Author: jaz
Date: Mon Jan 22 12:39:27 2007
New Revision: 498790
URL: http://svn.apache.org/viewvc?view=rev&rev=498790
Log:
added first pass of workeffort permission code issue OFBIZ-615. This is JUST
the code, no changes to actual services yet.
Added:
ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/
ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml
(with props)
Modified:
ofbiz/trunk/applications/workeffort/config/WorkEffortUiLabels.properties
ofbiz/trunk/applications/workeffort/data/WorkEffortSecurityData.xml
ofbiz/trunk/applications/workeffort/servicedef/services.xml
Modified:
ofbiz/trunk/applications/workeffort/config/WorkEffortUiLabels.properties
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/config/WorkEffortUiLabels.properties?view=diff&rev=498790&r1=498789&r2=498790
==============================================================================
--- ofbiz/trunk/applications/workeffort/config/WorkEffortUiLabels.properties
(original)
+++ ofbiz/trunk/applications/workeffort/config/WorkEffortUiLabels.properties
Mon Jan 22 12:39:27 2007
@@ -353,6 +353,9 @@
WorkEffortCreatePermissionError=Security Error: to run this operation you must
have the WORKEFFORTMGR_CREATE or WORKEFFORTMGR_ADMIN permission
WorkEffortUpdatePermissionError=Security Error: to run this operation you must
have the WORKEFFORTMGR_UPDATE or WORKEFFORTMGR_ADMIN permission
WorkEffortDeletePermissionError=Security Error: to run this operation you must
have the WORKEFFORTMGR_DELETE or WORKEFFORTMGR_ADMIN permission
+WorkEffortPermissionError=Security Error\: to run ${resourceDescription} you
must have the WORKEFFORTMGR_${mainAction} or WORKEFFORTMGR_ADMIN permission
+WorkEffortNotInRolePermissionError=Security Error\: to run
${resourceDescription} you must be in ${roleTypeId} role with WorkEffort:
${workEffortId}
+WorkEffortTimeSheetNotInRolePermissionError=Security Error\: to run
${resourceDescription} you must be in ${roleTypeId} role with WorkEffort:
${workEffortId}
FormFieldTitle_workEffortId=Work Effort Id
FormFieldTitle_priority=Priority
Modified: ofbiz/trunk/applications/workeffort/data/WorkEffortSecurityData.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/data/WorkEffortSecurityData.xml?view=diff&rev=498790&r1=498789&r2=498790
==============================================================================
--- ofbiz/trunk/applications/workeffort/data/WorkEffortSecurityData.xml
(original)
+++ ofbiz/trunk/applications/workeffort/data/WorkEffortSecurityData.xml Mon Jan
22 12:39:27 2007
@@ -21,13 +21,23 @@
<SecurityPermission description="View operations in the Work Effort
Manager." permissionId="WORKEFFORTMGR_VIEW"/>
<SecurityPermission description="Create operations in the Work Effort
Manager." permissionId="WORKEFFORTMGR_CREATE"/>
<SecurityPermission description="Update operations in the Work Effort
Manager." permissionId="WORKEFFORTMGR_UPDATE"/>
- <SecurityPermission description="Delete operations in the Work Effort
Manager." permissionId="WORKEFFORTMGR_DELETE"/>
+ <SecurityPermission description="Delete operations in the Work Effort
Manager." permissionId="WORKEFFORTMGR_DELETE"/>
+ <SecurityPermission description="View work effort roles in the Work Effort
Manager." permissionId="WORKEFFORTMGR_ROLE_VIEW"/>
+ <SecurityPermission description="Create work effort roles in the Work
Effort Manager." permissionId="WORKEFFORTMGR_ROLE_CREATE"/>
+ <SecurityPermission description="Update work effort roles in the Work
Effort Manager." permissionId="WORKEFFORTMGR_ROLE_UPDATE"/>
<SecurityPermission description="ALL operations in the Work Effort
Manager." permissionId="WORKEFFORTMGR_ADMIN"/>
+
+
<SecurityGroupPermission groupId="FULLADMIN"
permissionId="WORKEFFORTMGR_ADMIN"/>
<SecurityGroupPermission groupId="FLEXADMIN"
permissionId="WORKEFFORTMGR_CREATE"/>
<SecurityGroupPermission groupId="FLEXADMIN"
permissionId="WORKEFFORTMGR_DELETE"/>
<SecurityGroupPermission groupId="FLEXADMIN"
permissionId="WORKEFFORTMGR_UPDATE"/>
<SecurityGroupPermission groupId="FLEXADMIN"
permissionId="WORKEFFORTMGR_VIEW"/>
