Form添加MOAC:多组织访问控制
首先是向PO_GLOB_ORG_ACCESS_TMP插入当前能操作的ORG_ID,然后是通过MO_GLOBAL的一系列方法设置CONTEXT的值(包括访问模式和当前org_id),最后是使用VPD向相对应的同义词上添加ORG_SECURITY验证,当访问模式为Single-org时,对当前的org_id使用CONTEXT值进行验证,当访问模式为Mutil-org,对当前的org_id使用表 po_glob_org_access_tmp验证,通过验证的数据即为安全操作数据
VPD
(虚拟专用数据库)都是通过判断基表的
org_id
是否在
po_glob_org_access_tmp
表中存在,如果存在则为安全数据;
实现步骤:
1、在form中添加实现MOAC访问控制的相应package:
PACKAGE BODY CUX_MOAC_PKG IS
/*----------------------------------------------------------------
功能:当进入FORM时,执行pre_form程序完成MOAC的初始化
-----------------------------------------------------------------*/
procedure pre_form
is
l_default_org_id number;
l_default_ou_name varchar2(240);
l_ou_count number;
begin
MO_GLOBAL.init('CUX');
mo_utils.get_default_ou(l_default_org_id, l_default_ou_name, l_ou_count);
copy(l_default_org_id,'PARAMETER.mo_default_org_id');
copy(l_default_ou_name,'PARAMETER.mo_default_ou_name');
copy(l_ou_count,'PARAMETER.mo_ou_count');
--fnd_message.debug('l_default_org_id = ' || l_default_org_id);
--fnd_message.debug('l_default_ou_name = ' || l_default_ou_name);
--fnd_message.debug('l_ou_count = ' || l_ou_count);
--判断是否找到了OU,如果没有找到,则报错
if nvl(l_ou_count,0) <= 0 then
fnd_message.set_name('CUX', '没有找到相应的OU,请联系系统管理员或开发人员!');
fnd_message.error;
raise form_trigger_failure;
end if;
end pre_form;
/*----------------------------------------------------------------
功能:当进入块时,根据MOAC控制的OU数量决定OU字段是否可以录入
-----------------------------------------------------------------*/
procedure when_new_block_instance
is
l_block_item_id item;
l_block_item_name varchar2(1000);
begin
l_block_item_name:= Name_In('System.Trigger_Block') || '.ORG_NAME';
l_block_item_id := find_item(l_block_item_name);
if not id_null(l_block_item_id) then
if :parameter.mo_ou_count > 1 then
set_item_property(l_block_item_id,update_allowed,property_true);
set_item_property(l_block_item_id,insert_allowed,property_true);
else
set_item_property(l_block_item_id,update_allowed,property_false);
set_item_property(l_block_item_id,insert_allowed,property_false);
end if;
end if;
end when_new_block_instance;
/*----------------------------------------------------------------
功能:当创建记录时,从参数中将默认OU拿过来
-----------------------------------------------------------------*/
procedure when_create_record
is
l_org_id_name varchar2(1000);
l_block_item_name varchar2(1000);
begin
l_org_id_name := Name_In('System.Trigger_Block') || '.org_id';
l_block_item_name := Name_In('System.Trigger_Block') || '.ORG_NAME';
IF :parameter.mo_default_org_id is not null and name_in(l_org_id_name) is null THEN
copy(:parameter.mo_default_org_id, Name_In('System.Trigger_Block') || '.org_id');
copy(:parameter.mo_default_ou_name, Name_In('System.Trigger_Block') || '.ORG_NAME');
set_item_property(l_block_item_name,item_is_valid,property_true);
END IF;
end when_create_record;
/*----------------------------------------------------------------
功能:POST-QUERY
-----------------------------------------------------------------*/
procedure post_query
is
l_org_id varchar2(1000);
l_org_name varchar2(1000);
l_block_name varchar2(1000);
begin
l_block_name := Name_In('System.Trigger_Block');
copy(Name_In('System.Trigger_Block') || '.org_id', l_org_id);
if l_org_id is not null then
select hou.name
into l_org_name
from hr_operating_units hou
where hou.organization_id = l_org_id;
copy(l_org_name,Name_In('System.Trigger_Block') || '.ORG_NAME');
end if;
Set_Record_Property(:system.trigger_record, l_block_name, STATUS, QUERY_STATUS);
exception
when others then
null;
end post_query;
END;
/*----------------------------------------------------------------
