svn commit: r613123 - in /ofbiz/trunk/specialpurpose/projectmgr: config/ data/ script/org/ofbiz/project/ webapp/projectmgr/WEB-INF/actions/ widget/

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r613123 - in /ofbiz/trunk/specialpurpose/projectmgr: config/ data/ script/org/ofbiz/project/ webapp/projectmgr/WEB-INF/actions/ widget/

hansbak-2
Author: hansbak
Date: Fri Jan 18 02:27:22 2008
New Revision: 613123

URL: http://svn.apache.org/viewvc?rev=613123&view=rev
Log:
implemented security levels in the projectmanager in menus/screens and at the service level als provided demo data to test it

Modified:
    ofbiz/trunk/specialpurpose/projectmgr/config/ProjectMgrUiLabels.properties
    ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrDemoData.xml
    ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrDemoPasswordData.xml
    ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml
    ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml
    ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectServices.xml
    ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh
    ofbiz/trunk/specialpurpose/projectmgr/widget/ProjectScreens.xml
    ofbiz/trunk/specialpurpose/projectmgr/widget/TaskScreens.xml

Modified: ofbiz/trunk/specialpurpose/projectmgr/config/ProjectMgrUiLabels.properties
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/config/ProjectMgrUiLabels.properties?rev=613123&r1=613122&r2=613123&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/config/ProjectMgrUiLabels.properties (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/config/ProjectMgrUiLabels.properties Fri Jan 18 02:27:22 2008
@@ -159,4 +159,8 @@
 ProjectMgrCustRequestWorkEffort=CustRequest WorkEffort
 ProjectMgrViewPermissionError=You need at least PROJECTMGR_READ permission to view this screen.
 ProjectMgrCreateByExistingTask=Link to an existing Task
-ProjectMgrRequestWorkEffortList=Cust Request WorkEffort List
\ No newline at end of file
+ProjectMgrRequestWorkEffortList=Cust Request WorkEffort List
+ProjectMgrNoAccessToProject=You have no access to the project#: ${projectId}
+ProjectMgrNoAccessToTask=You have no access to the task#: ${taskId}
+ProjectMgrNoAccessToTimesheet=You have no access to the timesheet#: ${timesheetId}
+ProjectMgrStatusCannotUpdate=Status does not allow an update
\ No newline at end of file

Modified: ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrDemoData.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrDemoData.xml?rev=613123&r1=613122&r2=613123&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrDemoData.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrDemoData.xml Fri Jan 18 02:27:22 2008
@@ -2,7 +2,7 @@
 <entity-engine-xml>
     
     <!-- Resources -->
-    <!-- Demo Employee1 -->
+    <!-- Demo Employee1 manager -->
     <Party partyId="DemoEmployee1" partyTypeId="PERSON" statusId="PARTY_ENABLED" />
     <Person partyId="DemoEmployee1" firstName="Peter" lastName="Manager" />
     <UserLogin userLoginId="DemoEmployee1" partyId="DemoEmployee1"/>
@@ -12,9 +12,9 @@
     <PartyContactMech partyId="DemoEmployee1" contactMechId="9023" fromDate="2000-01-01 10:01:48.933" roleTypeId="EMPLOYEE" />
     <PartyRole partyId="DemoEmployee1" roleTypeId="PROJECT_TEAM"/>
 
-    <!-- Demo Employee2 -->
+    <!-- Demo Employee2 analist of project 1-->
     <Party partyId="DemoEmployee2" partyTypeId="PERSON" statusId="PARTY_ENABLED" />
-    <Person partyId="DemoEmployee2" firstName="Jo" lastName="Analist" />
+    <Person partyId="DemoEmployee2" firstName="Jo" lastName="Analist1" />
     <UserLogin userLoginId="DemoEmployee2"  partyId="DemoEmployee2"/>
     <PartyRole partyId="DemoEmployee2" roleTypeId="EMPLOYEE"/>
     <PartyContactMech partyId="DemoEmployee2" contactMechId="9020" fromDate="2000-01-01 10:01:48.933" roleTypeId="EMPLOYEE" />
@@ -22,6 +22,16 @@
     <PartyContactMech partyId="DemoEmployee2" contactMechId="9023" fromDate="2000-01-01 10:01:48.933" roleTypeId="EMPLOYEE" />
     <PartyRole partyId="DemoEmployee2" roleTypeId="PROJECT_TEAM"/>
     
