svn commit: r613585 - in /ofbiz/trunk/specialpurpose/projectmgr: data/ProjectMgrSecurityData.xml script/org/ofbiz/project/ProjectPermissionServices.xml widget/Menus.xml

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r613585 - in /ofbiz/trunk/specialpurpose/projectmgr: data/ProjectMgrSecurityData.xml script/org/ofbiz/project/ProjectPermissionServices.xml widget/Menus.xml

hansbak-2
Author: hansbak
Date: Sun Jan 20 08:06:27 2008
New Revision: 613585

URL: http://svn.apache.org/viewvc?rev=613585&view=rev
Log:
some more security fixes and using the permissionservices also in the menu with in line bsh code

Modified:
    ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml
    ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml
    ofbiz/trunk/specialpurpose/projectmgr/widget/Menus.xml

Modified: ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml?rev=613585&r1=613584&r2=613585&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml Sun Jan 20 08:06:27 2008
@@ -22,14 +22,14 @@
     
     <!-- Project Manager security -->
     <!-- General, all projects -->
-    <SecurityPermission description="ALL operations in the Project Manager." permissionId="PROJECTMGR_ADMIN"/>
-    <SecurityPermission description="ALL View operations in the Project Manager(but can be limited by ROLE_VIEW)" permissionId="PROJECTMGR_VIEW"/>
+    <SecurityPermission permissionId="PROJECTMGR_ADMIN" description="ALL operations in the Project Manager."/>
+    <SecurityPermission permissionId="PROJECTMGR_VIEW" description="ALL View operations in the Project Manager(but can be limited by ROLE_VIEW)"/>
     <!-- General, Role dependent (must be member of the project) -->
-    <SecurityPermission description="All admin operations in the Project Manager for a project/phase/task the user is member of." permissionId="PROJECTMGR_ROLE_ADMIN"/>
-    <SecurityPermission description="All view operations in the Project Manager for a project/phase/task the user is member of." permissionId="PROJECTMGR_ROLE_VIEW"/>
-    <SecurityPermission description="Update operations in the Project Manager for a project/phase/task the user is member of." permissionId="PROJECTMGR_ROLE_UPDATE"/>
+    <SecurityPermission permissionId="PROJECTMGR_ROLE_ADMIN" description="All admin operations in the Project Manager for a project/phase/task the user is member of."/>
+    <SecurityPermission permissionId="PROJECTMGR_ROLE_VIEW" description="All view operations in the Project Manager for a project/phase/task the user is member of."/>
+    <SecurityPermission permissionId="PROJECTMGR_ROLE_UPDATE" description="Update operations in the Project Manager for a project/phase/task the user is member of."/>
     <!-- Role and Task dependent -->
-    <SecurityPermission description="Be able to create a task (should be member of project)" permissionId="PROJECTMGR_ROLE_TASK_CREATE"/>
+    <SecurityPermission permissionId="PROJECTMGR_ROLE_TASK_CREATE" description="Be able to create a task (should be member of project)"/>
     <!-- Timesheet dependent -->
     <SecurityPermission description="Be able to create any weekly timesheet." permissionId="PROJECTMGR_TIMESHEET_CREATE"/>
     <SecurityPermission description="Be able to update any weekly timesheet." permissionId="PROJECTMGR_TIMESHEET_UPDATE"/>

Modified: ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml?rev=613585&r1=613584&r2=613585&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml Sun Jan 20 08:06:27 2008
@@ -56,7 +56,7 @@
         <if-compare field-name="sec_object" value="PROJECT" operator="equals">
             <!--log level="info" message="======ProjectMGR Security=====  action: ${parameters.mainAction} object: ${sec_object} Id: ${parameters.projectId} resourceDescription: ${parameters.resourceDescription}"/-->
             <set field="projectId" from-field="parameters.projectId"/>
-            <set field="partyId" from-field="parameters.partyId"/>
+            <set field="partyId" from-field="parameters.userLogin.partyId"/>
             <call-simple-method method-name="checkProjectMembership"/>
             <if>
                 <condition>
@@ -103,6 +103,7 @@
         <if-compare field-name="sec_object" value="PHASE" operator="equals">
             <!--log level="info" message="======ProjectMGR Security=====  action: ${parameters.mainAction} object: ${sec_object} Id: ${parameters.projectId} resourceDescription: ${parameters.resourceDescription}"/-->
             <set field="projectId" from-field="parameters.projectId"/>
+            <set field="partyId" from-field="parameters.userLogin.partyId"/>
             <call-simple-method method-name="checkProjectMembership"/>
             <if>
                 <condition>
@@ -249,7 +250,7 @@
         
         <!-- TIMEENTRY -->
         <if-compare field-name="sec_object" value="TIMEENTRY" operator="equals">
-            <log level="info" message="======ProjectMGR Security=====  action: ${parameters.mainAction} object: ${sec_object} value: ${parameters.timeEntryId} workEffortId: ${parameters.workEffortId} timesheetId: ${parameters.timesheetId} resourceDescription: ${parameters.resourceDescription}"/>
+            <!--log level="info" message="======ProjectMGR Security=====  action: ${parameters.mainAction} object: ${sec_object} value: ${parameters.timeEntryId} workEffortId: ${parameters.workEffortId} timesheetId: ${parameters.timesheetId} resourceDescription: ${parameters.resourceDescription}"/-->
             <entity-one entity-name="Timesheet" value-name="timesheet"/>
             <set field="timesheetId" from-field="timesheet.timesheetId"/>
             <set field="taskId" from-field="parameters.workEffortId"/>

