Merge branch 'apache:trunk' into OFBIZ-9498

.github/workflows/codeql-analysis.yml

@@ -26,15 +26,9 @@ name: "CodeQL"
 on:
   push:
     branches: [ trunk, release* ]
-    paths:
-        - '**.java'
-        - '**.js'
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ trunk ]
-    paths:
-        - '**.java'
-        - '**.js'
   schedule:
     - cron: '27 15 * * 1'
 

.gitignore

@@ -18,7 +18,6 @@ runtime/catalina/work/*
 runtime/tempfiles/*
 runtime/indexes/products/
 !runtime/tempfiles/README
-applications/content/index/
 changelog
 .classpath
 .project

NOTICE

@@ -1,5 +1,5 @@
 Apache OFBiz
-Copyright 2001-2021 The Apache Software Foundation
+Copyright 2001-2022 The Apache Software Foundation
 
 This product includes software developed at
 The Apache Software Foundation (http://www.apache.org/).

README.adoc

@@ -21,13 +21,13 @@ under the License.
 The Apache OFBiz Project
 
 image:https://img.shields.io/badge/License-Apache%202.0-blue.svg[link=http://www.apache.org/licenses/LICENSE-2.0]
-image:https://img.shields.io/badge/Version-trunk-blue.svg[link=Version]
-image:https://github.com/apache/ofbiz-framework/actions/workflows/gradle.yaml/badge.svg?branch=trunk[link=https://github.com/apache/ofbiz-framework/actions/workflows/gradle.yaml/badge.svg?branch=trunk]
+image:https://img.shields.io/badge/Version-trunk-blue.svg[link=https://github.com/apache/ofbiz-framework]
+image:https://github.com/apache/ofbiz-framework/actions/workflows/gradle.yaml/badge.svg?branch=trunk[link=https://github.com/apache/ofbiz-framework/actions/workflows/gradle.yaml]
+image:https://sonarcloud.io/api/project_badges/measure?project=apache_ofbiz-framework&metric=alert_status[link=https://sonarcloud.io/dashboard?id=apache_ofbiz-framework]
 image:https://github.com/apache/ofbiz-framework/actions/workflows/codeql-analysis.yml/badge.svg[link=https://github.com/apache/ofbiz-framework/actions/workflows/codeql-analysis.yml]
-image:https://qpkb254zxeu.montastic.io/badge[link=https://qpkb254zxeu.montastic.io]
 
 If you are reading this file in AsciiDoc format you may want to see it at
-https://ci.apache.org/projects/ofbiz/site/trunk/readme/html5/README.html[HTML] +
+https://nightlies.apache.org/ofbiz/trunk/readme/html5/[HTML]
 or https://ci.apache.org/projects/ofbiz/site/trunk/readme/pdf/README.pdf[PDF] format
 
 ---

VERSION

@@ -1 +1 @@
-Trunk
+Trunk 

applications/accounting/data/AccountingSystemPropertyData.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<entity-engine-xml>
+<!-- 
+# what should the default of the payment to invoice processing be?
+# paymentProcessing by invoice or paymentprocessing by invoiceitem?
+# there is still a box on the menu to change this option by the user.
+# value Y: applying payments to the invoice as a whole (invoiceItemSeqNr = null) with the option to apply per invoice item
+# value N: applying payments to every invoice item with the option to apply to an invoice as a whole
+#value YY: do not show the option box to the user and do only invoice processing
+#value NN: do not show the option box to the user and do only invoiceitem processing
+-->
+    <SystemProperty systemResourceId="accounting" systemPropertyId="invoiceProcessing" 
+    systemPropertyValue="YY"
+    description="Options are: Y, N, YY, NN"
+    />
+
+    <SystemProperty systemResourceId="accounting" systemPropertyId="accounting.fixedasset.autocreate" 
+    systemPropertyValue="Y"
+    description="Create a fixed asset when an 'asset usage' type product is created. Options: Y, N"/>
+
+    <SystemProperty systemResourceId="accounting" systemPropertyId="accounting.payment.application.autocreate" 
+    systemPropertyValue="Y"
+    description="Create a payment application when a payment is received/sent or invoice is approved (take the oldest not closed one). Options: Y, N"/>
+
+   <SystemProperty systemResourceId="accounting" systemPropertyId="accounting.payment.purchaseorder.autocreate" 
+    systemPropertyValue="Y"
+    description="Create a 'not-paid' payment record if the purchase order is approved. Options: Y, N"/>
+
+    <SystemProperty systemResourceId="accounting" systemPropertyId="accounting.payment.salesorder.autocreate" 
+    systemPropertyValue="Y"
+    description="Create a 'not-paid' payment record if the sales order is completed and no payment exist yet. Options:: Y, N"/>
+
+    <!-- <SystemProperty systemResourceId="accounting" systemPropertyId="create.invoice.per.shipment" systemPropertyValue="Y"
+    description="create invoice per shipment. Options: = Y (Invoice per shipment), N (Invoice per order)"/> -->
+</entity-engine-xml>

