[
https://issues.apache.org/jira/browse/OFBIZ-615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12464816 ]
Andrew Zeneski commented on OFBIZ-615:
--------------------------------------
For Updates to a WorkEffort The Service Should do this:
1) Check for WORKEFFORTMGR_UPDATE permission; if the user has it, return TRUE
2) Check for WORKEFFORT_ROLE_UPDATE; if the user doesn't have it return FALSE;
3) if we are updating the WorkEffort entity; check to see if the parentWorkEffortId has been changed; if so check to see if the user is associated either to the CAL_OWNER or the CAL_DELEGATE role(s) for the PARENT workeffort. If NOT return false.
4) Query WorkEffortRole and determine if the user is associated either to the CAL_OWNER or the CAL_DELEGATE role(s) for this CURRENT workeffort (as well); if yes return TRUE, if no return FALSE.
You are correct, this will require these roles to be hard coded in the generic permission. This SAME permission services should also be used for many of the other operations, add role, add party assignment, etc.
> Re-Factor WorkEffort permissions to follow new patterns
> -------------------------------------------------------
>
> Key: OFBIZ-615
> URL:
https://issues.apache.org/jira/browse/OFBIZ-615> Project: Apache OFBiz (The Open for Business Project)
> Issue Type: Sub-task
> Components: workeffort
> Reporter: Andrew Zeneski
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/jira/secure/Administrators.jspa-
For more information on JIRA, see:
http://www.atlassian.com/software/jira