+ <SecurityGroupPermission groupId="FLEXADMIN"
permissionId="WORKEFFORTMGR_ROLE_CREATE"/>
+ <SecurityGroupPermission groupId="FLEXADMIN"
permissionId="WORKEFFORTMGR_ROLE_UPDATE"/>
+ <SecurityGroupPermission groupId="FLEXADMIN"
permissionId="WORKEFFORTMGR_ROLE_VIEW"/>
<SecurityGroupPermission groupId="VIEWADMIN"
permissionId="WORKEFFORTMGR_VIEW"/>
<SecurityGroupPermission groupId="BIZADMIN"
permissionId="WORKEFFORTMGR_ADMIN"/>
+
+
</entity-engine-xml>
Added:
ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml?view=auto&rev=498790
==============================================================================
---
ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml
(added)
+++
ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml
Mon Jan 22 12:39:27 2007
@@ -0,0 +1,216 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright 2001-2007 The Apache Software Foundation
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ ~ use this file except in compliance with the License. You may obtain a copy
of
+ ~ the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ ~ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ ~ License for the specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+
xsi:noNamespaceSchemaLocation="http://www.ofbiz.org/dtds/simple-methods.xsd";>
+
+ <simple-method method-name="workEffortManagerPermission"
short-description="Check user has WorkEffort Manager permission">
+ <set field="primaryPermission" value="WORKEFFORTMGR"/>
+ <call-simple-method method-name="genericBasePermissionCheck"
xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
+ </simple-method>
+
+ <simple-method method-name="workEffortGenericPermission"
short-description="">
+ <set field="primaryPermission" value="WORKEFFORTMGR"/>
+ <call-simple-method method-name="genericBasePermissionCheck"
xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
+
+ <if>
+ <condition>
+ <not>
+ <if-compare field-name="hasPermission" value="true"
operator="equals"/>
+ </not>
+ </condition>
+ <then>
+ <set field="primaryPermission" value="WORKEFFORTMGR_ROLE"/>
+ <call-simple-method method-name="genericBasePermissionCheck"
xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
+
+ <if>
+ <condition>
+ <if-compare field-name="hasPermission" value="true"
operator="equals"/>
+ </condition>
+ <then>
+ <if>
+ <condition>
+ <and>
+ <if-compare field-name="mainAction"
value="CREATE" operator="equals"/>
+ <not>
+ <if-empty
field-name="parameters.workEffortParentId"/>
+ </not>
+ </and>
+ </condition>
+ <then>
+ <!-- check ANY role permission on the parent
-->
+ <set field="workEffortId"
from-field="parameters.workEffortPartentId"/>
+ <call-simple-method
method-name="workEffortPartyAnyRolePermission"/>
+ </then>
+ <else-if>
+ <condition>
+ <if-compare field-name="mainAction"
value="UPDATE" operator="equals"/>
+ </condition>
+ <then>
+ <!-- make sure we have role permission to
update THIS workeffort -->
+ <set field="workEffortId"
from-field="parameters.workEffortId"/>
+ <call-simple-method
method-name="workEffortPartyOwnerRolePermission"/>
+
+ <!-- get the existing parent ID -->
+ <entity-one entity-name="WorkEffort"
value-name="workEffort">
+ <field-map field-name="workEffortId"
env-name="parameters.workEffortId"/>
+ </entity-one>
+
+ <if>
+ <condition>
+ <and>
+ <if-compare
field-name="hasPermission" value="true" operator="equals"/>
+ <not>
+ <if-empty
field-name="parameters.workEffortParentId"/>
+ </not>
+ <if-compare-field
field-name="parameters.workEffortParentId" operator="not-equals"
to-field-name="workEffort.workEffortParentId"/>
+ </and>
+ </condition>
+
+ <then>
+ <!-- check the parent -->
+ <set field="workEffortId"
from-field="parameters.workEffortParentId"/>
+ <call-simple-method
method-name="workEffortPartyOwnerRolePermission"/>
+ </then>
+ </if>
+ </then>
+ </else-if>
+ </if>
+ </then>
+ </if>
+ </then>
+ </if>
+ </simple-method>
+
+ <simple-method method-name="workEffortPartyOwnerRolePermission"
short-description="Check if Party is in CAL_OWNER or CAL_DELEGATE role with
WorkEffort">
+ <if-empty field-name="workEffortId">