applications/accounting/ofbiz-component.xml

@@ -27,6 +27,7 @@ under the License.
     <entity-resource type="model" reader-name="main" loader="main" location="entitydef/entitymodel_reports.xml"/>
     <entity-resource type="eca" reader-name="main" loader="main" location="entitydef/eecas.xml"/>
     <entity-resource type="data" reader-name="seed" loader="main" location="data/AccountingSecurityPermissionSeedData.xml"/>
+    <entity-resource type="data" reader-name="seed" loader="main" location="data/AccountingSystemPropertyData.xml"/>
     <entity-resource type="data" reader-name="seed" loader="main" location="data/AccountingPortletData.xml"/>
     <entity-resource type="data" reader-name="seed-initial" loader="main" location="data/AccountingScheduledServiceData.xml"/>
 

applications/accounting/servicedef/services_admin.xml

@@ -84,7 +84,7 @@ under the License.
     <service name="setAcctgCompany" engine="groovy"
         location="component://accounting/groovyScripts/admin/AcctgAdminServices.groovy" invoke="setAcctgCompany" auth="true">
         <description>Set Accounting Company when select</description>
-        <permission-service service-name="acctgPrefPermissionCheck" main-action="CREATE"/>
+        <permission-service service-name="acctgPrefPermissionCheck" main-action="VIEW"/>
         <attribute type="String" mode="INOUT" name="organizationPartyId" optional="true"/>
     </service>
 

applications/accounting/src/main/java/org/apache/ofbiz/accounting/invoice/InvoiceServices.java

@@ -37,6 +37,7 @@
 
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.csv.CSVFormat;
+import org.apache.commons.csv.CSVFormat.Builder;
 import org.apache.commons.csv.CSVRecord;
 import org.apache.ofbiz.accounting.payment.PaymentGatewayServices;
 import org.apache.ofbiz.accounting.payment.PaymentWorker;
@@ -3310,7 +3311,7 @@ public static Map<String, Object> updatePaymentApplicationDefBd(DispatchContext
             errorMessageList.add(UtilProperties.getMessage(RESOURCE, "AccountingNoAmount", locale));
         } else {
             successMessage = UtilProperties.getMessage(RESOURCE,
-                    "AccountingApplicationSuccess",
+                    "AccountingPaymentApplicationSuccess",
                     UtilMisc.<String, Object>toMap("amountApplied", amountApplied,
                             "paymentId", paymentId,
                             "isoCode", currencyUomId,
@@ -3672,16 +3673,16 @@ public static Map<String, Object> importInvoice(DispatchContext dctx, Map<String
         String organizationPartyId = (String) context.get("organizationPartyId");
         String encoding = System.getProperty("file.encoding");
         String csvString = Charset.forName(encoding).decode(fileBytes).toString();
-        final BufferedReader csvReader = new BufferedReader(new StringReader(csvString));
-        CSVFormat fmt = CSVFormat.DEFAULT.withHeader();
+        Builder csvFormatBuilder = Builder.create().setHeader();
+        CSVFormat fmt = csvFormatBuilder.build();
         List<String> errMsgs = new LinkedList<>();
         List<String> newErrMsgs;
         String lastInvoiceId = null;
         String currentInvoiceId = null;
         String newInvoiceId = null;
         int invoicesCreated = 0;
 
