Author: jaz
Date: Mon Jan 22 12:39:27 2007 New Revision: 498790 URL: http://svn.apache.org/viewvc?view=rev&rev=498790 Log: added first pass of workeffort permission code issue OFBIZ-615. This is JUST the code, no changes to actual services yet. Added: ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/ ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml (with props) Modified: ofbiz/trunk/applications/workeffort/config/WorkEffortUiLabels.properties ofbiz/trunk/applications/workeffort/data/WorkEffortSecurityData.xml ofbiz/trunk/applications/workeffort/servicedef/services.xml Modified: ofbiz/trunk/applications/workeffort/config/WorkEffortUiLabels.properties URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/config/WorkEffortUiLabels.properties?view=diff&rev=498790&r1=498789&r2=498790 ============================================================================== --- ofbiz/trunk/applications/workeffort/config/WorkEffortUiLabels.properties (original) +++ ofbiz/trunk/applications/workeffort/config/WorkEffortUiLabels.properties Mon Jan 22 12:39:27 2007 @@ -353,6 +353,9 @@ WorkEffortCreatePermissionError=Security Error: to run this operation you must have the WORKEFFORTMGR_CREATE or WORKEFFORTMGR_ADMIN permission WorkEffortUpdatePermissionError=Security Error: to run this operation you must have the WORKEFFORTMGR_UPDATE or WORKEFFORTMGR_ADMIN permission WorkEffortDeletePermissionError=Security Error: to run this operation you must have the WORKEFFORTMGR_DELETE or WORKEFFORTMGR_ADMIN permission +WorkEffortPermissionError=Security Error\: to run ${resourceDescription} you must have the WORKEFFORTMGR_${mainAction} or WORKEFFORTMGR_ADMIN permission +WorkEffortNotInRolePermissionError=Security Error\: to run ${resourceDescription} you must be in ${roleTypeId} role with WorkEffort: ${workEffortId} +WorkEffortTimeSheetNotInRolePermissionError=Security Error\: to run ${resourceDescription} you must be in ${roleTypeId} role with WorkEffort: ${workEffortId} FormFieldTitle_workEffortId=Work Effort Id FormFieldTitle_priority=Priority Modified: ofbiz/trunk/applications/workeffort/data/WorkEffortSecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/data/WorkEffortSecurityData.xml?view=diff&rev=498790&r1=498789&r2=498790 ============================================================================== --- ofbiz/trunk/applications/workeffort/data/WorkEffortSecurityData.xml (original) +++ ofbiz/trunk/applications/workeffort/data/WorkEffortSecurityData.xml Mon Jan 22 12:39:27 2007 @@ -21,13 +21,23 @@ <SecurityPermission description="View operations in the Work Effort Manager." permissionId="WORKEFFORTMGR_VIEW"/> <SecurityPermission description="Create operations in the Work Effort Manager." permissionId="WORKEFFORTMGR_CREATE"/> <SecurityPermission description="Update operations in the Work Effort Manager." permissionId="WORKEFFORTMGR_UPDATE"/> - <SecurityPermission description="Delete operations in the Work Effort Manager." permissionId="WORKEFFORTMGR_DELETE"/> + <SecurityPermission description="Delete operations in the Work Effort Manager." permissionId="WORKEFFORTMGR_DELETE"/> + <SecurityPermission description="View work effort roles in the Work Effort Manager." permissionId="WORKEFFORTMGR_ROLE_VIEW"/> + <SecurityPermission description="Create work effort roles in the Work Effort Manager." permissionId="WORKEFFORTMGR_ROLE_CREATE"/> + <SecurityPermission description="Update work effort roles in the Work Effort Manager." permissionId="WORKEFFORTMGR_ROLE_UPDATE"/> <SecurityPermission description="ALL operations in the Work Effort Manager." permissionId="WORKEFFORTMGR_ADMIN"/> + + <SecurityGroupPermission groupId="FULLADMIN" permissionId="WORKEFFORTMGR_ADMIN"/> <SecurityGroupPermission groupId="FLEXADMIN" permissionId="WORKEFFORTMGR_CREATE"/> <SecurityGroupPermission groupId="FLEXADMIN" permissionId="WORKEFFORTMGR_DELETE"/> <SecurityGroupPermission groupId="FLEXADMIN" permissionId="WORKEFFORTMGR_UPDATE"/> <SecurityGroupPermission groupId="FLEXADMIN" permissionId="WORKEFFORTMGR_VIEW"/> + <SecurityGroupPermission