Modified: ofbiz/trunk/specialpurpose/projectmgr/widget/Menus.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/widget/Menus.xml?rev=613585&r1=613584&r2=613585&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/widget/Menus.xml (original)
+++ ofbiz/trunk/specialpurpose/projectmgr/widget/Menus.xml Sun Jan 20 08:06:27 2008
@@ -66,24 +66,38 @@
     </menu>
     <menu name="ProjectTabBar" type="simple" menu-container-style="button-bar tab-bar" default-selected-style="selected">
         <actions>
-            <set field="projectId" from-field="parameters.projectId" default-value="${parameters.workEffortId}"/>
+            <set field="projectId" from-field="parameters.projectId" default-value="${parameters.workEffortId}"/>
+            <set field="hasUpdatePermission" value="${bsh:
+                result = dispatcher.runSync(&quot;projectMgrPermission&quot;,
+                org.ofbiz.base.util.UtilMisc.toMap(&quot;userLogin&quot;, parameters.get(&quot;userLogin&quot;),
+                &quot;resourceDescription&quot;, &quot;Project&quot;,
+                &quot;mainAction&quot;, &quot;UPDATE&quot;,
+                &quot;projectId&quot;, projectId));
+                return result.get(&quot;hasPermission&quot;); }" type="Boolean"/>
+            <set field="hasViewPermission" value="${bsh:
+                result = dispatcher.runSync(&quot;projectMgrPermission&quot;,
+                org.ofbiz.base.util.UtilMisc.toMap(&quot;userLogin&quot;, parameters.get(&quot;userLogin&quot;),
+                &quot;resourceDescription&quot;, &quot;Project&quot;,
+                &quot;mainAction&quot;, &quot;VIEW&quot;,
+                &quot;projectId&quot;, projectId));
+                return result.get(&quot;hasPermission&quot;); }" type="Boolean"/>
         </actions>
         <menu-item name="ganttchart" title="${uiLabelMap.ProjectMgrGanttChart}">
             <condition>
-                    <if-has-permission permission="PROJECTMGR" action="_VIEW"/>
+                <if-compare field-name="hasViewPermission" operator="equals" value="true"/>
             </condition>
             <link target="ganttChart?projectId=${projectId}"/>
         </menu-item>
         <menu-item name="projectView" title="${uiLabelMap.ProjectMgrProjectSummary}">
             <condition>
-                <if-has-permission permission="PROJECTMGR" action="_VIEW"/>
+                <if-compare field-name="hasViewPermission" operator="equals" value="true"/>
             </condition>
             <link target="projectView?projectId=${projectId}"/>
         </menu-item>
         <menu-item name="editproject" title="${uiLabelMap.ProjectMgrEditPoject}">
             <condition>
                 <and>
-                    <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+                    <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -94,7 +108,7 @@
         <menu-item name="phases" title="${uiLabelMap.ProjectMgrPhases}">
             <condition>
                 <and>
-                    <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+                    <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -105,7 +119,7 @@
         <menu-item name="tasks" title="${uiLabelMap.ProjectMgrTasks}">
             <condition>
                 <and>
-                    <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+                    <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -116,7 +130,7 @@
         <menu-item name="parties" title="${uiLabelMap.ProjectMgrResources}">
             <condition>
                 <and>
-                    <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+                    <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -127,7 +141,7 @@
         <menu-item name="notes" title="${uiLabelMap.CommonNotes}">
             <condition>
                 <and>
-                    <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+                    <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -138,7 +152,7 @@
         <menu-item name="subprojects" title="${uiLabelMap.ProjectMgrSubProjects}">
             <condition>
                 <and>
-                    <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+                    <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -149,7 +163,7 @@
         <menu-item name="billing" title="${uiLabelMap.ProjectMgrBilling}">
             <condition>
                 <and>
-                    <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+                    <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_COMPLETED"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_ON_HOLD"/>
                     <if-compare field-name="project.currentStatusId" operator="not-equals" value="PTS_CANCELED"/>
@@ -168,7 +182,7 @@
                     <not>
                         <if-empty field-name="project"/>
                     </not>
-                    <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+                    <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
                 </and>
             </condition>
             <link target="EditProject"></link>
@@ -179,7 +193,7 @@
                     <not>
                         <if-empty field-name="project"/>
                     </not>
-                    <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+                    <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
                 </and>
             </condition>
             <link target="copyProject?projectId=${projectId}"></link>
@@ -190,7 +204,7 @@
                     <not>
                         <if-empty field-name="project"/>
                     </not>
-                    <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+                    <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
                 </and>
             </condition>
             <link target="scheduleProject?projectId=${projectId}"></link>
@@ -201,7 +215,7 @@
                     <not>
                         <if-empty field-name="project"/>
                     </not>
-                    <if-has-permission permission="PROJECTMGR" action="_ROLE_UPDATE"/>
+                    <if-compare field-name="hasUpdatePermission" operator="equals" value="true"/>
                 </and>
             </condition>
             <link target="copyProjectToTemplate?projectId=${projectId}"></link>