-        try {
+        try (BufferedReader csvReader = new BufferedReader(new StringReader(csvString))) {
             for (final CSVRecord rec : fmt.parse(csvReader)) {
                 currentInvoiceId = rec.get("invoiceId");
                 if (lastInvoiceId == null || !currentInvoiceId.equals(lastInvoiceId)) {
@@ -3758,11 +3759,18 @@ public static Map<String, Object> importInvoice(DispatchContext dctx, Map<String
                         try {
                             invoiceResult = dispatcher.runSync("createInvoice", invoice);
                             if (ServiceUtil.isError(invoiceResult)) {
+                                // Eclipse reports here: Resource leak: '<unassigned Closeable value>' is not closed at this location
+                                // but it's OK. As csvReader is in a try-with-ressource it will be closed anyway
+                                // I prefer to not put @SuppressWarnings("resource") to the whole method
+                                // BTW to be consistent Eclipse should also reports the same issue in PartyService (see there)
                                 return ServiceUtil.returnError(ServiceUtil.getErrorMessage(invoiceResult));
                             }
                         } catch (GenericServiceException e) {
-                            csvReader.close();
                             Debug.logError(e, MODULE);
+                            // Eclipse reports here: Resource leak: '<unassigned Closeable value>' is not closed at this location
+                            // but it's OK. As csvReader is in a try-with-ressource it will be closed anyway
+                            // I prefer to not put @SuppressWarnings("resource") to the whole method
+                            // BTW to be consistent Eclipse should also reports the same issue in PartyService (see there)
                             return ServiceUtil.returnError(e.getMessage());
                         }
                         newInvoiceId = (String) invoiceResult.get("invoiceId");
@@ -3824,10 +3832,13 @@ public static Map<String, Object> importInvoice(DispatchContext dctx, Map<String
                         try {
                             Map<String, Object> result = dispatcher.runSync("createInvoiceItem", invoiceItem);
                             if (ServiceUtil.isError(result)) {
+                                // Eclipse reports here: Resource leak: '<unassigned Closeable value>' is not closed at this location
+                                // but it's OK. As csvReader is in a try-with-ressource it will be closed anyway
+                                // I prefer to not put @SuppressWarnings("resource") to the whole method
+                                // BTW to be consistent Eclipse should also reports the same issue in PartyService (see there)
                                 return ServiceUtil.returnError(ServiceUtil.getErrorMessage(result));
                             }
                         } catch (GenericServiceException e) {
-                            csvReader.close();
                             Debug.logError(e, MODULE);
                             return ServiceUtil.returnError(e.getMessage());
                         }

applications/accounting/src/main/java/org/apache/ofbiz/accounting/payment/GiftCertificateServices.java

@@ -25,7 +25,6 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
-import java.util.Random;
 
 import org.apache.ofbiz.base.util.Debug;
 import org.apache.ofbiz.base.util.GeneralException;
@@ -52,10 +51,14 @@ public class GiftCertificateServices {
     private static final String MODULE = GiftCertificateServices.class.getName();
     private static final String RES_ERROR = "AccountingErrorUiLabels";
     private static final String RES_ORDER_ERROR = "OrderErrorUiLabels";
+
+    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
+
     // These are default settings, in case ProductStoreFinActSetting does not have them
     public static final int CARD_NUMBER_LENGTH = 14;
     public static final int PIN_NUMBER_LENGTH = 6;
 
+
     // Base Gift Certificate Services
     public static Map<String, Object> createGiftCertificate(DispatchContext dctx, Map<String, ? extends Object> context) {
         LocalDispatcher dispatcher = dctx.getDispatcher();
@@ -1418,13 +1421,12 @@ private static String generateNumber(Delegator delegator, int length, boolean is
             length = 19;
         }
 
-        Random rand = new SecureRandom();
         boolean isValid = false;
         StringBuilder number = null;
         while (!isValid) {
             number = new StringBuilder("");
             for (int i = 0; i < length; i++) {
-                int randInt = rand.nextInt(9);
+                int randInt = SECURE_RANDOM.nextInt(9);
                 number.append(randInt);
             }
 

applications/accounting/src/main/java/org/apache/ofbiz/accounting/payment/PaymentGatewayServices.java