groupId="FLEXADMIN" permissionId="WORKEFFORTMGR_ROLE_CREATE"/> + <SecurityGroupPermission groupId="FLEXADMIN" permissionId="WORKEFFORTMGR_ROLE_UPDATE"/> + <SecurityGroupPermission groupId="FLEXADMIN" permissionId="WORKEFFORTMGR_ROLE_VIEW"/> <SecurityGroupPermission groupId="VIEWADMIN" permissionId="WORKEFFORTMGR_VIEW"/> <SecurityGroupPermission groupId="BIZADMIN" permissionId="WORKEFFORTMGR_ADMIN"/> + + </entity-engine-xml> Added: ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml?view=auto&rev=498790 ============================================================================== --- ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml (added) +++ ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml Mon Jan 22 12:39:27 2007 @@ -0,0 +1,216 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ~ Copyright 2001-2007 The Apache Software Foundation + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); you may not + ~ use this file except in compliance with the License. You may obtain a copy of + ~ the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + ~ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + ~ License for the specific language governing permissions and limitations + ~ under the License. + --> + +<simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:noNamespaceSchemaLocation="http://www.ofbiz.org/dtds/simple-methods.xsd"> + + <simple-method method-name="workEffortManagerPermission" short-description="Check user has WorkEffort Manager permission"> + <set field="primaryPermission" value="WORKEFFORTMGR"/> + <call-simple-method method-name="genericBasePermissionCheck" xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/> + </simple-method> + + <simple-method method-name="workEffortGenericPermission" short-description=""> + <set field="primaryPermission" value="WORKEFFORTMGR"/> + <call-simple-method method-name="genericBasePermissionCheck" xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/> + + <if> + <condition> + <not> + <if-compare field-name="hasPermission" value="true" operator="equals"/> + </not> + </condition> + <then> + <set field="primaryPermission" value="WORKEFFORTMGR_ROLE"/> + <call-simple-method method-name="genericBasePermissionCheck" xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/> + + <if> + <condition> + <if-compare field-name="hasPermission" value="true" operator="equals"/> + </condition> + <then> + <if> + <condition> + <and> + <if-compare field-name="mainAction" value="CREATE" operator="equals"/> + <not> + <if-empty field-name="parameters.workEffortParentId"/> + </not> + </and> + </condition> + <then> + <!-- check ANY role permission on the parent --> + <set field="workEffortId" from-field="parameters.workEffortPartentId"/> + <call-simple-method method-name="workEffortPartyAnyRolePermission"/> + </then> + <else-if> + <condition> + <if-compare field-name="mainAction" value="UPDATE" operator="equals"/> + </condition> + <then> + <!-- make sure we have role permission to update THIS workeffort --> + <set field="workEffortId" from-field="parameters.workEffortId"/> + <call-simple-method method-name="workEffortPartyOwnerRolePermission"/> + + <!-- get the existing parent ID --> + <entity-one entity-name="WorkEffort" value-name="workEffort"> + <field-map field-name="workEffortId" env-name="parameters.workEffortId"/> + </entity-one> + + <if> + <condition> + <and> + <if-compare field-name="hasPermission" value="true" operator="equals"/> + <not> + <if-empty field-name="parameters.workEffortParentId"/> + </not> + <if-compare-field field-name="parameters.workEffortParentId" operator="not-equals" to-field-name="workEffort.workEffortParentId"/> + </and> + </condition> + + <then> + <!-- check the parent --> + <set field="workEffortId" from-field="parameters.workEffortParentId"/> + <call-simple-method method-name="workEffortPartyOwnerRolePermission"/> + </then> + </if> + </then> + </else-if> + </if> + </then> + </if> + </then> + </if> + </simple-method> + + <simple-method method-name="workEffortPartyOwnerRolePermission" short-description="Check if Party is in CAL_OWNER or CAL_DELEGATE role with WorkEffort"> + <if-empty field-name="workEffortId"> + <!