Author: jacopoc
Date: Wed Sep 26 03:32:45 2007
New Revision: 579570
URL:
http://svn.apache.org/viewvc?rev=579570&view=revLog:
Misc cleanups and improvements to the security checks in some party screens.
Modified:
ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/actions/HasPartyPermissions.bsh
ofbiz/trunk/applications/party/widget/partymgr/PartyScreens.xml
ofbiz/trunk/applications/party/widget/partymgr/PaymentMethodScreens.xml
Modified: ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/actions/HasPartyPermissions.bsh
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/actions/HasPartyPermissions.bsh?rev=579570&r1=579569&r2=579570&view=diff==============================================================================
--- ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/actions/HasPartyPermissions.bsh (original)
+++ ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/actions/HasPartyPermissions.bsh Wed Sep 26 03:32:45 2007
@@ -52,3 +52,7 @@
} else {
context.put("hasPayInfoPermission", false);
}
+
+// extended pcm (party contact mechanism) permissions
+context.put("hasPcmCreatePermission", security.hasEntityPermission("PARTYMGR_PCM", "_CREATE", session));
+context.put("hasPcmUpdatePermission", security.hasEntityPermission("PARTYMGR_PCM", "_UPDATE", session));
Modified: ofbiz/trunk/applications/party/widget/partymgr/PartyScreens.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/widget/partymgr/PartyScreens.xml?rev=579570&r1=579569&r2=579570&view=diff==============================================================================
--- ofbiz/trunk/applications/party/widget/partymgr/PartyScreens.xml (original)
+++ ofbiz/trunk/applications/party/widget/partymgr/PartyScreens.xml Wed Sep 26 03:32:45 2007
@@ -302,16 +302,18 @@
<set field="labelTitleProperty" value="PageTitleEditContactMech"/>
+ <script location="component://party/webapp/partymgr/WEB-INF/actions/HasPartyPermissions.bsh"/>
<script location="component://party/webapp/partymgr/WEB-INF/actions/party/editcontactmech.bsh"/>
</actions>
<widgets>
<decorator-screen name="main-decorator" location="${parameters.mainDecoratorLocation}">
<decorator-section name="body">
<section>
- <!-- do check for PARTYMGR, _VIEW permission -->
<condition>
<or>
- <if-has-permission permission="PARTYMGR" action="_VIEW"/>
+ <if-compare field-name="hasViewPermission" operator="equals" value="true" type="Boolean"/>
+ <if-compare field-name="hasPcmCreatePermission" operator="equals" value="true" type="Boolean"/>
+ <if-compare field-name="hasPcmUpdatePermission" operator="equals" value="true" type="Boolean"/>
<not><if-empty field-name="mechMap.partyContactMech"/></not>
</or>
</condition>
Modified: ofbiz/trunk/applications/party/widget/partymgr/PaymentMethodScreens.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/widget/partymgr/PaymentMethodScreens.xml?rev=579570&r1=579569&r2=579570&view=diff==============================================================================
--- ofbiz/trunk/applications/party/widget/partymgr/PaymentMethodScreens.xml (original)
+++ ofbiz/trunk/applications/party/widget/partymgr/PaymentMethodScreens.xml Wed Sep 26 03:32:45 2007
@@ -25,16 +25,16 @@
<section>
<actions>
<set field="headerItem" value="find"/>
+ <script location="component://party/webapp/partymgr/WEB-INF/actions/HasPartyPermissions.bsh"/>
</actions>
<widgets>
<decorator-screen name="main-decorator" location="${parameters.mainDecoratorLocation}">
<decorator-section name="body">
<section>
- <!-- do check for PARTYMGR, _VIEW permission -->
<condition>
<or>
- <if-has-permission permission="PARTYMGR" action="_VIEW"/>
- <if-compare-field field-name="paymentMethod.partyId" operator="equals" to-field-name="userLogin.partyId"/>
+ <if-compare field-name="hasViewPermission" operator="equals" value="true" type="Boolean"/>
+ <if-compare field-name="hasPayInfoPermission" operator="equals" value="true" type="Boolean"/>
</or>
</condition>
<widgets>
@@ -54,6 +54,7 @@
</widgets>
</section>
</screen>
+
<screen name="editcreditcard">
<section>
<actions>
Locked