@@ -20,6 +20,7 @@
 
 import java.math.BigDecimal;
 import java.math.RoundingMode;
+import java.security.SecureRandom;
 import java.sql.Timestamp;
 import java.util.Collection;
 import java.util.Date;
@@ -29,13 +30,12 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
-import java.util.Random;
 import java.util.Set;
 
 import org.apache.ofbiz.accounting.invoice.InvoiceWorker;
 import org.apache.ofbiz.base.util.Debug;
-import org.apache.ofbiz.base.util.ObjectType;
 import org.apache.ofbiz.base.util.GeneralException;
+import org.apache.ofbiz.base.util.ObjectType;
 import org.apache.ofbiz.base.util.StringUtil;
 import org.apache.ofbiz.base.util.UtilDateTime;
 import org.apache.ofbiz.base.util.UtilGenerics;
@@ -92,6 +92,8 @@ public class PaymentGatewayServices {
     private static final RoundingMode ROUNDING = UtilNumber.getRoundingMode("order.rounding");
     private static final BigDecimal ZERO = BigDecimal.ZERO.setScale(DECIMALS, ROUNDING);
 
+    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
+
     /**
      * Authorizes a single order preference with an option to specify an amount. The result map has the Booleans
      * "errors" and "finished" which notify the user if there were any errors and if the authorization was finished.
@@ -3441,8 +3443,7 @@ public static Map<String, Object> testRandomAuthorize(DispatchContext dctx, Map<
         Locale locale = (Locale) context.get("locale");
         Map<String, Object> result = ServiceUtil.returnSuccess();
         String refNum = UtilDateTime.nowAsString();
-        Random r = new Random();
-        int i = r.nextInt(9);
+        int i = SECURE_RANDOM.nextInt(9);
         if (i < 5 || i % 2 == 0) {
             result.put("authResult", Boolean.TRUE);
             result.put("authFlag", "A");

applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/valuelink/ValueLinkApi.java

@@ -41,7 +41,6 @@
 import java.util.Locale;
 import java.util.Map;
 import java.util.Properties;
-import java.util.Random;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@@ -92,6 +91,8 @@ public class ValueLinkApi {
     private Long mwkIndex = null;
     private boolean debug = false;
 
+    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
+
     protected ValueLinkApi() { }
     protected ValueLinkApi(Delegator delegator, Properties props) {
         String mId = (String) props.get("payment.valuelink.merchantId");
@@ -158,8 +159,7 @@ public static ValueLinkApi getInstance(Delegator delegator, Properties props) {
      */
     public String encryptPin(String pin) {
         byte[] rawIv = new byte[8];
-        SecureRandom random = new SecureRandom();
-        random.nextBytes(rawIv);
+        SECURE_RANDOM.nextBytes(rawIv);
         IvParameterSpec iv = new IvParameterSpec(rawIv);
         // get the Cipher
         Cipher mwkCipher = null;
@@ -352,8 +352,7 @@ private StringBuffer outputKeyCreation(int loop, boolean kekOnly, String kekTest
 
         // test the KEK
         byte[] rawIv = new byte[8];
-        SecureRandom secRandom = new SecureRandom();
-        secRandom.nextBytes(rawIv);
+        SECURE_RANDOM.nextBytes(rawIv);
         IvParameterSpec iv = new IvParameterSpec(rawIv);
 
         Cipher cipher = null;
@@ -600,12 +599,9 @@ public byte[] generateMwk(SecretKey mwkdes3) {
 
         // 8 bytes random data
         byte[] random = new byte[8];
-        Random ran = new SecureRandom();
-        ran.nextBytes(random);
 
         byte[] rawIv = new byte[8];
-        SecureRandom secRandom = new SecureRandom();
-        secRandom.nextBytes(rawIv);
+        SECURE_RANDOM.nextBytes(rawIv);
         IvParameterSpec iv = new IvParameterSpec(rawIv);
 
         // open a cipher using the new mwk
@@ -821,8 +817,7 @@ protected DHParameterSpec getDHParameterSpec() {
     protected byte[] cryptoViaKek(byte[] content, int mode) throws GeneralException {
         // open a cipher using the kek for transport
         byte[] rawIv = new byte[8];
-        SecureRandom random = new SecureRandom();
-        random.nextBytes(rawIv);
+        SECURE_RANDOM.nextBytes(rawIv);
         IvParameterSpec iv = new IvParameterSpec(rawIv);
 
         // Create the Cipher - DESede/CBC/PKCS5Padding
@@ -880,9 +875,8 @@ protected byte[] getPinCheckSum(byte[] pinBytes) {
      * @return the byte [ ]
      */
     protected byte[] getRandomBytes(int length) {
-        Random rand = new SecureRandom();
         byte[] randomBytes = new byte[length];
-        rand.nextBytes(randomBytes);
+        SECURE_RANDOM.nextBytes(randomBytes);
         return randomBytes;
     }