You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by ha...@apache.org on 2008/10/27 08:11:08 UTC

svn commit: r708098 - /ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/ListCurrentProjects.groovy

Author: hansbak
Date: Mon Oct 27 00:11:08 2008
New Revision: 708098

URL: http://svn.apache.org/viewvc?rev=708098&view=rev
Log:
put some more security on the currentlist of projects

Modified:
    ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/ListCurrentProjects.groovy

Modified: ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/ListCurrentProjects.groovy
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/ListCurrentProjects.groovy?rev=708098&r1=708097&r2=708098&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/ListCurrentProjects.groovy (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/ListCurrentProjects.groovy Mon Oct 27 00:11:08 2008
@@ -29,7 +29,8 @@
 	if (result.projectInfo) {
 		if (!result.projectInfo.currentStatusId.equals("PTS_COMPLETED") && !result.projectInfo.currentStatusId.equals("PTS_CANCELLED")) {
 			resultAssign = delegator.findByAnd("WorkEffortPartyAssignment", ["partyId" : parameters.userLogin.partyId, "workEffortId" : project.workEffortId])
-			if (resultAssign) {
+			if (security.hasEntityPermission("PROJECTMGR", "_ADMIN", session) 
+					|| ((security.hasEntityPermission("PROJECTMGR", "_ROLE_ADMIN", session) || security.hasEntityPermission("PROJECTMGR", "_ROLE_VIEW", session)) && resultAssign)) {
 				projects.add(result.projectInfo);
 			}
 		}