+    <!-- Demo Employee3 analist of project 2-->
+    <Party partyId="DemoEmployee3" partyTypeId="PERSON" statusId="PARTY_ENABLED" />
+    <Person partyId="DemoEmployee3" firstName="Tom" lastName="Analist2" />
+    <UserLogin userLoginId="DemoEmployee3"  partyId="DemoEmployee3"/>
+    <PartyRole partyId="DemoEmployee3" roleTypeId="EMPLOYEE"/>
+    <PartyContactMech partyId="DemoEmployee3" contactMechId="9020" fromDate="2000-01-01 10:01:48.933" roleTypeId="EMPLOYEE" />
+    <PartyContactMech partyId="DemoEmployee3" contactMechId="9001" fromDate="2000-01-01 10:01:48.933" roleTypeId="EMPLOYEE" />
+    <PartyContactMech partyId="DemoEmployee3" contactMechId="9023" fromDate="2000-01-01 10:01:48.933" roleTypeId="EMPLOYEE" />
+    <PartyRole partyId="DemoEmployee3" roleTypeId="PROJECT_TEAM"/>
+    
     <!-- Demo Customer1 client for demo project 1-->
     <Party partyId="DemoCustomer1" partyTypeId="PERSON" statusId="PARTY_ENABLED" />
     <Person partyId="DemoCustomer1" firstName="Sam" lastName="Customer 1" />
@@ -54,8 +64,9 @@
     <UserLoginAndSecurityGroup groupId="PROJECTUSER" userLoginId="DemoCustomer2" fromDate="2000-01-01 00:00:00.0"/>
     <UserLoginAndSecurityGroup groupId="PROJECTADMIN" userLoginId="DemoEmployee1" fromDate="2000-01-01 00:00:00.0"/>
     <UserLoginAndSecurityGroup groupId="PROJECTUSER" userLoginId="DemoEmployee2" fromDate="2000-01-01 00:00:00.0"/>
+    <UserLoginAndSecurityGroup groupId="PROJECTUSER" userLoginId="DemoEmployee3" fromDate="2000-01-01 00:00:00.0"/>
     
-    <!-- First Demo project from customer 1, phases and tasks with estimated time-->
+    <!-- First Demo project from customer 1 and employee 1,2-->
     <WorkEffort workEffortId="9000" workEffortTypeId="PROJECT" currentStatusId="_NA_" lastStatusUpdate="2007-12-14 15:07:52.901" scopeEnumId="WES_PUBLIC" workEffortName="Demo Project1 Cust1" revisionNumber="1"/>
     <WorkEffortPartyAssignment  workEffortId="9000" partyId="admin" statusId="PAS_ASSIGNED" roleTypeId="PROVIDER_MANAGER" fromDate="2007-12-14 16:45:21.831"/>
     <WorkEffortPartyAssignment  workEffortId="9000" partyId="DemoCustomer1" statusId="PAS_ASSIGNED" roleTypeId="CLIENT_MANAGER" fromDate="2007-12-14 16:45:21.831"/>
@@ -77,12 +88,12 @@
     <WorkEffortAssoc workEffortIdFrom="9003" workEffortIdTo="9005" workEffortAssocTypeId="WORK_EFF_DEPENDENCY" sequenceNum="0" fromDate="2000-01-01 00:00:00.0"/>
     <WorkEffortAssoc workEffortIdFrom="9005" workEffortIdTo="9006" workEffortAssocTypeId="WORK_EFF_DEPENDENCY" sequenceNum="0" fromDate="2000-01-01 00:00:00.0"/>
 
-    <!-- Second Demo project for customer 2, phases and tasks with estimated time-->
+    <!-- Second Demo project for customer 2 and employee 1,3-->
     <WorkEffort workEffortId="9100" workEffortTypeId="PROJECT" currentStatusId="_NA_" lastStatusUpdate="2007-12-14 15:07:52.911" scopeEnumId="WES_PUBLIC" workEffortName="Demo Project2 Cust 2" revisionNumber="1"/>
     <WorkEffortPartyAssignment  workEffortId="9100" partyId="admin" statusId="PAS_ASSIGNED" roleTypeId="PROVIDER_MANAGER" fromDate="2007-12-14 16:45:21.831"/>
     <WorkEffortPartyAssignment  workEffortId="9100" partyId="DemoCustomer2" statusId="PAS_ASSIGNED" roleTypeId="CLIENT_MANAGER" fromDate="2007-12-14 16:45:21.831"/>
     <WorkEffortPartyAssignment  workEffortId="9100" partyId="DemoEmployee1" statusId="PAS_ASSIGNED" roleTypeId="PROVIDER_MANAGER" fromDate="2007-12-14 16:45:21.831"/>
-    <WorkEffortPartyAssignment  workEffortId="9100" partyId="DemoEmployee2" statusId="PAS_ASSIGNED" roleTypeId="PROVIDER_ANALYST" fromDate="2007-12-14 16:45:21.831"/>
+    <WorkEffortPartyAssignment  workEffortId="9100" partyId="DemoEmployee3" statusId="PAS_ASSIGNED" roleTypeId="PROVIDER_ANALYST" fromDate="2007-12-14 16:45:21.831"/>
     <WorkEffort workEffortId="9101" workEffortTypeId="PHASE" currentStatusId="_NA_" lastStatusUpdate="2007-12-14 16:45:14.226" workEffortParentId="9100" workEffortName="phase1" revisionNumber="1" />
     <WorkEffort workEffortId="9102" workEffortTypeId="TASK" currentStatusId="PTS_CREATED" lastStatusUpdate="2007-12-14 16:45:21.831" workEffortParentId="9101" scopeEnumId="WES_PUBLIC" workEffortName="task1" estimatedStartDate="2007-12-03 00:00:00.0" estimatedCompletionDate="2007-12-05 00:00:00.0" revisionNumber="1" />
     <WorkEffortSkillStandard workEffortId="9102" skillTypeId="9000" estimatedDuration="16.0"/>

