OFBiz OFBiz - Commits

svn commit: r574317 - in /ofbiz/trunk/applications/order: script/org/ofbiz/order/order/OrderSimpleMethods.xml webapp/ordermgr/order/editorderitems.ftl webapp/ordermgr/order/orderitems.ftl

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
jacopoc
Reply | Threaded
Open this post in threaded view
|

svn commit: r574317 - in /ofbiz/trunk/applications/order: script/org/ofbiz/order/order/OrderSimpleMethods.xml webapp/ordermgr/order/editorderitems.ftl webapp/ordermgr/order/orderitems.ftl

jacopoc
Author: jacopoc
Date: Mon Sep 10 10:51:56 2007
New Revision: 574317

URL: http://svn.apache.org/viewvc?rev=574317&view=rev
Log:
changed permission checks to look also at the _ROLE permissions when updating orders.

Modified:
    ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml
    ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl
    ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl

Modified: ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml?rev=574317&r1=574316&r2=574317&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml (original)
+++ ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml Mon Sep 10 10:51:56 2007
@@ -21,7 +21,10 @@
 <simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/simple-methods.xsd">
     <simple-method method-name="createOrderAdjustment" short-description="Create an OrderAdjustment">
-        <check-permission permission="ORDERMGR" action="_CREATE"><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunCreateOrderAdjustement"/></check-permission>
+        <check-permission permission="ORDERMGR" action="_CREATE">
+            <alt-permission permission="ORDERMGR_ROLE" action="_CREATE"/>
+            <fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunCreateOrderAdjustement"/>
+        </check-permission>
         <check-errors/>
 
         <make-value entity-name="OrderAdjustment" value-name="newEntity"/>

Modified: ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl?rev=574317&r1=574316&r2=574317&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl (original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl Mon Sep 10 10:51:56 2007
@@ -40,7 +40,7 @@
         <ul>
           <li class="head3">&nbsp;${uiLabelMap.OrderOrderItems}</li>
 
-          <#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session)>
+          <#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session) || security.hasRolePermission("ORDERMGR", "_UPDATE", "", "", session)>
               <#if orderHeader?has_content && orderHeader.statusId != "ORDER_CANCELLED" && orderHeader.statusId != "ORDER_COMPLETED">
                   <li><a href="<@ofbizUrl>cancelOrderItem?${paramString}</@ofbizUrl>">${uiLabelMap.OrderCancelAllItems}</a></li>
                   <li><a href="<@ofbizUrl>orderview?${paramString}</@ofbizUrl>">${uiLabelMap.OrderViewOrder}</a></li>
@@ -275,7 +275,7 @@
         </#list>
 
         <#-- add new adjustment -->
-        <#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session) && orderHeader.statusId != "ORDER_COMPLETED" && orderHeader.statusId != "ORDER_CANCELLED" && orderHeader.statusId != "ORDER_REJECTED">
+        <#if (security.hasEntityPermission("ORDERMGR", "_UPDATE", session) || security.hasRolePermission("ORDERMGR", "_UPDATE", "", "", session)) && orderHeader.statusId != "ORDER_COMPLETED" && orderHeader.statusId != "ORDER_CANCELLED" && orderHeader.statusId != "ORDER_REJECTED">
             <form name="addAdjustmentForm" method="post" action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>">
                 <input type="hidden" name="comments" value="Added manually by [${userLogin.userLoginId}]"/>
                 <table class="basic-table" cellspacing="0">

Modified: ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl?rev=574317&r1=574316&r2=574317&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl (original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl Mon Sep 10 10:51:56 2007
@@ -18,12 +18,11 @@
 -->
 
 <#if orderHeader?has_content>
-
 <div class="screenlet">
     <div class="screenlet-title-bar">
     <ul>
       <li class="head3">&nbsp;${uiLabelMap.OrderOrderItems}</li>
-      <#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session)>
+      <#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session) || security.hasRolePermission("ORDERMGR", "_UPDATE", "", "", session)>
         <#if orderHeader?has_content && orderHeader.statusId != "ORDER_CANCELLED">
           <#if orderHeader.statusId != "ORDER_COMPLETED">
             <#--


Free forum by Nabble Edit this page