功能:当进入FORM时,执行pre_form程序完成MOAC的初始化
-----------------------------------------------------------------*/
procedure pre_form
is
l_default_org_id number;
l_default_ou_name varchar2(240);
l_ou_count number;
begin
MO_GLOBAL.init('CUX');
mo_utils.get_default_ou(l_default_org_id, l_default_ou_name, l_ou_count);
copy(l_default_org_id,'PARAMETER.mo_default_org_id');
copy(l_default_ou_name,'PARAMETER.mo_default_ou_name');
copy(l_ou_count,'PARAMETER.mo_ou_count');
--fnd_message.debug('l_default_org_id = ' || l_default_org_id);
--fnd_message.debug('l_default_ou_name = ' || l_default_ou_name);
--fnd_message.debug('l_ou_count = ' || l_ou_count);
--判断是否找到了OU,如果没有找到,则报错
if nvl(l_ou_count,0) <= 0 then
fnd_message.set_name('CUX', '没有找到相应的OU,请联系系统管理员或开发人员!');
fnd_message.error;
raise form_trigger_failure;
end if;
end pre_form;
/*----------------------------------------------------------------
功能:当进入块时,根据MOAC控制的OU数量决定OU字段是否可以录入
-----------------------------------------------------------------*/
procedure when_new_block_instance
is
l_block_item_id item;
l_block_item_name varchar2(1000);
begin
l_block_item_name:= Name_In('System.Trigger_Block') || '.ORG_NAME';
l_block_item_id := find_item(l_block_item_name);
if not id_null(l_block_item_id) then
if :parameter.mo_ou_count > 1 then
set_item_property(l_block_item_id,update_allowed,property_true);
set_item_property(l_block_item_id,insert_allowed,property_true);
else
set_item_property(l_block_item_id,update_allowed,property_false);
set_item_property(l_block_item_id,insert_allowed,property_false);
end if;
end if;
end when_new_block_instance;
/*----------------------------------------------------------------
功能:当创建记录时,从参数中将默认OU拿过来
-----------------------------------------------------------------*/
procedure when_create_record
is
l_org_id_name varchar2(1000);
l_block_item_name varchar2(1000);
begin
l_org_id_name := Name_In('System.Trigger_Block') || '.org_id';
l_block_item_name := Name_In('System.Trigger_Block') || '.ORG_NAME';
IF :parameter.mo_default_org_id is not null and name_in(l_org_id_name) is null THEN
copy(:parameter.mo_default_org_id, Name_In('System.Trigger_Block') || '.org_id');
copy(:parameter.mo_default_ou_name, Name_In('System.Trigger_Block') || '.ORG_NAME');
set_item_property(l_block_item_name,item_is_valid,property_true);
END IF;
end when_create_record;
/*----------------------------------------------------------------
功能:POST-QUERY
-----------------------------------------------------------------*/
procedure post_query
is
l_org_id varchar2(1000);
l_org_name varchar2(1000);
l_block_name varchar2(1000);
begin
l_block_name := Name_In('System.Trigger_Block');
copy(Name_In('System.Trigger_Block') || '.org_id', l_org_id);
if l_org_id is not null then
select hou.name
into l_org_name
from hr_operating_units hou
where hou.organization_id = l_org_id;
copy(l_org_name,Name_In('System.Trigger_Block') || '.ORG_NAME');
end if;
Set_Record_Property(:system.trigger_record, l_block_name, STATUS, QUERY_STATUS);
exception
when others then
null;
end post_query;
END;
2、添加参数:
mo_default_org_id NUMBER
mo_default_ou_name CHAR
mo_ou_count NUMBER
3、在pre-form触发器中调用包中的pre-form过程实现MOAC的初始化
4、在block级的trigger:when-new-block-instance中调用when-new-block-instance过程
5、在block级触发器:when-create-record中调用when-create-record过程
6、为块中的org_name项添加lov
SELECT hou.name, hou.organization_id
FROM hr_operating_units hou
WHERE po_moac_utils_pvt.check_access(hou.organization_id) = 'Y'
ORDER BY NAME
FROM hr_operating_units hou
WHERE po_moac_utils_pvt.check_access(hou.organization_id) = 'Y'
ORDER BY NAME