Modified: ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrDemoPasswordData.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrDemoPasswordData.xml?rev=613123&r1=613122&r2=613123&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrDemoPasswordData.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrDemoPasswordData.xml Fri Jan 18 02:27:22 2008
@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <entity-engine-xml>
-    <UserLogin userLoginId="DemoEmployee1"  currentPassword="47ca69ebb4bdc9ae0adec130880165d2cc05db1a" passwordHint="" partyId="DemoEmployee1"/>
-    <UserLogin userLoginId="DemoEmployee2"  currentPassword="47ca69ebb4bdc9ae0adec130880165d2cc05db1a" passwordHint="" partyId="DemoEmployee2"/>
     <UserLogin userLoginId="DemoCustomer1"  currentPassword="47ca69ebb4bdc9ae0adec130880165d2cc05db1a" passwordHint="" partyId="DemoCustomer1"/>
     <UserLogin userLoginId="DemoCustomer2"  currentPassword="47ca69ebb4bdc9ae0adec130880165d2cc05db1a" passwordHint="" partyId="DemoCustomer2"/>
+    <UserLogin userLoginId="DemoEmployee1"  currentPassword="47ca69ebb4bdc9ae0adec130880165d2cc05db1a" passwordHint="" partyId="DemoEmployee1"/>
+    <UserLogin userLoginId="DemoEmployee2"  currentPassword="47ca69ebb4bdc9ae0adec130880165d2cc05db1a" passwordHint="" partyId="DemoEmployee2"/>
+    <UserLogin userLoginId="DemoEmployee3"  currentPassword="47ca69ebb4bdc9ae0adec130880165d2cc05db1a" passwordHint="" partyId="DemoEmployee3"/>
 </entity-engine-xml>

Modified: ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml?rev=613123&r1=613122&r2=613123&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml Fri Jan 18 02:27:22 2008
@@ -30,10 +30,11 @@
     <SecurityPermission description="Update operations in the Project Manager for a project/phase/task the user is member of." permissionId="PROJECTMGR_ROLE_UPDATE"/>
     <!-- Role and Task dependent -->
     <SecurityPermission description="Be able to create a task (should be member of project)" permissionId="PROJECTMGR_ROLE_TASK_CREATE"/>
-    <SecurityPermission description="Be able to assign a task to a resource (should be member of project)" permissionId="PROJECTMGR_ROLE_TASK_ASSIGN"/>
     <!-- Timesheet dependent -->
-    <SecurityPermission description="Be able to create a weekly timesheet." permissionId="PROJECTMGR_TIMESHEET_CREATE"/>
-    <SecurityPermission description="Be able to update(report) on an existing timesheet(should be member of project of the task)" permissionId="PROJECTMGR_ROLE_TIMESHEET_UPDATE"/>
+    <SecurityPermission description="Be able to create any weekly timesheet." permissionId="PROJECTMGR_TIMESHEET_CREATE"/>
+    <SecurityPermission description="Be able to update any weekly timesheet." permissionId="PROJECTMGR_TIMESHEET_UPDATE"/>
+    <SecurityPermission description="Be able to create a weekly timesheet for the loginid." permissionId="PROJECTMGR_ROLE_TIMESHEET_CREATE"/>
+    <SecurityPermission description="Be able to update(report) on an existing own timesheet(should be member of project of the task)" permissionId="PROJECTMGR_ROLE_TIMESHEET_UPDATE"/>
     
     <!-- allow the security group FULLADMIN (userlogin 'admin') full access -->
     <SecurityGroupPermission groupId="FULLADMIN" permissionId="PROJECTMGR_ADMIN"/>
@@ -41,13 +42,14 @@
     <SecurityGroup description="Project Admin group, has update access to own projects." groupId="PROJECTADMIN"/>
     <SecurityGroupPermission groupId="PROJECTADMIN" permissionId="PROJECTMGR_ROLE_ADMIN"/>
     <SecurityGroupPermission groupId="PROJECTADMIN" permissionId="PROJECTMGR_VIEW"/>
+    <SecurityGroupPermission groupId="PROJECTADMIN" permissionId="PROJECTMGR_TIMESHEET_CREATE"/>
+    <SecurityGroupPermission groupId="PROJECTADMIN" permissionId="PROJECTMGR_TIMESHEET_UPDATE"/>
     
