OFBiz OFBiz - Commits

svn commit: r607821 - in /ofbiz/trunk/specialpurpose/projectmgr: script/org/ofbiz/project/ProjectPermissionServices.xml webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
hansbak-2
Reply | Threaded
Open this post in threaded view
|

svn commit: r607821 - in /ofbiz/trunk/specialpurpose/projectmgr: script/org/ofbiz/project/ProjectPermissionServices.xml webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh

hansbak-2
Author: hansbak
Date: Tue Jan  1 01:47:50 2008
New Revision: 607821

URL: http://svn.apache.org/viewvc?rev=607821&view=rev
Log:
secure the my time option

Modified:
    ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml
    ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh

Modified: ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml?rev=607821&r1=607820&r2=607821&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml Tue Jan  1 01:47:50 2008
@@ -48,7 +48,15 @@
                 </if-compare>
             </else>
         </if-compare>      
+<log level="always" message="==============security: object: ${sec_object} action: ${mainAction}"></log>
+        <if-compare field-name="sec_object" value="TIMESHEET" operator="equals">
+            <if-compare field-name="mainAction" value="CREATE" operator="equals">
+                <field-to-result field-name="hasPermission"/>
+                <return/>
+            </if-compare>
+        </if-compare>
         
+
         <if-has-permission permission="PROJECTMGR" action="_VIEW">
             <if-has-permission permission="PROJECTMGR" action="_ROLE_">
                 <!-- object dependent checks here -->

Modified: ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh?rev=607821&r1=607820&r2=607821&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh Tue Jan  1 01:47:50 2008
@@ -53,8 +53,8 @@
         if (!UtilValidate.isEmpty(timesheets)) {
             timesheet = timesheets.get(0);
         } else {
-            if (security.hasPermission("WORKEFFORTMGR_CREATE", session) || security.hasPermission("WORKEFFORTMGR_ADMIN", session)) {
-             result = dispatcher.runSync("createTimesheetForThisWeek",
+            if (security.hasPermission("PROJECTMGR_VIEW", session) || security.hasPermission("PROJECTMGR_ADMIN", session)) {
+             result = dispatcher.runSync("createProjectTimesheet",
                  UtilMisc.toMap("userLogin", userLogin, "partyId", partyId));
             } else {
              request.setAttribute("errorMessageList", UtilMisc.toList("Unable to create timesheet, permission error"));


Free forum by Nabble Edit this page