Requirement
Only simple text file as attachment could be visible for some users but should be completely hidden for other users without enough authorizations.
The requirement could be fulfilled via BAdI:
Check a BAdI implementation on BAdI definition CRM_DOC_AHTORITY and copy the source code from last part of this wiki to the implementation class.
The reason why using OPEN SQL to get the file type instead of using utility methodCL_CRM_DOCUMENTS=>GET_FILE_INFO or function module
SKWF_PHIOS_FILE_PROPERTIES_GET is to avoid the recursive authorization call as listed below:
Source code of BAdI implementation
CLASS zcl_im_cl_att_auth_impl DEFINITION
PUBLIC
FINAL
CREATE PUBLIC .
PUBLIC SECTION.
INTERFACES if_ex_crm_doc_authority .
CLASS-METHODS class_constructor .
PROTECTED SECTION.
PRIVATE SECTION.
CONSTANTS cv_doc_lo TYPE string VALUE 'BDS_LOC22'. "#EC NOTEXT
CONSTANTS cv_doc_ph TYPE string VALUE 'BDS_POC22'. "#EC NOTEXT
CLASS-DATA sv_file_tab TYPE sdok_fltab .
CLASS-METHODS check_internal
CHANGING
!ios_auth TYPE skwf_ios
!ios_not_auth TYPE skwf_ioerrs .
CLASS-METHODS get_file_type
IMPORTING
!is_io TYPE skwf_io
RETURNING
VALUE(rv_type) TYPE w3conttype .
ENDCLASS.
CLASS ZCL_IM_CL_ATT_AUTH_IMPL IMPLEMENTATION.
* <SIGNATURE>---------------------------------------------------------------------------------------+
* | Static Private Method ZCL_IM_CL_ATT_AUTH_IMPL=>CHECK_INTERNAL
* +-------------------------------------------------------------------------------------------------+
* | [<-->] IOS_AUTH TYPE SKWF_IOS
* | [<-->] IOS_NOT_AUTH TYPE SKWF_IOERRS
* +--------------------------------------------------------------------------------------</SIGNATURE>
METHOD check_internal.
CHECK sy-uname = 'WANGJER'.
DATA: lv_type TYPE w3conttype.
LOOP AT ios_auth ASSIGNING FIELD-SYMBOL(<io_auth>) WHERE class = cv_doc_lo.
lv_type = get_file_type( <io_auth> ).
IF lv_type <> 'text/plain'.
APPEND INITIAL LINE TO ios_not_auth ASSIGNING FIELD-SYMBOL(<auth_error>).
MOVE-CORRESPONDING <io_auth> TO <auth_error>.
<auth_error>-id = 'ZCM_JERRY_TEST'.
<auth_error>-type = 'W'.
<auth_error>-no = '001'.
<auth_error>-v1 = lv_type.
DELETE ios_auth WHERE objid = <io_auth>-objid.
ENDIF.
ENDLOOP.
ENDMETHOD.
* <SIGNATURE>---------------------------------------------------------------------------------------+
* | Static Public Method ZCL_IM_CL_ATT_AUTH_IMPL=>CLASS_CONSTRUCTOR
* +-------------------------------------------------------------------------------------------------+
* +--------------------------------------------------------------------------------------</SIGNATURE>
METHOD class_constructor.
DATA: ls_type TYPE sdokphcl,
ls_table TYPE sdokphtab.
SELECT SINGLE * INTO ls_type FROM sdokphcl WHERE ph_class = cv_doc_ph.
CHECK sy-subrc = 0.
SELECT SINGLE * INTO ls_table FROM sdokphtab WHERE headertab = ls_type-headertab.
CHECK sy-subrc = 0.
sv_file_tab = ls_table-filetab.
ENDMETHOD.
* <SIGNATURE>---------------------------------------------------------------------------------------+
* | Static Private Method ZCL_IM_CL_ATT_AUTH_IMPL=>GET_FILE_TYPE
* +-------------------------------------------------------------------------------------------------+
* | [--->] IS_IO TYPE SKWF_IO
* | [<-()] RV_TYPE TYPE W3CONTTYPE
* +--------------------------------------------------------------------------------------</SIGNATURE>
METHOD get_file_type.
DATA: lt_object TYPE STANDARD TABLE OF sdokobject.
DATA: lt_p TYPE STANDARD TABLE OF sdoklogphy.
APPEND INITIAL LINE TO lt_object ASSIGNING FIELD-SYMBOL(<line>).
<line> = VALUE #( class = cv_doc_lo objid = is_io-objid ).
CALL FUNCTION 'SDOK_LOIOS_PHIOS_GET'
TABLES
object_list = lt_object
physical_objects = lt_p.
READ TABLE lt_p ASSIGNING FIELD-SYMBOL(<p>) INDEX 1.
CHECK sy-subrc = 0.
SELECT SINGLE mimetype FROM (sv_file_tab) INTO rv_type WHERE phio_id = <p>-objid_ph.
ENDMETHOD.
* <SIGNATURE>---------------------------------------------------------------------------------------+
* | Static Public Method ZCL_IM_CL_ATT_AUTH_IMPL=>IF_EX_CRM_DOC_AUTHORITY~AUTHORITY_CHECK
* +-------------------------------------------------------------------------------------------------+
* | [--->] ACTIVITY TYPE SKWF_ACTVT
* | [--->] PARENT_FOLDER TYPE SKWF_IO(optional)
* | [--->] APPLICATION TYPE SKWF_APPL(optional)
* | [--->] CURRENT_BUSINESS_OBJECT TYPE SIBFLPORB(optional)
* | [--->] IOS TYPE SKWF_IOS
* | [<-->] IOS_AUTH TYPE SKWF_IOS
* | [<-->] IOS_NOT_AUTH TYPE SKWF_IOERRS
* +--------------------------------------------------------------------------------------</SIGNATURE>
METHOD if_ex_crm_doc_authority~authority_check.
check_internal( CHANGING ios_auth = ios_auth ios_not_auth = ios_not_auth ).
ENDMETHOD.
* <SIGNATURE>---------------------------------------------------------------------------------------+
* | Static Public Method ZCL_IM_CL_ATT_AUTH_IMPL=>IF_EX_CRM_DOC_AUTHORITY~AUTHORITY_CHECK_SEARCH_RESULT
* +-------------------------------------------------------------------------------------------------+
* | [--->] CURRENT_BUSINESS_OBJECT TYPE SIBFLPORB(optional)
* | [--->] IOS_WITH_LINKED_BOS TYPE CRM_KW_BOS
* | [<-->] IOS_AUTH TYPE SKWF_IOS
* | [<-->] IOS_NOT_AUTH TYPE SKWF_IOERRS
* +--------------------------------------------------------------------------------------</SIGNATURE>
METHOD if_ex_crm_doc_authority~authority_check_search_result.
check_internal( CHANGING ios_auth = ios_auth ios_not_auth = ios_not_auth ).
ENDMETHOD.
ENDCLASS.
Disadvantage of this solution
(1) the enhancement will be triggered whenever there is the function module SKWF_AUTH_OBJECTS_CHECK called. In Content management the check logic is done frequently.
(2) in the enhancement execution context there is no enough information to do filter logic for performance improvement.
要获取更多Jerry的原创文章,请关注公众号"汪子熙":