     <SecurityGroup description="Project User group, has read, task create/assign and timesheet create/update access to own projects." groupId="PROJECTUSER"/>
     <SecurityGroupPermission groupId="PROJECTUSER" permissionId="PROJECTMGR_VIEW"/>
     <SecurityGroupPermission groupId="PROJECTUSER" permissionId="PROJECTMGR_ROLE_VIEW"/>
     <SecurityGroupPermission groupId="PROJECTUSER" permissionId="PROJECTMGR_ROLE_TASK_CREATE"/>
-    <SecurityGroupPermission groupId="PROJECTUSER" permissionId="PROJECTMGR_ROLE_TASK_ASSIGN"/>
-    <SecurityGroupPermission groupId="PROJECTUSER" permissionId="PROJECTMGR_TIMESHEET_CREATE"/>
+    <SecurityGroupPermission groupId="PROJECTUSER" permissionId="PROJECTMGR_ROLE_TIMESHEET_CREATE"/>
     <SecurityGroupPermission groupId="PROJECTUSER" permissionId="PROJECTMGR_ROLE_TIMESHEET_UPDATE"/>
     
 </entity-engine-xml>

Modified: ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml?rev=613123&r1=613122&r2=613123&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml Fri Jan 18 02:27:22 2008
@@ -24,22 +24,25 @@
     <simple-method method-name="projectMgrPermission" short-description="general service to check access to the project component">
         <set field="primaryPermission" value="PROJECTMGR"/>
         <set field="hasPermission" value="true" type="Boolean"/>
-        <if-has-permission permission="PROJECTMGR" action="_ADMIN">
-            <field-to-result field-name="hasPermission"/>
-            <return/>
-        </if-has-permission>
+        <set field="hasNoPermission" value="false" type="Boolean"/>
+        
         <!-- find object -->
         <if-compare field-name="parameters.resourceDescription" value="Timesheet" operator="contains">
             <set field="sec_object" value="TIMESHEET"/>
             <else>
-                <if-compare field-name="parameters.resourceDescription" value="Project" operator="contains">
-                    <set field="sec_object" value="PROJECT"/>
+                <if-compare field-name="parameters.resourceDescription" value="TimeEntry" operator="contains">
+                    <set field="sec_object" value="TIMEENTRY"/>
                     <else>
-                        <if-compare field-name="parameters.resourceDescription" value="Phase" operator="contains">
-                            <set field="sec_object" value="PHASE"/>
+                        <if-compare field-name="parameters.resourceDescription" value="Project" operator="contains">
+                            <set field="sec_object" value="PROJECT"/>
                             <else>
-                                <if-compare field-name="parameters.resourceDescription" value="Task" operator="contains">
-                                    <set field="sec_object" value="TASK"/>
+                                <if-compare field-name="parameters.resourceDescription" value="Phase" operator="contains">
+                                    <set field="sec_object" value="PHASE"/>
+                                    <else>
+                                        <if-compare field-name="parameters.resourceDescription" value="Task" operator="contains">
+                                            <set field="sec_object" value="TASK"/>
+                                        </if-compare>
+                                    </else>
                                 </if-compare>
                             </else>
                         </if-compare>
@@ -47,63 +50,244 @@
                 </if-compare>
             </else>
         </if-compare>      
-        <log level="always" message="==============security: object: ${sec_object} action: ${parameters.mainAction}"></log>
+        
+        <log level="info" message="========security======  action: ${parameters.mainAction} object: ${sec_object} resourceDescription: ${parameters.resourceDescription}"/>
 
-        <field-to-result field-name="hasPermission"/>
-        <return/><!-- temporary disable -->
+
+        <!-- PROJECT -->
+        <if-compare field-name="sec_object" value="PROJECT" operator="equals">
+            <log level="info" message="=====Project: ${parameters.projectId}"></log>
+            <if-not-empty field-name="parameters.projectId">
+                <set field="projectId" from-field="parameters.projectId"/>
+                <set field="partyId" from-field="parameters.userLogin.partyId"/>
+                <call-simple-method method-name="checkProjectMembership"/>
+                <if>
+                    <condition>
+                        <or>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_ADMIN"/>
+                                <not><if-has-permission permission="PROJECTMGR_ROLE_ADMIN"/></not>
+                            </and>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_ROLE_ADMIN"/>
+                                <if-compare field-name="isMember" value="true" operator="equals"/>
+                            </and>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_VIEW"/>
+                                <not><if-has-permission permission="PROJECTMGR_ROLE_VIEW"/></not>
+                                <if-compare field-name="parameters.mainAction" value="VIEW" operator="equals"/>
+                            </and>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_ROLE_VIEW"/>
+                                <if-compare field-name="isMember" value="true" operator="equals"/>
+                                <if-compare field-name="parameters.mainAction" value="VIEW" operator="equals"/>
+                            </and>
+                        </or>
+                    </condition>
+                    <then>
+                        <field-to-result field-name="hasPermission"/>
+                        <return/>
+                    </then>
+                    <else>
+                        <property-to-field resource="ProjectMgrUiLabels" property="ProjectMgrNoAccessToProject" field-name="failMessage"/>
+                        <field-to-result field-name="failMessage"/>
+                        <field-to-result field-name="hasNoPermission" result-name="hasPermission"/>
+                        <return/>
+                    </else>
+                </if>
+                <else>
+                    <field-to-result field-name="hasPermission"/><!-- projectId empty -->
+                    <return/>
+                </else>
+            </if-not-empty>
+        </if-compare>        
         
