You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ha...@apache.org on 2008/01/20 17:06:28 UTC
svn commit: r613585 - in /ofbiz/trunk/specialpurpose/projectmgr:
data/ProjectMgrSecurityData.xml
script/org/ofbiz/project/ProjectPermissionServices.xml widget/Menus.xml
Author: hansbak
Date: Sun Jan 20 08:06:27 2008
New Revision: 613585
URL: http://svn.apache.org/viewvc?rev=613585&view=rev
Log:
some more security fixes and using the permissionservices also in the menu with in line bsh code
Modified:
ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml
ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml
ofbiz/trunk/specialpurpose/projectmgr/widget/Menus.xml
Modified: ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml?rev=613585&r1=613584&r2=613585&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml Sun Jan 20 08:06:27 2008
@@ -22,14 +22,14 @@
<!-- Project Manager security -->
<!-- General, all projects -->
- <SecurityPermission description="ALL operations in the Project Manager." permissionId="PROJECTMGR_ADMIN"/>
- <SecurityPermission description="ALL View operations in the Project Manager(but can be limited by ROLE_VIEW)" permissionId="PROJECTMGR_VIEW"/>
+ <SecurityPermission permissionId="PROJECTMGR_ADMIN" description="ALL operations in the Project Manager."/>
+ <SecurityPermission permissionId="PROJECTMGR_VIEW" description="ALL View operations in the Project Manager(but can be limited by ROLE_VIEW)"/>
<!-- General, Role dependent (must be member of the project) -->
- <SecurityPermission description="All admin operations in the Project Manager for a project/phase/task the user is member of." permissionId="PROJECTMGR_ROLE_ADMIN"/>
- <SecurityPermission description="All view operations in the Project Manager for a project/phase/task the user is member of." permissionId="PROJECTMGR_ROLE_VIEW"/>
- <SecurityPermission description="Update operations in the Project Manager for a project/phase/task the user is member of." permissionId="PROJECTMGR_ROLE_UPDATE"/>
+ <SecurityPermission permissionId="PROJECTMGR_ROLE_ADMIN" description="All admin operations in the Project Manager for a project/phase/task the user is member of."/>
+ <SecurityPermission permissionId="PROJECTMGR_ROLE_VIEW" description="All view operations in the Project Manager for a project/phase/task the user is member of."/>
+ <SecurityPermission permissionId="PROJECTMGR_ROLE_UPDATE" description="Update operations in the Project Manager for a project/phase/task the user is member of."/>
<!-- Role and Task dependent -->
- <SecurityPermission description="Be able to create a task (should be member of project)" permissionId="PROJECTMGR_ROLE_TASK_CREATE"/>
+ <SecurityPermission permissionId="PROJECTMGR_ROLE_TASK_CREATE" description="Be able to create a task (should be member of project)"/>
<!-- Timesheet dependent -->
<SecurityPermission description="Be able to create any weekly timesheet." permissionId="PROJECTMGR_TIMESHEET_CREATE"/>
<SecurityPermission description="Be able to update any weekly timesheet." permissionId="PROJECTMGR_TIMESHEET_UPDATE"/>
Modified: ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml?rev=613585&r1=613584&r2=613585&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml Sun Jan 20 08:06:27 2008
@@ -56,7 +56,7 @@
<if-compare field-name="sec_object" value="PROJECT" operator="equals">
<!--log level="info" message="======ProjectMGR Security===== action: ${parameters.mainAction} object: ${sec_object} Id: ${parameters.projectId} resourceDescription: ${parameters.resourceDescription}"/-->
<set field="projectId" from-field="parameters.projectId"/>
- <set field="partyId" from-field="parameters.partyId"/>
+ <set field="partyId" from-field="parameters.userLogin.partyId"/>
<call-simple-method method-name="checkProjectMembership"/>
<if>
<condition>
@@ -103,6 +103,7 @@
<if-compare field-name="sec_object" value="PHASE" operator="equals">
<!--log level="info" message="======ProjectMGR Security===== action: ${parameters.mainAction} object: ${sec_object} Id: ${parameters.projectId} resourceDescription: ${parameters.resourceDescription}"/-->
<set field="projectId" from-field="parameters.projectId"/>
+ <set field="partyId" from-field="parameters.userLogin.partyId"/>
<call-simple-method method-name="checkProjectMembership"/>
<if>
<condition>
@@ -249,7 +250,7 @@
<!-- TIMEENTRY -->
<if-compare field-name="sec_object" value="TIMEENTRY" operator="equals">
- <log level="info" message="======ProjectMGR Security===== action: ${parameters.mainAction} object: ${sec_object} value: ${parameters.timeEntryId} workEffortId: ${parameters.workEffortId} timesheetId: ${parameters.timesheetId} resourceDescription: ${parameters.resourceDescription}"/>
+ <!--log level="info" message="======ProjectMGR Security===== action: ${parameters.mainAction} object: ${sec_object} value: ${parameters.timeEntryId} workEffortId: ${parameters.workEffortId} timesheetId: ${parameters.timesheetId} resourceDescription: ${parameters.resourceDescription}"/-->