+ <!-- This should be case of create WorkEffort -->
+ <set field="workEffortId"
from-field="parameters.workEffortParentId"/>
+ </if-empty>
+ <while><condition><not><if-empty
field-name="workEffortId"></if-empty></not></condition>
+ <then>
+ <!-- if the case is of new workEffort with Parent workEffort
Id,
+ then lookup the parent workEffort and check if user is in
any OWNER role with WorkEffort -->
+ <set from-field="workEffortId"
field="lookupRoleWorkEffortMap.workEffortId"/>
+ <set from-field="userLogin.partyId"
field="lookupRoleWorkEffortMap.partyId"/>
+ <set value="CAL_OWNER"
field="lookupRoleWorkEffortMap.roleTypeId"/>
+ <log level="always" message="Running find-by-and:
${lookupRoleWorkEffortMap}"/>
+
+ <find-by-and entity-name="WorkEffortPartyAssignment"
map-name="lookupRoleWorkEffortMap" list-name="roleParties"/>
+ <filter-list-by-date list-name="roleParties"
valid-date-name="nowTimestamp"/>
+ <log level="always" message="Found role parties:
${roleParties}"/>
+
+ <if-empty field-name="roleParties">
+ <log level="info" message="Party ${userLogin.partyId} is
not in ${roleTypeId} role with workEffort: ${workEffortId}"/>
+ <set value="CAL_DELEGATE"
field="lookupRoleWorkEffortMap.roleTypeId"/>
+ <find-by-and entity-name="WorkEffortPartyAssignment"
map-name="lookupRoleWorkEffortMap" list-name="roleParties"/>
+ </if-empty>
+ <filter-list-by-date list-name="roleParties"
valid-date-name="nowTimestamp"/>
+
+ <if-not-empty field-name="roleParties">
+ <set field="hasPermission" type="Boolean" value="true"/>
+ <field-to-result field-name="hasPermission"/>
+ <log level="info" message="Party ${userLogin.partyId} is
in ${lookupRoleWorkEffortMap.roleTypeId} role with workEffort:
${workEffortId}"/>
+ <clear-field field-name="workEffortId"/>
+
+ <else>
+ <log level="info" message="Party ${userLogin.partyId}
is not in ${roleTypeId} role with workEffort: ${workEffortId}"/>
+ <property-to-field resource="WorkEffortUiLabels"
property="WorkEffortNotInRolePermissionError" field-name="failMessage"/>
+ <set field="hasPermission" type="Boolean"
value="false"/>
+ <field-to-result field-name="hasPermission"/>
+ <field-to-result field-name="failMessage"/>
+
+ <!-- recurse through all parents -->
+ <set field="workEffortLookUpMap.workEffortId"
from-field="workEffortId"/>
+ <find-by-primary-key entity-name="WorkEffort"
map-name="workEffortLookUpMap" value-name="workEffortParent"/>
+ <set from-field="workEffortParent.workEffortParentId"
field="workEffortId"/>
+ <if-empty
field-name="workEffortParent.workEffortParentId">
+ <clear-field field-name="workEffortId"/>
+ </if-empty>
+ </else>
+
+ </if-not-empty>
+ </then>
+ </while>
+ </simple-method>
+
+ <simple-method method-name="workEffortPartyAnyRolePermission"
short-description="Check if Party is in ANY role with WorkEffort">
+ <if-empty field-name="workEffortId">
+ <!-- This should be case of create WorkEffort -->
+ <set field="workEffortId"
from-field="parameters.workEffortParentId"/>
+ </if-empty>
+ <while><condition><not><if-empty
field-name="workEffortId"></if-empty></not></condition>
+ <then>
+ <!-- if the case is of new workEffort with Parent workEffort
Id,
+ then lookup the parent workEffort and check if user is in
any role with WorkEffort -->
+ <set from-field="workEffortId"
field="lookupRoleWorkEffortMap.workEffortId"/>
+ <set from-field="userLogin.partyId"
field="lookupRoleWorkEffortMap.partyId"/>
+ <find-by-and entity-name="WorkEffortPartyAssignment"
map-name="lookupRoleWorkEffortMap" list-name="roleParties"/>
+ <filter-list-by-date list-name="roleParties"
valid-date-name="nowTimestamp"/>
+
+ <if-not-empty field-name="roleParties">
+ <set field="hasPermission" type="Boolean" value="true"/>
+ <field-to-result field-name="hasPermission"/>
+ <log level="info" message="Party ${userLogin.partyId} is
associated with workEffort: ${workEffortId}"/>
+ <clear-field field-name="workEffortId"/>
+
+ <else>
+ <log level="info" message="Party ${userLogin.partyId}
is not associated with workEffort: ${workEffortId}"/>
+ <property-to-field resource="WorkEffortUiLabels"