-        <if-compare field-name="sec_object" value="TIMESHEET" operator="equals">
-            <if-compare field-name="mainAction" value="CREATE" operator="equals">
-                <field-to-result field-name="hasPermission"/>
-                <return/>
-            </if-compare>
-        </if-compare>
+        <!-- TASK -->
+        <if-compare field-name="sec_object" value="TASK" operator="equals">
+            <set field="taskId" from-field="parameters.taskId" default-value="parameters.workEffortId"/>
+            <log level="info" message="=====Task: ${parameters.taskId}"></log>
+            <if-not-empty field-name="parameters.taskId">
+                <set field="taskId" from-field="parameters.workEffortId"/>
+                <set field="partyId" from-field="parameters.userLogin.partyId"/>
+                <call-simple-method method-name="checkProjectMembership"/>
+                <if>
+                    <condition>
+                        <or>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_ADMIN"/>
+                                <not><if-has-permission permission="PROJECTMGR_ROLE_ADMIN"/></not>
+                            </and>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_ROLE_ADMIN"/>
+                                <if-compare field-name="isMember" value="true" operator="equals"/>
+                            </and>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_VIEW"/>
+                                <not><if-has-permission permission="PROJECTMGR_ROLE_VIEW"/></not>
+                                <if-compare field-name="parameters.mainAction" value="VIEW" operator="equals"/>
+                            </and>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_ROLE_VIEW"/>
+                                <if-compare field-name="isMember" value="true" operator="equals"/>
+                                <if-compare field-name="parameters.mainAction" value="VIEW" operator="equals"/>
+                            </and>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_ROLE_TASK_CREATE"/>
+                                <if-compare field-name="isMember" value="true" operator="equals"/>
+                                <or>
+                                    <if-compare field-name="parameters.mainAction" value="CREATE" operator="equals"/>
+                                    <if-compare field-name="parameters.mainAction" value="UPDATE" operator="equals"/>
+                                </or>
+                            </and>
+                        </or>
+                    </condition>
+                    <then>
+                        <field-to-result field-name="hasPermission"/>
+                        <return/>
+                    </then>
+                    <else>
+                        <property-to-field resource="ProjectMgrUiLabels" property="ProjectMgrNoAccessToTask" field-name="failMessage"/>
+                        <field-to-result field-name="hasNoPermission" result-name="hasPermission"/>
+                        <field-to-result field-name="failMessage"/>
+                        <field-to-result field-name="hasNoPermission" result-name="hasPermission"/>
+                        <return/>
+                    </else>
+                </if>
+                <else>
+                    <field-to-result field-name="hasPermission"/><!-- projectId empty -->
+                    <return/>
+                </else>
+            </if-not-empty>
+        </if-compare>        
         
