OFBiz OFBiz - Commits

svn commit: r1294277 - in /ofbiz/trunk/applications: order/webapp/ordermgr/order/ order/webapp/ordermgr/task/ party/webapp/partymgr/party/

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
jacopoc
Reply | Threaded
Open this post in threaded view
|

svn commit: r1294277 - in /ofbiz/trunk/applications: order/webapp/ordermgr/order/ order/webapp/ordermgr/task/ party/webapp/partymgr/party/

jacopoc
Author: jacopoc
Date: Mon Feb 27 19:07:38 2012
New Revision: 1294277

URL: http://svn.apache.org/viewvc?rev=1294277&view=rev
Log:
Removed incorrect usage of hasRolePermission method calls: using hasRolePermission in this way without passing the actual roles to be checked had as a consequence that the _ROLE permission was exactly the same of the main permission.

Modified:
    ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl
    ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl
    ofbiz/trunk/applications/order/webapp/ordermgr/order/ordershippinginfo.ftl
    ofbiz/trunk/applications/order/webapp/ordermgr/order/orderstats.ftl
    ofbiz/trunk/applications/order/webapp/ordermgr/task/ordertasklist.ftl
    ofbiz/trunk/applications/party/webapp/partymgr/party/findparty.ftl

Modified: ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl?rev=1294277&r1=1294276&r2=1294277&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl (original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl Mon Feb 27 19:07:38 2012
@@ -30,7 +30,7 @@ under the License.
     <div class="screenlet-title-bar">
         <ul>
           <li class="h3">&nbsp;${uiLabelMap.OrderOrderItems}</li>
-          <#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session) || security.hasRolePermission("ORDERMGR", "_UPDATE", "", "", session)>
+          <#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session)>
               <#if orderHeader?has_content && orderHeader.statusId != "ORDER_CANCELLED" && orderHeader.statusId != "ORDER_COMPLETED">
                   <li><a href="javascript:document.updateItemInfo.action='<@ofbizUrl>cancelSelectedOrderItems</@ofbizUrl>';document.updateItemInfo.submit()">${uiLabelMap.OrderCancelSelectedItems}</a></li>
                   <li><a href="javascript:document.updateItemInfo.action='<@ofbizUrl>cancelOrderItem</@ofbizUrl>';document.updateItemInfo.submit()">${uiLabelMap.OrderCancelAllItems}</a></li>
@@ -333,7 +333,7 @@ under the License.
         </#list>
 
         <#-- add new adjustment -->
-        <#if (security.hasEntityPermission("ORDERMGR", "_UPDATE", session) || security.hasRolePermission("ORDERMGR", "_UPDATE", "", "", session)) && orderHeader.statusId != "ORDER_COMPLETED" && orderHeader.statusId != "ORDER_CANCELLED" && orderHeader.statusId != "ORDER_REJECTED">
+        <#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session) && orderHeader.statusId != "ORDER_COMPLETED" && orderHeader.statusId != "ORDER_CANCELLED" && orderHeader.statusId != "ORDER_REJECTED">
             <form name="addAdjustmentForm" method="post" action="<@ofbizUrl>createOrderAdjustment</@ofbizUrl>">
                 <input type="hidden" name="comments" value="Added manually by [${userLogin.userLoginId}]"/>
                 <input type="hidden" name="orderId" value="${orderId?if_exists}"/>

Modified: ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl?rev=1294277&r1=1294276&r2=1294277&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl (original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl Mon Feb 27 19:07:38 2012
@@ -187,7 +187,7 @@ under the License.
                                             <div class="current-status">
                                                 <span class="label">${uiLabelMap.CommonCurrent}</span>&nbsp;${currentItemStatus.get("description",locale)?default(currentItemStatus.statusId)}
                                             </div>
-                                            <#if ("ITEM_CREATED" == (currentItemStatus.statusId) && "ORDER_APPROVED" == (orderHeader.statusId)) && (security.hasEntityPermission("ORDERMGR", "_UPDATE", session) || security.hasRolePermission("ORDERMGR", "_UPDATE", "", "", session))>
+                                            <#if ("ITEM_CREATED" == (currentItemStatus.statusId) && "ORDER_APPROVED" == (orderHeader.statusId)) && security.hasEntityPermission("ORDERMGR", "_UPDATE", session)>
                                                 <div>
                                                     <a href="javascript:document.OrderApproveOrderItem_${orderItem.orderItemSeqId?default("")}.submit()" class="buttontext">${uiLabelMap.OrderApproveOrder}</a>
                                                     <form name="OrderApproveOrderItem_${orderItem.orderItemSeqId?default("")}" method="post" action="<@ofbizUrl>changeOrderItemStatus</@ofbizUrl>">