-- This should be case of create WorkEffort --> + <set field="workEffortId" from-field="parameters.workEffortParentId"/> + </if-empty> + <while><condition><not><if-empty field-name="workEffortId"></if-empty></not></condition> + <then> + <!-- if the case is of new workEffort with Parent workEffort Id, + then lookup the parent workEffort and check if user is in any OWNER role with WorkEffort --> + <set from-field="workEffortId" field="lookupRoleWorkEffortMap.workEffortId"/> + <set from-field="userLogin.partyId" field="lookupRoleWorkEffortMap.partyId"/> + <set value="CAL_OWNER" field="lookupRoleWorkEffortMap.roleTypeId"/> + <log level="always" message="Running find-by-and: ${lookupRoleWorkEffortMap}"/> + + <find-by-and entity-name="WorkEffortPartyAssignment" map-name="lookupRoleWorkEffortMap" list-name="roleParties"/> + <filter-list-by-date list-name="roleParties" valid-date-name="nowTimestamp"/> + <log level="always" message="Found role parties: ${roleParties}"/> + + <if-empty field-name="roleParties"> + <log level="info" message="Party ${userLogin.partyId} is not in ${roleTypeId} role with workEffort: ${workEffortId}"/> + <set value="CAL_DELEGATE" field="lookupRoleWorkEffortMap.roleTypeId"/> + <find-by-and entity-name="WorkEffortPartyAssignment" map-name="lookupRoleWorkEffortMap" list-name="roleParties"/> + </if-empty> + <filter-list-by-date list-name="roleParties" valid-date-name="nowTimestamp"/> + + <if-not-empty field-name="roleParties"> + <set field="hasPermission" type="Boolean" value="true"/> + <field-to-result field-name="hasPermission"/> + <log level="info" message="Party ${userLogin.partyId} is in ${lookupRoleWorkEffortMap.roleTypeId} role with workEffort: ${workEffortId}"/> + <clear-field field-name="workEffortId"/> + + <else> + <log level="info" message="Party ${userLogin.partyId} is not in ${roleTypeId} role with workEffort: ${workEffortId}"/> + <property-to-field resource="WorkEffortUiLabels" property="WorkEffortNotInRolePermissionError" field-name="failMessage"/> + <set field="hasPermission" type="Boolean" value="false"/> + <field-to-result field-name="hasPermission"/> + <field-to-result field-name="failMessage"/> + + <!-- recurse through all parents --> + <set field="workEffortLookUpMap.workEffortId" from-field="workEffortId"/> + <find-by-primary-key entity-name="WorkEffort" map-name="workEffortLookUpMap" value-name="workEffortParent"/> + <set from-field="workEffortParent.workEffortParentId" field="workEffortId"/> + <if-empty field-name="workEffortParent.workEffortParentId"> + <clear-field field-name="workEffortId"/> + </if-empty> + </else> + + </if-not-empty> + </then> + </while> + </simple-method> + + <simple-method method-name="workEffortPartyAnyRolePermission" short-description="Check if Party is in ANY role with WorkEffort"> + <if-empty field-name="workEffortId"> + <!-- This should be case of create WorkEffort --> + <set field="workEffortId" from-field="parameters.workEffortParentId"/> + </if-empty> + <while><condition><not><if-empty field-name="workEffortId"></if-empty></not></condition> + <then> + <!-- if the case is of new workEffort with Parent workEffort Id, + then lookup the parent workEffort and check if user is in any role with WorkEffort --> + <set from-field="workEffortId" field="lookupRoleWorkEffortMap.workEffortId"/> + <set from-field="userLogin.partyId" field="lookupRoleWorkEffortMap.partyId"/> + <find-by-and entity-name="WorkEffortPartyAssignment" map-name="lookupRoleWorkEffortMap" list-name="roleParties"/> + <filter-list-by-date list-name="roleParties" valid-date-name="nowTimestamp"/> + + <if-not-empty field-name="roleParties"> + <set field="hasPermission" type="Boolean" value="true"/> + <field-to-result field-name="hasPermission"/> + <log level="info" message="Party ${userLogin.partyId} is associated with workEffort: ${workEffortId}"/> + <clear-field field-name="workEffortId"/> + + <else> + <log level="info" message="Party ${userLogin.partyId} is not associated with workEffort: ${workEffortId}"/> + <property-to-field resource="WorkEffortUiLabels" property="WorkEffortNotInRolePermissionError" field-name="failMessage"/> + <set field="hasPermission" type="Boolean" value="false"/> + <field-to-result field-name="hasPermission"/> + <field-to-result field-name="failMessage"/> + + <!