
LibraryAssert.IsTrue(TenantPermissionSet.Get(ZeroGuid, 'Permission Set C'), 'Permission Set C is missing');
Expand All @@ -116,6 +122,7 @@ codeunit 132437 "Permission Import Export Tests"
MetadataPermissionSet: Record "Metadata Permission Set";
TenantPermissionSetRel: Record "Tenant Permission Set Rel.";
TempBlob: Codeunit "Temp Blob";
ImportPermissionSets: XmlPort "Import Permission Sets";
OutStr: OutStream;
InStr: InStream;
ZeroGuid: Guid;
Expand All @@ -140,7 +147,9 @@ codeunit 132437 "Permission Import Export Tests"

// [WHEN] Import exported permission set
TempBlob.CreateInStream(InStr);
Xmlport.Import(Xmlport::"Import Permission Sets", InStr);
ImportPermissionSets.SetSource(InStr);
ImportPermissionSets.SetUpdatePermissions(true);
ImportPermissionSets.Import();

MetadataPermissionSet.SetFilter("Role ID", 'Permission Set A');
MetadataPermissionSet.FindFirst();
Expand All @@ -164,6 +173,7 @@ codeunit 132437 "Permission Import Export Tests"
TenantPermissionSetRel: Record "Tenant Permission Set Rel.";
PermissionSetRelation: Codeunit "Permission Set Relation";
TempBlob: Codeunit "Temp Blob";
ImportPermissionSets: XmlPort "Import Permission Sets";
OutStr: OutStream;
InStr: InStream;
ZeroGuid: Guid;
Expand Down Expand Up @@ -197,7 +207,9 @@ codeunit 132437 "Permission Import Export Tests"

// [WHEN] Import exported tenant permission set
TempBlob.CreateInStream(InStr);
Xmlport.Import(Xmlport::"Import Permission Sets", InStr);
ImportPermissionSets.SetSource(InStr);
ImportPermissionSets.SetUpdatePermissions(true);
ImportPermissionSets.Import();

// [THEN] Tenant permission set is found with the correct permissions
LibraryAssert.IsTrue(TenantPermissionSet.Get(ZeroGuid, NewRoleId), 'Test permission set is missing');
Expand All @@ -218,6 +230,7 @@ codeunit 132437 "Permission Import Export Tests"
PermissionSetRelation: Codeunit "Permission Set Relation";
TempBlobOriginal: Codeunit "Temp Blob";
TempBlobModified: Codeunit "Temp Blob";
ImportPermissionSets: XmlPort "Import Permission Sets";
OutStr: OutStream;
InStr: InStream;
ZeroGuid: Guid;
Expand Down Expand Up @@ -274,7 +287,9 @@ codeunit 132437 "Permission Import Export Tests"

// [WHEN] Import the original tenant permission set that was exported
TempBlobOriginal.CreateInStream(InStr);
Xmlport.Import(Xmlport::"Import Permission Sets", InStr);
ImportPermissionSets.SetSource(InStr);
ImportPermissionSets.SetUpdatePermissions(true);
ImportPermissionSets.Import();

// [THEN] Tenant permission set is found with the correct permissions
LibraryAssert.IsTrue(TenantPermissionSet.Get(ZeroGuid, NewRoleId), 'Test permission set is missing');
Expand All @@ -287,7 +302,10 @@ codeunit 132437 "Permission Import Export Tests"

// [WHEN] Import the modified tenant permission set
TempBlobModified.CreateInStream(InStr);
Xmlport.Import(Xmlport::"Import Permission Sets", InStr);
Clear(ImportPermissionSets);
ImportPermissionSets.SetSource(InStr);
ImportPermissionSets.SetUpdatePermissions(true);
ImportPermissionSets.Import();

