Author: jacopoc
Date: Wed Oct 17 23:03:06 2007
New Revision: 585879
URL:
http://svn.apache.org/viewvc?rev=585879&view=revLog:
Applied patch from Adrian Crum (OFBIZ-1349) to remove a redundant security check (recently added to the app bar) and documentation for the base-permissions attribute.
Modified:
ofbiz/trunk/framework/base/dtd/ofbiz-component.xsd
ofbiz/trunk/framework/common/webcommon/includes/appbar.ftl
Modified: ofbiz/trunk/framework/base/dtd/ofbiz-component.xsd
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/dtd/ofbiz-component.xsd?rev=585879&r1=585878&r2=585879&view=diff==============================================================================
--- ofbiz/trunk/framework/base/dtd/ofbiz-component.xsd (original)
+++ ofbiz/trunk/framework/base/dtd/ofbiz-component.xsd Wed Oct 17 23:03:06 2007
@@ -178,7 +178,9 @@
<xs:attribute type="xs:string" name="server" use="required"/>
<xs:attribute type="xs:string" name="location" use="required"/>
<xs:attribute type="xs:string" name="mount-point"/>
- <xs:attribute type="xs:string" name="base-permission"/>
+ <xs:attribute type="xs:string" name="base-permission">
+ <xs:annotation><xs:documentation>A user must have ALL of the permissions in the list to access the application</xs:documentation></xs:annotation>
+ </xs:attribute>
<xs:attribute name="app-bar-display" default="true">
<xs:simpleType>
<xs:restriction base="xs:token">
Modified: ofbiz/trunk/framework/common/webcommon/includes/appbar.ftl
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/webcommon/includes/appbar.ftl?rev=585879&r1=585878&r2=585879&view=diff==============================================================================
--- ofbiz/trunk/framework/common/webcommon/includes/appbar.ftl (original)
+++ ofbiz/trunk/framework/common/webcommon/includes/appbar.ftl Wed Oct 17 23:03:06 2007
@@ -32,7 +32,8 @@
<#assign selected = false>
<#assign permissions = display.getBasePermission()>
<#list permissions as perm>
- <#if (perm != "NONE" && (!security.hasEntityPermission(perm, "_VIEW", session) && !security.hasEntityPermission(perm, "_ADMIN", session)))>
+ <#if perm != "NONE" && !security.hasEntityPermission(perm, "_VIEW", session)>
+ <#-- User must have ALL permissions in the base-permission list -->
<#assign permission = false>
</#if>
</#list>