[ofbiz-framework] branch release18.12 updated: Fixed: Add missing view permissions checks to various screens.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ofbiz-framework] branch release18.12 updated: Fixed: Add missing view permissions checks to various screens.

jacopoc
This is an automated email from the ASF dual-hosted git repository.

jacopoc pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release18.12 by this push:
     new bddf514  Fixed: Add missing view permissions checks to various screens.
bddf514 is described below

commit bddf5147ca73cbd5065f27436d9c406e721b0fe3
Author: Jacopo Cappellato <[hidden email]>
AuthorDate: Fri Nov 15 19:23:38 2019 +0100

    Fixed: Add missing view permissions checks to various screens.
---
 applications/accounting/widget/CommonScreens.xml   |  3 +++
 .../accounting/widget/ap/CommonScreens.xml         |  3 +++
 .../accounting/widget/ar/CommonScreens.xml         |  3 +++
 applications/humanres/widget/CommonScreens.xml     |  3 +++
 .../order/widget/ordermgr/OrderViewScreens.xml     |  3 +++
 .../product/widget/catalog/CommonScreens.xml       | 31 ++++++++++++++++++----
 6 files changed, 41 insertions(+), 5 deletions(-)

diff --git a/applications/accounting/widget/CommonScreens.xml b/applications/accounting/widget/CommonScreens.xml
index d2ce0a9..9c58542 100644
--- a/applications/accounting/widget/CommonScreens.xml
+++ b/applications/accounting/widget/CommonScreens.xml
@@ -268,6 +268,9 @@ under the License.
 
     <screen name="main">
         <section>
+            <condition>
+                <if-service-permission service-name="acctgBasePermissionCheck" main-action="VIEW"/>
+            </condition>
             <actions>
                 <set field="headerItem" value="main"/>
                 <entity-condition entity-name="PaymentType" list="paymentTypes">
diff --git a/applications/accounting/widget/ap/CommonScreens.xml b/applications/accounting/widget/ap/CommonScreens.xml
index dc8fa13..b75bbfc 100644
--- a/applications/accounting/widget/ap/CommonScreens.xml
+++ b/applications/accounting/widget/ap/CommonScreens.xml
@@ -40,6 +40,9 @@ under the License.
 
     <screen name="main">
         <section>
+            <condition>
+                <if-service-permission service-name="acctgBasePermissionCheck" main-action="VIEW"/>
+            </condition>
             <actions>
                 <set field="tabButtonItem" value="main"></set>
                 <set field="invoiceTypeId" value="PURCHASE_INVOICE"/>
diff --git a/applications/accounting/widget/ar/CommonScreens.xml b/applications/accounting/widget/ar/CommonScreens.xml
index 06ccc23..0f1034b 100644
--- a/applications/accounting/widget/ar/CommonScreens.xml
+++ b/applications/accounting/widget/ar/CommonScreens.xml
@@ -42,6 +42,9 @@ under the License.
 
     <screen name="main">
         <section>
+            <condition>
+                <if-service-permission service-name="acctgBasePermissionCheck" main-action="VIEW"/>
+            </condition>
             <actions>
                 <set field="tabButtonItem" value="main"/>
                 <set field="invoiceTypeId" value="SALES_INVOICE"/>
diff --git a/applications/humanres/widget/CommonScreens.xml b/applications/humanres/widget/CommonScreens.xml
index 76da0c3..4481bd9 100644
--- a/applications/humanres/widget/CommonScreens.xml
+++ b/applications/humanres/widget/CommonScreens.xml
@@ -56,6 +56,9 @@ under the License.
                 <decorator-screen name="main-decorator">
                     <decorator-section name="body">
                         <section>
+                            <condition>
+                                <if-has-permission permission="HUMANRES" action="_VIEW"/>
+                            </condition>
                             <widgets>
                                 <container style="lefthalf">
                                     <include-screen name="OrgTree"/>
diff --git a/applications/order/widget/ordermgr/OrderViewScreens.xml b/applications/order/widget/ordermgr/OrderViewScreens.xml
index 222d287..2c4b012 100644
--- a/applications/order/widget/ordermgr/OrderViewScreens.xml
+++ b/applications/order/widget/ordermgr/OrderViewScreens.xml
@@ -35,6 +35,9 @@ under the License.
     </screen>
     <screen name="Main">
         <section>
+            <condition>
+                <if-has-permission permission="ORDERMGR" action="_VIEW"/>
+            </condition>
             <actions>
                 <set field="headerItem" value="main"/>
             </actions>
diff --git a/applications/product/widget/catalog/CommonScreens.xml b/applications/product/widget/catalog/CommonScreens.xml
index 1d5d7a0..77e8588 100644
--- a/applications/product/widget/catalog/CommonScreens.xml
+++ b/applications/product/widget/catalog/CommonScreens.xml
@@ -58,8 +58,15 @@ under the License.
             <widgets>
                 <decorator-screen name="main-decorator" location="${parameters.mainDecoratorLocation}">
                     <decorator-section name="left-column">
-                        <include-screen name="leftbar"/>
-                    </decorator-section>                    
+                        <section>
+                            <condition>
+                                <if-service-permission service-name="catalogPermissionCheck" main-action="VIEW"/>
+                            </condition>
+                            <widgets>
+                                <include-screen name="leftbar"/>
+                            </widgets>
+                        </section>
+                    </decorator-section>
                     <decorator-section name="body">
                         <section>
                             <condition>
@@ -112,8 +119,15 @@ under the License.
             <widgets>
                 <decorator-screen name="main-decorator" location="${parameters.mainDecoratorLocation}">
                     <decorator-section name="left-column">
-                        <include-screen name="leftbar"/>
-                    </decorator-section>                    
+                        <section>
+                            <condition>
+                                <if-service-permission service-name="catalogPermissionCheck" main-action="VIEW"/>
+                            </condition>
+                            <widgets>
+                                <include-screen name="leftbar"/>
+                            </widgets>
+                        </section>
+                    </decorator-section>
                     <decorator-section name="body">
                         <section>
                             <condition>
@@ -362,7 +376,14 @@ under the License.
             <widgets>
                 <decorator-screen name="main-decorator" location="${parameters.mainDecoratorLocation}">
                     <decorator-section name="left-column">
-                        <include-screen name="leftbar"/>
+                        <section>
+                            <condition>
+                                <if-service-permission service-name="catalogPermissionCheck" main-action="VIEW"/>
+                            </condition>
+                            <widgets>
+                                <include-screen name="leftbar"/>
+                            </widgets>
+                        </section>
                     </decorator-section>
                     <decorator-section name="body">
                         <screenlet title="${uiLabelMap.ProductCatalogAdministrationMainPage}">