OFBiz › OFBiz - Commits

[ofbiz-framework] branch trunk updated: Fixed: Add missing view permissions checks to various screens.

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jacopoc

[ofbiz-framework] branch trunk updated: Fixed: Add missing view permissions checks to various screens.

This is an automated email from the ASF dual-hosted git repository.

jacopoc pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git

The following commit(s) were added to refs/heads/trunk by this push:
new cbad4d3 Fixed: Add missing view permissions checks to various screens.
cbad4d3 is described below

commit cbad4d3e22feaf931ad77f671fc268e80fb88c3d
Author: Jacopo Cappellato <[hidden email]>
AuthorDate: Fri Nov 15 19:23:38 2019 +0100

Fixed: Add missing view permissions checks to various screens.
---
applications/accounting/widget/CommonScreens.xml | 3 +++
.../accounting/widget/ap/CommonScreens.xml | 3 +++
.../accounting/widget/ar/CommonScreens.xml | 3 +++
applications/humanres/widget/CommonScreens.xml | 3 +++
.../order/widget/ordermgr/OrderViewScreens.xml | 3 +++
.../product/widget/catalog/CommonScreens.xml | 31 ++++++++++++++++++----
6 files changed, 41 insertions(+), 5 deletions(-)

diff --git a/applications/accounting/widget/CommonScreens.xml b/applications/accounting/widget/CommonScreens.xml
index e891599..1bd7916 100644
--- a/applications/accounting/widget/CommonScreens.xml
+++ b/applications/accounting/widget/CommonScreens.xml
@@ -268,6 +268,9 @@ under the License.

<screen name="main">
<section>
+ <condition>
+ <if-service-permission service-name="acctgBasePermissionCheck" main-action="VIEW"/>
+ </condition>
<actions>
<set field="headerItem" value="main"/>
<entity-condition entity-name="PaymentType" list="paymentTypes">
diff --git a/applications/accounting/widget/ap/CommonScreens.xml b/applications/accounting/widget/ap/CommonScreens.xml
index a8d2c4f..2cabfca 100644
--- a/applications/accounting/widget/ap/CommonScreens.xml
+++ b/applications/accounting/widget/ap/CommonScreens.xml
@@ -40,6 +40,9 @@ under the License.

<screen name="main">
<section>
+ <condition>
+ <if-service-permission service-name="acctgBasePermissionCheck" main-action="VIEW"/>
+ </condition>
<actions>
<set field="tabButtonItem" value="main"></set>
<set field="invoiceTypeId" value="PURCHASE_INVOICE"/>
diff --git a/applications/accounting/widget/ar/CommonScreens.xml b/applications/accounting/widget/ar/CommonScreens.xml
index 06ccc23..0f1034b 100644
--- a/applications/accounting/widget/ar/CommonScreens.xml
+++ b/applications/accounting/widget/ar/CommonScreens.xml
@@ -42,6 +42,9 @@ under the License.

<screen name="main">
<section>
+ <condition>
+ <if-service-permission service-name="acctgBasePermissionCheck" main-action="VIEW"/>
+ </condition>
<actions>
<set field="tabButtonItem" value="main"/>
<set field="invoiceTypeId" value="SALES_INVOICE"/>
diff --git a/applications/humanres/widget/CommonScreens.xml b/applications/humanres/widget/CommonScreens.xml
index 15198f4..1402d0b 100644
--- a/applications/humanres/widget/CommonScreens.xml
+++ b/applications/humanres/widget/CommonScreens.xml
@@ -56,6 +56,9 @@ under the License.
<decorator-screen name="main-decorator">
<decorator-section name="body">
<section>
+ <condition>
+ <if-has-permission permission="HUMANRES" action="_VIEW"/>
+ </condition>
<widgets>
<container style="lefthalf">
<include-screen name="OrgTree"/>
diff --git a/applications/order/widget/ordermgr/OrderViewScreens.xml b/applications/order/widget/ordermgr/OrderViewScreens.xml
index 4935f1c..80c99db 100644
--- a/applications/order/widget/ordermgr/OrderViewScreens.xml
+++ b/applications/order/widget/ordermgr/OrderViewScreens.xml
@@ -35,6 +35,9 @@ under the License.
</screen>
<screen name="Main">
<section>
+ <condition>
+ <if-has-permission permission="ORDERMGR" action="_VIEW"/>
+ </condition>
<actions>
<set field="headerItem" value="main"/>
</actions>
diff --git a/applications/product/widget/catalog/CommonScreens.xml b/applications/product/widget/catalog/CommonScreens.xml
index 1d5d7a0..77e8588 100644
--- a/applications/product/widget/catalog/CommonScreens.xml
+++ b/applications/product/widget/catalog/CommonScreens.xml
@@ -58,8 +58,15 @@ under the License.
<widgets>
<decorator-screen name="main-decorator" location="${parameters.mainDecoratorLocation}">
<decorator-section name="left-column">
- <include-screen name="leftbar"/>
- </decorator-section>
+ <section>
+ <condition>
+ <if-service-permission service-name="catalogPermissionCheck" main-action="VIEW"/>
+ </condition>
+ <widgets>
+ <include-screen name="leftbar"/>
+ </widgets>
+ </section>
+ </decorator-section>
<decorator-section name="body">
<section>
<condition>
@@ -112,8 +119,15 @@ under the License.
<widgets>
<decorator-screen name="main-decorator" location="${parameters.mainDecoratorLocation}">
<decorator-section name="left-column">
- <include-screen name="leftbar"/>
- </decorator-section>
+ <section>
+ <condition>
+ <if-service-permission service-name="catalogPermissionCheck" main-action="VIEW"/>
+ </condition>
+ <widgets>
+ <include-screen name="leftbar"/>
+ </widgets>
+ </section>
+ </decorator-section>
<decorator-section name="body">
<section>
<condition>
@@ -362,7 +376,14 @@ under the License.
<widgets>
<decorator-screen name="main-decorator" location="${parameters.mainDecoratorLocation}">
<decorator-section name="left-column">
- <include-screen name="leftbar"/>
+ <section>
+ <condition>
+ <if-service-permission service-name="catalogPermissionCheck" main-action="VIEW"/>
+ </condition>
+ <widgets>
+ <include-screen name="leftbar"/>
+ </widgets>
+ </section>
</decorator-section>
<decorator-section name="body">
<screenlet title="${uiLabelMap.ProductCatalogAdministrationMainPage}">