<entity-one entity-name="Timesheet" value-name="timesheet"/>
<set field="timesheetId" from-field="timesheet.timesheetId"/>
<set field="taskId" from-field="parameters.workEffortId"/>
Modified: ofbiz/trunk/specialpurpose/projectmgr/widget/Menus.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/widget/Menus.xml?rev=613585&r1=613584&r2=613585&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/widget/Menus.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/widget/Menus.xml Sun Jan 20 08:06:27 2008
@@ -66,24 +66,38 @@
</menu>
<menu name="ProjectTabBar" type="simple" menu-container-style="button-bar tab-bar" default-selected-style="selected">
<actions>
- <set field="projectId" from-field="parameters.projectId" default-value="${parameters.workEffortId}"/>
+ <set field="projectId" from-field="parameters.projectId" default-value="${parameters.workEffortId}"/>
+ <set field="hasUpdatePermission" value="${bsh:
+ result = dispatcher.runSync("projectMgrPermission",
+ org.ofbiz.base.util.UtilMisc.toMap("userLogin", parameters.get("userLogin"),
+ "resourceDescription", "Project",
+ "mainAction", "UPDATE",
+ "projectId", projectId));
+ return result.get("hasPermission"); }" type="Boolean"/>
+ <set field="hasViewPermission" value="${bsh:
+ result = dispatcher.runSync("projectMgrPermission",
+ org.ofbiz.base.util.UtilMisc.toMap("userLogin", parameters.get("userLogin"),
+ "resourceDescription", "Project",
+ "mainAction", "VIEW",
+ "projectId", projectId));
+ return result.get("hasPermission"); }" type="Boolean"/>
</actions>
<menu-item name="ganttchart" title="${uiLabelMap.ProjectMgrGanttChart}">
<condition>
- <if-has-permission permission="PROJECTMGR" action="_VIEW"/>
+ <if-compare field-name="hasViewPermission" operator="equals" value="true"/>
</condition>
<link target="ganttChart?projectId=${projectId}"/>
</menu-item>
<menu-item name="projectView" title="${uiLabelMap.ProjectMgrProjectSummary}">
<condition>
- <if-has-permission permission="PROJECTMGR" action="_VIEW"/>
+ <if-compare field-name="hasViewPermission" operator="equals" value="true"/>
</condition>
<link target="projectView?projectId=${projectId}"/>
</menu-item>
<menu-item name="editproject" title="${uiLabelMap.ProjectMgrEditPoject}">
<condition>
<and>
- <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+ <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -94,7 +108,7 @@
<menu-item name="phases" title="${uiLabelMap.ProjectMgrPhases}">
<condition>
<and>
- <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+ <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -105,7 +119,7 @@
<menu-item name="tasks" title="${uiLabelMap.ProjectMgrTasks}">
<condition>
<and>
- <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+ <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -116,7 +130,7 @@
<menu-item name="parties" title="${uiLabelMap.ProjectMgrResources}">
<condition>
<and>
- <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+ <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -127,7 +141,7 @@
<menu-item name="notes" title="${uiLabelMap.CommonNotes}">
<condition>
<and>
- <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+ <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -138,7 +152,7 @@
<menu-item name="subprojects" title="${uiLabelMap.ProjectMgrSubProjects}">
<condition>
<and>
- <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+ <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -149,7 +163,7 @@
<menu-item name="billing" title="${uiLabelMap.ProjectMgrBilling}">
<condition>
<and>
- <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+ <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
<if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -168,7 +182,7 @@
<not>
<if-empty field-name="project"/>
</not>
- <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+ <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
</and>
</condition>
<link target="EditProject"></link>
@@ -179,7 +193,7 @@
<not>
<if-empty field-name="project"/>
</not>
- <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+ <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
</and>
</condition>
<link target="copyProject?projectId=${projectId}"></link>
@@ -190,7 +204,7 @@
<not>
<if-empty field-name="project"/>
</not>
- <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+ <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
</and>
</condition>
<link target="scheduleProject?projectId=${projectId}"></link>
@@ -201,7 +215,7 @@
<not>
<if-empty field-name="project"/>
</not>
- <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+ <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
</and>
</condition>
<link target="copyProjectToTemplate?projectId=${projectId}"></link>