-
-        <if-has-permission permission="PROJECTMGR" action="_VIEW">
-            <if-has-permission permission="PROJECTMGR" action="_ROLE_">
-                <!-- object dependent checks here -->
-                <if-compare field-name="sec_object" value="PROJECT" operator="not-equals">
-                    <!-- if not project check if member of task, when not get the projectId -->
-                    <if-compare field-name="sec_object" value="TASK" operator="equals">
-                        <!-- check if login party member of the task -->
-                        <set field="findRel.workEffortId" from-field="sec_id"/>
-                        <set field="findRel.partyId" from-field="userLogin.partyId"/>
-                        <find-by-and entity-name="WorkEffortPartyAssignment" map-name="findRel" list-name="assigns"/>
-                        <filter-list-by-date list-name="assigns" to-list-name="assignsFilt"/>
-                        <if-not-empty field-name="assignsFilt">
-                            <field-to-result field-name="hasPermission"/>
-                            <return/>
-                        </if-not-empty>
-                        <set field="getProj.workEffortId" from-field="sec_id"/>
-                        <else>
-                            <set field="getProj.phaseId" from-field="sec_id"/>
-                        </else>
-                    </if-compare>
-                    <call-service service-name="getProjectIdAndName" in-map-name="getProj">
-                        <result-to-field result-name="projectId"/>
-                    </call-service>
-                </if-compare>
-                <!-- see if login party member of the project -->
-                <set field="findRel.workEffortId" from-field="sec_id"/>
-                <set field="findRel.partyId" from-field="userLogin.partyId"/>
-                <find-by-and entity-name="WorkEffortPartyAssignment" map-name="findRel" list-name="assigns"/>
-                <filter-list-by-date list-name="assigns" to-list-name="assignsFilt"/>
-                <if-not-empty field-name="assignsFilt">
+        
+        <!-- TIMESHEET -->
+        <if-compare field-name="sec_object" value="TIMESHEET" operator="equals">
+            <if>
+                <condition>
+                    <or>
+                        <if-has-permission permission="PROJECTMGR_ADMIN"/>
+                        <and>
+                            <if-has-permission permission="PROJECTMGR_VIEW"/>
+                            <if-compare field-name="mainAction" value="VIEW" operator="equals"/>
+                        </and>
+                        <and>
+                            <if-has-permission permission="PROJECTMGR_TIMESHEET_CREATE"/>
+                            <not><if-has-permission permission="PROJECTMGR_ROLE_TIMESHEET_CREATE"/></not>
+                            <if-compare field-name="mainAction" value="CREATE" operator="equals"/>
+                        </and>
+                        <and>
+                            <if-has-permission permission="PROJECTMGR_TIMESHEET_UPDATE"/>
+                            <not><if-has-permission permission="PROJECTMGR_ROLE_TIMESHEET_UPDATE"/></not>
+                            <if-compare field-name="mainAction" value="UPDATE" operator="equals"/>
+                        </and>
+                        <and>
+                            <if-has-permission permission="PROJECTMGR_ROLE_TIMESHEET_CREATE"/>
+                            <if-compare field-name="mainAction" value="CREATE" operator="equals"/>
+                            <if-compare-field field-name="parameters.partyId" to-field-name="parameters.userLogin.userLoginId" operator="equals"/>
+                        </and>
+                        <and>
+                            <if-has-permission permission="PROJECTMGR_ROLE_TIMESHEET_UPDATE"/>
+                            <if-compare field-name="mainAction" value="UPDATE" operator="equals"/>
+                            <if-compare-field field-name="parameters.partyId" to-field-name="parameters.userLogin.userLoginId" operator="equals"/>
+                        </and>
+                    </or>
+                </condition>
+                <then>
                     <field-to-result field-name="hasPermission"/>
                     <return/>
-                </if-not-empty>
+                </then>
+                <else>
+                    <property-to-field resource="ProjectMgrUiLabels" property="ProjectMgrNoAccessToTimesheet" field-name="failMessage"/>
+                    <field-to-result field-name="hasNoPermission" result-name="hasPermission"/>
+                    <field-to-result field-name="failMessage"/>
+                    <return/>
+                </else>
+            </if>
+        </if-compare>
+        
+        <!-- TIMEENTRY -->
+        <if-compare field-name="sec_object" value="TIMEENTRY" operator="equals">
+            <if-not-empty field-name="parameters.timesheetId">
+                <entity-one entity-name="TimeSheet" value-name="timesheet"/>
+                <set field="timesheetId" from-field="timesheet.timesheetId"/>
+                <set field="taskId" from-field="parameters.workEffortId"/>
+                <set field="partyId" from-field="timesheet.partyId"/>
+                <call-simple-method method-name="checkProjectMembership"/>
+                <if>
+                    <condition>
+                        <or>
+                            <if-has-permission permission="PROJECTMGR_ADMIN"/>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_VIEW"/>
+                                <if-compare field-name="mainAction" value="VIEW" operator="equals"/>
+                            </and>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_TIMESHEET_CREATE"/>
+                                <not><if-has-permission permission="PROJECTMGR_ROLE_TIMESHEET_CREATE"/></not>
+                                <if-compare field-name="mainAction" value="CREATE" operator="equals"/>
+                            </and>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_TIMESHEET_UPDATE"/>
+                                <not><if-has-permission permission="PROJECTMGR_ROLE_TIMESHEET_UPDATE"/></not>
+                                <if-compare field-name="mainAction" value="UPDATE" operator="equals"/>
+                            </and>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_ROLE_TIMESHEET_CREATE"/>
+                                <if-compare field-name="mainAction" value="CREATE" operator="equals"/>
+                                <if-compare-field field-name="timesheet.partyId" to-field-name="parameters.userLogin.userLoginId" operator="equals"/>
+                                <if-compare field-name="isMember" value="true" operator="equals"/>
+                            </and>
+                            <and>
+                                <if-has-permission permission="PROJECTMGR_ROLE_TIMESHEET_UPDATE"/>
+                                <if-compare field-name="mainAction" value="UPDATE" operator="equals"/>
+                                <if-compare-field field-name="timesheet.partyId" to-field-name="parameters.userLogin.userLoginId" operator="equals"/>
+                                <if-compare field-name="isMember" value="true" operator="equals"/>
+                            </and>
+                        </or>
+                    </condition>
+                    <then>
+                        <field-to-result field-name="hasPermission"/>
+                        <return/>
+                    </then>
+                    <else>
+                        <property-to-field resource="ProjectMgrUiLabels" property="ProjectMgrNoAccessToTimesheet" field-name="failMessage"/>
+                        <field-to-result field-name="hasNoPermission" result-name="hasPermission"/>
+                        <field-to-result field-name="failMessage"/>
+                        <return/>
+                    </else>
+                </if>
                 <else>
-                    <if-compare field-name="sec_action" value="WRITE" operator="equals">
-                        <add-error>
-                            <fail-property resource="ProjectMgrUiLabels" property="noAccess:NeedWriteOrUserAccess"/>
-                        </add-error>
-                    </if-compare>
-                </else>    
-            </if-has-permission>
-        </if-has-permission>
-        <check-errors/>  
-        <field-to-result field-name="hasPermission"/>
+                    <field-to-result field-name="hasPermission"/><!-- no timesheetId nu update/read -->
+                    <return/>
+                </else>
+            </if-not-empty>
+        </if-compare>
+        
+        <property-to-field resource="CommonUiLabels" property="CommonPermissionThisOperation" field-name="resourceDescription"/>
+        <field-to-result field-name="failMessage"/>
+        <field-to-result field-name="hasNoPermission" result-name="hasPermission"/>
     </simple-method>
     