// [THEN] Tenant permission set is found with the modified permissions
LibraryAssert.IsTrue(TenantPermissionSet.Get(ZeroGuid, NewRoleId), 'Test permission set is missing');
Expand All @@ -303,6 +321,107 @@ codeunit 132437 "Permission Import Export Tests"
LibraryAssert.AreEqual(TenantPermission."Delete Permission", TenantPermission."Delete Permission"::" ", 'Delete permission is not set correctly.');
end;

[Test]
[Scope('OnPrem')]
procedure ExportImportTenantPermissionSetUsingOverwriteOption()
var
TenantPermission: Record "Tenant Permission";
TenantPermissionSet: Record "Tenant Permission Set";
TenantPermissionSetRel: Record "Tenant Permission Set Rel.";
PermissionSetRelation: Codeunit "Permission Set Relation";
TempBlobOriginal: Codeunit "Temp Blob";
TempBlobModified: Codeunit "Temp Blob";
ImportPermissionSets: XmlPort "Import Permission Sets";
OutStr: OutStream;
InStr: InStream;
ZeroGuid: Guid;
AppId: Guid;
NewRoleId: Code[20];
NewName: Text;
begin
// [FEATURE] [Import] [XMLPORT] [Permission Set] [Tenant Permission Set]
// [SCENARIO] Tenant permission set is exported and imported. Then the same permission set is imported again with changed permissions and should be imported as is without merging.

Initialize();

NewRoleId := 'Test Permission Set';
NewName := 'Test Permission Set';

// [WHEN] Permission Set C is cloned to get a tenant permission set
PermissionSetRelation.CopyPermissionSet(NewRoleId, NewName, 'Permission Set C', AppId, Scope::System, Enum::"Permission Set Copy Type"::Clone);

TenantPermissionSet.SetFilter("Role ID", NewRoleId);
TempBlobOriginal.CreateOutStream(OutStr);

// [WHEN] Export Tenant permission set
Xmlport.Export(Xmlport::"Export Permission Sets Tenant", OutStr, TenantPermissionSet);

LibraryAssert.IsTrue(TenantPermissionSet.Get(ZeroGuid, NewRoleId), 'Test permission set is missing');
LibraryAssert.IsTrue(TenantPermission.Get(ZeroGuid, TenantPermissionSet."Role ID", TenantPermission."Object Type"::"Table Data", Database::"Tenant Permission"), 'Included permission to Test permission set is missing');

// [WHEN] Existing permission for the permission set is changed
TenantPermission."Read Permission" := TenantPermission."Read Permission"::" "; // read permission is removed
TenantPermission."Delete Permission" := TenantPermission."Delete Permission"::Yes; // delete permission is added
TenantPermission.Modify();

// [WHEN] A new permission is added to the permission set
TenantPermission.Init();
TenantPermission."Role ID" := NewRoleId;
TenantPermission."Object Type" := TenantPermission."Object Type"::"Table Data";
TenantPermission."Object ID" := Database::"Metadata Permission";
TenantPermission."Read Permission" := TenantPermission."Read Permission"::Indirect;
TenantPermission."Insert Permission" := TenantPermission."Insert Permission"::" ";
TenantPermission."Modify Permission" := TenantPermission."Modify Permission"::" ";
TenantPermission."Delete Permission" := TenantPermission."Delete Permission"::" ";
TenantPermission.Insert();

// [WHEN] Tenant permission set is exported again
TempBlobModified.CreateOutStream(OutStr);
Xmlport.Export(Xmlport::"Export Permission Sets Tenant", OutStr, TenantPermissionSet);

// [WHEN] No tenant permission sets exists
TenantPermissionSet.DeleteAll();
TenantPermissionSet.SetFilter("Role ID", NewRoleId);
LibraryAssert.RecordIsEmpty(TenantPermissionSet);
TenantPermissionSetRel.SetFilter("Role ID", NewRoleId);
LibraryAssert.RecordIsEmpty(TenantPermissionSetRel);