Modified: ofbiz/trunk/applications/order/webapp/ordermgr/order/ordershippinginfo.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/order/ordershippinginfo.ftl?rev=1294277&r1=1294276&r2=1294277&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/order/ordershippinginfo.ftl (original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/order/ordershippinginfo.ftl Mon Feb 27 19:07:38 2012
@@ -48,7 +48,7 @@ under the License.
     }
 </script>
 
-<#if (security.hasEntityPermission("ORDERMGR", "_UPDATE", session) || security.hasRolePermission("ORDERMGR", "_UPDATE", "", "", session)) && (!orderHeader.salesChannelEnumId?exists || orderHeader.salesChannelEnumId != "POS_SALES_CHANNEL")>
+<#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session) && (!orderHeader.salesChannelEnumId?exists || orderHeader.salesChannelEnumId != "POS_SALES_CHANNEL")>
   <div class="screenlet">
     <div class="screenlet-title-bar">
       <ul><li class="h3">&nbsp;${uiLabelMap.OrderActions}</li></ul>

Modified: ofbiz/trunk/applications/order/webapp/ordermgr/order/orderstats.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/order/orderstats.ftl?rev=1294277&r1=1294276&r2=1294277&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/order/orderstats.ftl (original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/order/orderstats.ftl Mon Feb 27 19:07:38 2012
@@ -17,7 +17,7 @@ specific language governing permissions
 under the License.
 -->
 
-<#if security.hasRolePermission("ORDERMGR", "_VIEW", "", "", session)>
+<#if security.hasEntityPermission("ORDERMGR", "_VIEW", session)>
 <div class="screenlet">
     <div class="screenlet-title-bar">
       <h3>${uiLabelMap.OrderOrderStatisticsPage}</h3>

Modified: ofbiz/trunk/applications/order/webapp/ordermgr/task/ordertasklist.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/task/ordertasklist.ftl?rev=1294277&r1=1294276&r2=1294277&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/task/ordertasklist.ftl (original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/task/ordertasklist.ftl Mon Feb 27 19:07:38 2012
@@ -38,7 +38,7 @@ under the License.
 // -->
 </script>
 
-<#if security.hasRolePermission("ORDERMGR", "_VIEW", "", "", session) || security.hasRolePermission("ORDERMGR_ROLE", "_VIEW", "", "", session)>
+<#if security.hasEntityPermission("ORDERMGR", "_VIEW", session)>
 <#assign tasksFound = false>
 <div class="screenlet">
     <div class="screenlet-title-bar">

Modified: ofbiz/trunk/applications/party/webapp/partymgr/party/findparty.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/webapp/partymgr/party/findparty.ftl?rev=1294277&r1=1294276&r2=1294277&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/webapp/partymgr/party/findparty.ftl (original)
+++ ofbiz/trunk/applications/party/webapp/partymgr/party/findparty.ftl Mon Feb 27 19:07:38 2012
@@ -337,7 +337,7 @@ under the License.
         <td>${partyDate.lastModifiedDate?if_exists}</td>
         <td class="button-col align-float">
           <a href="<@ofbizUrl>viewprofile?partyId=${partyRow.partyId}</@ofbizUrl>">${uiLabelMap.CommonDetails}</a>
-      <#if security.hasRolePermission("ORDERMGR", "_VIEW", "", "", session)>
+      <#if security.hasEntityPermission("ORDERMGR", "_VIEW", session)>
           <form name= "searchorders_o_${rowCount}" method= "post" action= "/ordermgr/control/searchorders">
             <input type= "hidden" name= "lookupFlag" value= "Y" />
             <input type= "hidden" name= "hideFields" value= "Y" />


Free forum by Nabble Edit this page