+    <simple-method method-name="checkProjectMembership" short-description="check if a party is member of a project, input either 'taskId' or 'projectId', returns 'isMember' ">
+        <if-empty field-name="projectId">
+            <set field="getProject.taskId" from-field="taskId"/>
+            <call-service service-name="getProjectIdAndName" in-map-name="getProject">
+                <result-to-field result-name="projectId" field-name="projectId"/>
+            </call-service>
+        </if-empty>
+        <log level="always" message="=======try to find project: ${projectId} for party: ${partyId}"></log>
+        <entity-and entity-name="WorkEffortPartyAssignment" list-name="projectAssigns" filter-by-date="true">
+            <field-map field-name="workEffortId" env-name="projectId"/>
+            <field-map field-name="partyId" env-name="partyId"/>
+        </entity-and>
+        <filter-list-by-date list-name="projectAssigns" to-list-name="projectAssignsDated"/>
+        <if-empty field-name="projectAssignsDated">
+            <log level="always" message="====is not member!!!===="></log>
+            <set field="isMember" value="false" type="Boolean"/>
+            <else>
+                <set field="isMember" value="true" type="Boolean"/>
+            </else>
+        </if-empty>
+    </simple-method>
 </simple-methods>

Modified: ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectServices.xml?rev=613123&r1=613122&r2=613123&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectServices.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectServices.xml Fri Jan 18 02:27:22 2008
@@ -95,8 +95,6 @@
     </simple-method>
     
     <simple-method method-name="addTaskAssignment" short-description="assign a party to a task however make sure he is member of the related project">
-        <set field="partyId" from-field="parameters.partyId"/>
-        <call-simple-method method-name="checkProjectMembership"/>
         <make-value value-name="newAssign" entity-name="WorkEffortPartyAssignment"/>
         <set-pk-fields value-name="newAssign" map-name="parameters"/>
         <now-timestamp-to-env env-name="newAssign.fromDate"/>
@@ -194,22 +192,28 @@
         <if-compare field-name="parameters.workEffortId" operator="equals" value="Totals">
             <return/>
         </if-compare>
-        <set field="partyId" from-field="timesheet.partyId"/>
-        <call-simple-method method-name="checkProjectMembership"/>
-
-        <!-- check if party assigned to task, when not add with roletype of project -->
+        
+        <!-- check if party assigned to task, when not add with roletype of project, if assigned check status -->
         <entity-and entity-name="WorkEffortPartyAssignment" list-name="assigns" filter-by-date="true">
-            <field-map field-name="workEffortId" env-name="project.workEffortId"/>
+            <field-map field-name="workEffortId" env-name="parameters.workEffortId"/>
             <field-map field-name="partyId" env-name="timesheet.partyId"/>
         </entity-and>
-        <!-- also needed for status update lateron -->
-        <set field="parameters.partyId" from-field="timesheet.partyId"/>
         <if-empty field-name="assigns">
+            <set field="getpr.taskId" from-field="parameters.workEffortId"/>
+            <call-service service-name="getProjectIdAndName" in-map-name="getpr">
+                <result-to-field result-name="projectId"/>
+            </call-service>
+            <entity-and entity-name="WorkEffortPartyAssignment" list-name="projectAssigns" filter-by-date="true">
+                <field-map field-name="workEffortId" env-name="projectId"/>
+                <field-map field-name="partyId" env-name="timesheet.partyId"/>
+            </entity-and>
             <first-from-list entry-name="projectAssign" list-name="projectAssigns"/>
+            <set field="parameters.partyId" from-field="timesheet.partyId"/>
             <set field="parameters.roleTypeId" from-field="projectAssign.roleTypeId"/>
             <set field="parameters.statusId" value="PAS_ASSIGNED"/>
             <call-simple-method method-name="assignPartyToWorkEffort" xml-resource="component://workeffort/script/org/ofbiz/workeffort/workeffort/WorkEffortSimpleServices.xml"/>
         </if-empty>
+        <check-errors/>
         