property="WorkEffortNotInRolePermissionError" field-name="failMessage"/>
+ <set field="hasPermission" type="Boolean"
value="false"/>
+ <field-to-result field-name="hasPermission"/>
+ <field-to-result field-name="failMessage"/>
+
+ <!-- recurse through all parents -->
+ <set field="workEffortLookUpMap.workEffortId"
from-field="workEffortId"/>
+ <find-by-primary-key entity-name="WorkEffort"
map-name="workEffortLookUpMap" value-name="workEffortParent"/>
+ <set from-field="workEffortParent.workEffortParentId"
field="workEffortId"/>
+ <if-empty
field-name="workEffortParent.workEffortParentId">
+ <clear-field field-name="workEffortId"/>
+ </if-empty>
+ </else>
+
+ </if-not-empty>
+ </then>
+ </while>
+ </simple-method>
+
+ <simple-method method-name="timesheetUpdatePermission"
short-description="Check Permission to Update Timesheet">
+ <set field="parameters.mainAction" value="UPDATE"/>
+ <call-simple-method method-name="workEffortGenericPermission"/>
+ <check-errors/>
+ <if-compare-field operator="not-equals"
field-name="parameters.partyId" to-field-name="userLogin.partyId">
+ <property-to-field resource="WorkEffortUiLabels"
property="WorkEffortTimeSheetNotInRolePermissionError"
field-name="failMessage"/>
+ <set field="hasPermission" type="Boolean" value="false"/>
+ <field-to-result field-name="hasPermission"/>
+ <field-to-result field-name="failMessage"/>
+ </if-compare-field>
+ <if-not-empty field-name="workEffortId">
+ <set from-field="workEffortId"
field="lookupRoleWorkEffortMap.workEffortId"/>
+ <set from-field="userLogin.partyId"
field="lookupRoleWorkEffortMap.partyId"/>
+ <find-by-and entity-name="WorkEffortPartyAssignByRole"
map-name="lookupRoleWorkEffortMap" list-name="roleParties"/>
+ <filter-list-by-date list-name="roleParties"
valid-date-name="nowTimestamp"/>
+ <if-empty field-name="roleParties">
+ <property-to-field resource="WorkEffortUiLabels"
property="WorkEffortTimeSheetNotInRolePermissionError"
field-name="failMessage"/>
+ <set field="hasPermission" type="Boolean" value="false"/>
+ <field-to-result field-name="hasPermission"/>
+ <field-to-result field-name="failMessage"/>
+ </if-empty>
+ </if-not-empty>
+ </simple-method>
+
+</simple-methods>
Propchange:
ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml
------------------------------------------------------------------------------
svn:keywords = Date Rev Author URL Id
Propchange:
ofbiz/trunk/applications/workeffort/script/org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Modified: ofbiz/trunk/applications/workeffort/servicedef/services.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/servicedef/services.xml?view=diff&rev=498790&r1=498789&r2=498790
==============================================================================
--- ofbiz/trunk/applications/workeffort/servicedef/services.xml (original)
+++ ofbiz/trunk/applications/workeffort/servicedef/services.xml Mon Jan 22
12:39:27 2007
@@ -510,4 +510,21 @@
<description>Remove all Work Effort Keyword</description>
<auto-attributes entity-name="WorkEffort" include="pk" mode="IN"
optional="false"/>
</service>
+
+ <!-- Permission Services -->
+ <service name="workEffortManagerPermission" engine="simple"
+ location="org/ofbiz/workeffort/WorkEffortPermissionServices.xml"
invoke="workEffortManagerPermission">
+ <implements service="permissionInterface"/>
+ </service>
+ <service name="workEffortGenericPermission" engine="simple"
+
location="org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml"
invoke="workEffortGenericPermission">
+ <implements service="permissionInterface"/>
+ <attribute name="workEffortId" mode="IN" type="String"
optional="true"/>
+ <attribute name="workEffortParentId" mode="IN" type="String"
optional="true"/>
+ </service>
+ <service name="timesheetUpdatePermission" engine="simple"
+
location="org/ofbiz/workeffort/permission/WorkEffortPermissionServices.xml"
invoke="timesheetUpdatePermission">
+ <implements service="permissionInterface"/>
+ <attribute name="workEffortId" mode="IN" type="String"
optional="true"></attribute>
+ </service>
</services>