// [WHEN] Import the original tenant permission set that was exported
TempBlobOriginal.CreateInStream(InStr);
ImportPermissionSets.SetSource(InStr);
ImportPermissionSets.SetUpdatePermissions(false);
ImportPermissionSets.Import();

// [THEN] Tenant permission set is found with the correct permissions
LibraryAssert.IsTrue(TenantPermissionSet.Get(ZeroGuid, NewRoleId), 'Test permission set is missing');
LibraryAssert.IsTrue(TenantPermission.Get(ZeroGuid, TenantPermissionSet."Role ID", TenantPermission."Object Type"::"Table Data", Database::"Tenant Permission"), 'Included permission to Test permission set is missing');
LibraryAssert.AreEqual(TenantPermission."Read Permission", TenantPermission."Read Permission"::Yes, 'Read permission is not set correctly.');
LibraryAssert.AreEqual(TenantPermission."Insert Permission", TenantPermission."Insert Permission"::Indirect, 'Insert permission is not set correctly.');
LibraryAssert.AreEqual(TenantPermission."Modify Permission", TenantPermission."Modify Permission"::Indirect, 'Modify permission is not set correctly.');
LibraryAssert.AreEqual(TenantPermission."Delete Permission", TenantPermission."Delete Permission"::" ", 'Delete permission is not set correctly.');
LibraryAssert.IsFalse(TenantPermission.Get(ZeroGuid, TenantPermissionSet."Role ID", TenantPermission."Object Type"::"Table Data", Database::"Metadata Permission"), 'Metadata permission should not be included');

// [WHEN] Import the modified tenant permission set
TempBlobModified.CreateInStream(InStr);
Clear(ImportPermissionSets);
ImportPermissionSets.SetSource(InStr);
ImportPermissionSets.SetUpdatePermissions(false);
ImportPermissionSets.Import();

// [THEN] Tenant permission set is found with the modified permissions
LibraryAssert.IsTrue(TenantPermissionSet.Get(ZeroGuid, NewRoleId), 'Test permission set is missing');
LibraryAssert.IsTrue(TenantPermission.Get(ZeroGuid, TenantPermissionSet."Role ID", TenantPermission."Object Type"::"Table Data", Database::"Tenant Permission"), 'Included permission to Test permission set is missing');
LibraryAssert.AreEqual(TenantPermission."Read Permission", TenantPermission."Read Permission"::" ", 'Read permission is not set correctly.'); // Import is not additive, the permission should be imported as is
LibraryAssert.AreEqual(TenantPermission."Insert Permission", TenantPermission."Insert Permission"::Indirect, 'Insert permission is not set correctly.');
LibraryAssert.AreEqual(TenantPermission."Modify Permission", TenantPermission."Modify Permission"::Indirect, 'Modify permission is not set correctly.');
LibraryAssert.AreEqual(TenantPermission."Delete Permission", TenantPermission."Delete Permission"::Yes, 'Delete permission is not set correctly.');
LibraryAssert.IsTrue(TenantPermission.Get(ZeroGuid, TenantPermissionSet."Role ID", TenantPermission."Object Type"::"Table Data", Database::"Metadata Permission"), 'Included permission to Test permission set is missing');
LibraryAssert.AreEqual(TenantPermission."Read Permission", TenantPermission."Read Permission"::Indirect, 'Read permission is not set correctly.');
LibraryAssert.AreEqual(TenantPermission."Insert Permission", TenantPermission."Insert Permission"::" ", 'Insert permission is not set correctly.');
LibraryAssert.AreEqual(TenantPermission."Modify Permission", TenantPermission."Modify Permission"::" ", 'Modify permission is not set correctly.');
LibraryAssert.AreEqual(TenantPermission."Delete Permission", TenantPermission."Delete Permission"::" ", 'Delete permission is not set correctly.');
end;

local procedure Initialize()
var
TenantPermission: Record "Tenant Permission";
Expand Down
Loading