         <!-- check if the actual start date is set, when not set it to todays date -->
         <if-empty field-name="project.actualStartDate">
@@ -264,10 +268,12 @@
                 </if-compare>
             </if-not-empty>
         </loop>
+        
         <!-- update the assignment status -->
         <if-compare field-name="parameters.checkComplete" value="Y" operator="equals">
             <entity-one entity-name="WorkEffortPartyAssignment" value-name="alreadyAssign"/>
             <if-compare field-name="alreadyAssign.statusId" value="PAS_COMPLETED" operator="not-equals">
+                <set field="parameters.partyId" from-field="timesheet.partyId"/>
                 <set field="parameters.statusId" value="PAS_COMPLETED"/>
                 <call-simple-method method-name="updateTaskAssigment"/>
             </if-compare>
@@ -891,19 +897,5 @@
             </else>            
         </if-not-empty>
     </simple-method>
-    <simple-method method-name="checkProjectMembership" short-description="check if a party is member of a project">
-        <set field="getProject.taskId" from-field="parameters.workEffortId"/>
-        <call-service service-name="getProjectIdAndName" in-map-name="getProject">
-            <result-to-field result-name="projectId" field-name="projectId"/>
-        </call-service>
-        <entity-and entity-name="WorkEffortPartyAssignment" list-name="projectAssigns" filter-by-date="true">
-            <field-map field-name="workEffortId" env-name="projectId"/>
-            <field-map field-name="partyId" env-name="partyId"/>
-        </entity-and>
-        <filter-list-by-date list-name="projectAssigns" to-list-name="projectAssignsDated"/>
-        <if-empty field-name="projectAssignsDated">
-            <add-error><fail-message message="Party: ${partyId} is not part of project: ${project.projectName} with task: ${project.workEffortName}"/></add-error>
-            <check-errors/>
-        </if-empty>
-    </simple-method>
+    
 </simple-methods>

Modified: ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh?rev=613123&r1=613122&r2=613123&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh Fri Jan 18 02:27:22 2008
@@ -43,7 +43,7 @@
 // show the requested timesheet, otherwise the current , if not exist create
 timesheet = null;
 timesheetId = parameters.get("timesheetId");
-Debug.logInfo("====editweek: " + partyId + " timesheetId: " + timesheetId, "");
+// Debug.logInfo("====editweek: " + partyId + " timesheetId: " + timesheetId, "");
 if (timesheetId != null) {
         timesheet = delegator.findByPrimaryKey("Timesheet", UtilMisc.toMap("timesheetId", timesheetId));
         partyId = timesheet.getString("partyId"); // use the party from this timesheet

Modified: ofbiz/trunk/specialpurpose/projectmgr/widget/ProjectScreens.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/widget/ProjectScreens.xml?rev=613123&r1=613122&r2=613123&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/widget/ProjectScreens.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/widget/ProjectScreens.xml Fri Jan 18 02:27:22 2008
@@ -18,8 +18,8 @@
 under the License.
 -->
 
-<screens xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/widget-screen.xsd">
+<screens xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/widget-screen.xsd">
     <screen name="ListSubProjects">
         <section>            
             <actions>

Modified: ofbiz/trunk/specialpurpose/projectmgr/widget/TaskScreens.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/widget/TaskScreens.xml?rev=613123&r1=613122&r2=613123&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/widget/TaskScreens.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/widget/TaskScreens.xml Fri Jan 18 02:27:22 2008
@@ -18,8 +18,8 @@
 under the License.
 -->
 
-<screens xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-        xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/widget-screen.xsd">
+<screens xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/widget-screen.xsd">
     <screen name="Dependencies">
         <section>
             <actions>
@@ -197,7 +197,10 @@
                                         <include-form name="FindTask" location="component://projectmgr/widget/forms/TaskForms.xml"/>
                                         <section>
                                             <condition>
-                                                <if-empty field-name="parameters.partyId"/>
+                                                <or>
+                                                    <if-has-permission permission="PROJECTMGR_ADMIN"/>
+                                                    <if-has-permission permission="PROJECTMGR_VIEW"/>
+                                                </or>
                                             </condition>
                                             <actions>
                                                 <set field="entityName" value="ProjectAndPhaseAndTask"/>
@@ -208,12 +211,14 @@
                                         </section>
                                         <section>
                                             <condition>
-                                                <not>
-                                                    <if-empty field-name="parameters.partyId"/>
-                                                </not>
+                                                <or>
+                                                    <if-has-permission permission="PROJECTMGR_ROLE_ADMIN"/>
+                                                    <if-has-permission permission="PROJECTMGR_ROLE_VIEW"/>
+                                                </or>
                                             </condition>
                                             <actions>
-                                                <set field="entityName" value="ProjectAndPhaseAndTaskParty"/>
+                                                <set field="entityName" value="ProjectPartyAndPhaseAndTask"/>
+                                                <set field="parameters.partyId" from-field="context.userLogin.partyId"/>
                                             </actions>
                                             <widgets>
                                                 <include-form name="ListTasks" location="component://projectmgr/widget/forms/TaskForms.xml"/>