-- recurse through all parents --> + <set field="workEffortLookUpMap.workEffortId" from-field="workEffortId"/> + <find-by-primary-key entity-name="WorkEffort" map-name="workEffortLookUpMap" value-name="workEffortParent"/> + <set from-field="workEffortParent.workEffortParentId" field="workEffortId"/> + <if-empty field-name="workEffortParent.workEffortParentId"> + <clear-field field-name="workEffortId"/> + </if-empty> + </else> + + </if-not-empty> + </then> + </while> + </simple-method> + + <simple-method method-name="timesheetUpdatePermission" short-description="Check Permission to Update Timesheet"> + <set field="parameters.mainAction" value="UPDATE"/> + <call-simple-method method-name="workEffortGenericPermission"/> + <check-errors/> + <if-compare-field operator="not-equals" field-name="parameters.partyId" to-field-name="userLogin.partyId"> + <property-to-field resource="WorkEffortUiLabels" property="WorkEffortTimeSheetNotInRolePermissionError" field-name="failMessage"/> + <set field="hasPermission" type="Boolean" value="false"/> + <field-to-result field-name="hasPermission"/> + <field-to-result field-name="failMessage"/> + </if-compare-field> + <if-not-empty field-name="workEffortId"> + <set from-field="workEffortId" field="lookupRoleWorkEffortMap.workEffortId"/> + <set from-field="userLogin.partyId" field="lookupRoleWorkEffortMap.partyId"/> + <find-by-and entity-name="WorkEffortPartyAssignByRole" map-name="lookupRoleWorkEffortMap" list-name="roleParties"/> + <filter-list-by-date list-name="roleParties" valid-date-name="nowTimestamp"/> + <if-empty field-name="roleParties"> + <property-to-field resource="WorkEffortUiLabels" property="WorkEffortTimeSheetNotInRolePermissionError" field-name="failMessage"/> + <set field="hasPermission" type="Boolean" value="false"/> + <field-to-result field-name="hasPermission"/> + <field-to-result field-name="failMessage"/> + </if-empty> + </if-not-empty> + </simple-method> + +</simple-methods> Propchange: ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml ------------------------------------------------------------------------------ svn:keywords = Date Rev Author URL Id Propchange: ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml ------------------------------------------------------------------------------ svn:mime-type = text/xml Modified: ofbiz/trunk/applications/workeffort/servicedef/services.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/servicedef/services.xml?view=diff&rev=498790&r1=498789&r2=498790 ============================================================================== --- ofbiz/trunk/applications/workeffort/servicedef/services.xml (original) +++ ofbiz/trunk/applications/workeffort/servicedef/services.xml Mon Jan 22 12:39:27 2007 @@ -510,4 +510,21 @@ <description>Remove all Work Effort Keyword</description> <auto-attributes entity-name="WorkEffort" include="pk" mode="IN" optional="false"/> </service> + + <!-- Permission Services --> + <service name="workEffortManagerPermission" engine="simple" + location="org/ofbiz/workeffort/WorkEffortPermissionServices.xml" invoke="workEffortManagerPermission"> + <implements service="permissionInterface"/> + </service> + <service name="workEffortGenericPermission" engine="simple" + location="org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml" invoke="workEffortGenericPermission"> + <implements service="permissionInterface"/> + <attribute name="workEffortId" mode="IN" type="String" optional="true"/> + <attribute name="workEffortParentId" mode="IN" type="String" optional="true"/> + </service> + <service name="timesheetUpdatePermission" engine="simple" + location="org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml" invoke="timesheetUpdatePermission"> + <implements service="permissionInterface"/> + <attribute name="workEffortId" mode="IN" type="String" optional="true"></attribute> + </service> </services> |
Free forum by Nabble | Edit this page |