orderitems.ftl

jacopoc Mon, 10 Sep 2007 10:52:18 -0700

Author: jacopoc
Date: Mon Sep 10 10:51:56 2007
New Revision: 574317

URL: http://svn.apache.org/viewvc?rev=574317&view=rev
Log:
changed permission checks to look also at the _ROLE permissions when updating 
orders.


Modified:
    
ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml
    ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl
    ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl

Modified: 
ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml?rev=574317&r1=574316&r2=574317&view=diff
==============================================================================
--- 
ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml
 (original)
+++ 
ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml
 Mon Sep 10 10:51:56 2007
@@ -21,7 +21,10 @@
 <simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
         
xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/simple-methods.xsd";>
     <simple-method method-name="createOrderAdjustment" 
short-description="Create an OrderAdjustment">
-        <check-permission permission="ORDERMGR" 
action="_CREATE"><fail-property resource="OrderErrorUiLabels" 
property="OrderSecurityErrorToRunCreateOrderAdjustement"/></check-permission>
+        <check-permission permission="ORDERMGR" action="_CREATE">
+            <alt-permission permission="ORDERMGR_ROLE" action="_CREATE"/>
+            <fail-property resource="OrderErrorUiLabels" 
property="OrderSecurityErrorToRunCreateOrderAdjustement"/>
+        </check-permission>
         <check-errors/>
 
         <make-value entity-name="OrderAdjustment" value-name="newEntity"/>

Modified: 
ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl?rev=574317&r1=574316&r2=574317&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl 
(original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/order/editorderitems.ftl Mon 
Sep 10 10:51:56 2007
@@ -40,7 +40,7 @@
         <ul>
           <li class="head3">&nbsp;${uiLabelMap.OrderOrderItems}</li>
 
-          <#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session)>
+          <#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session) || 
security.hasRolePermission("ORDERMGR", "_UPDATE", "", "", session)>
               <#if orderHeader?has_content && orderHeader.statusId != 
"ORDER_CANCELLED" && orderHeader.statusId != "ORDER_COMPLETED">
                   <li><a 
href="<@ofbizUrl>cancelOrderItem?${paramString}</@ofbizUrl>">${uiLabelMap.OrderCancelAllItems}</a></li>
                   <li><a 
href="<@ofbizUrl>orderview?${paramString}</@ofbizUrl>">${uiLabelMap.OrderViewOrder}</a></li>
@@ -275,7 +275,7 @@
         </#list>
 
         <#-- add new adjustment -->
-        <#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session) && 
orderHeader.statusId != "ORDER_COMPLETED" && orderHeader.statusId != 
"ORDER_CANCELLED" && orderHeader.statusId != "ORDER_REJECTED">
+        <#if (security.hasEntityPermission("ORDERMGR", "_UPDATE", session) || 
security.hasRolePermission("ORDERMGR", "_UPDATE", "", "", session)) && 
orderHeader.statusId != "ORDER_COMPLETED" && orderHeader.statusId != 
"ORDER_CANCELLED" && orderHeader.statusId != "ORDER_REJECTED">
             <form name="addAdjustmentForm" method="post" 
action="<@ofbizUrl>createOrderAdjustment?${paramString}</@ofbizUrl>">
                 <input type="hidden" name="comments" value="Added manually by 
[${userLogin.userLoginId}]"/>
                 <table class="basic-table" cellspacing="0">

Modified: ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl?rev=574317&r1=574316&r2=574317&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl 
(original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/order/orderitems.ftl Mon Sep 
10 10:51:56 2007
@@ -18,12 +18,11 @@
 -->
 
 <#if orderHeader?has_content>
-
 <div class="screenlet">
     <div class="screenlet-title-bar">
     <ul>
       <li class="head3">&nbsp;${uiLabelMap.OrderOrderItems}</li>
-      <#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session)>
+      <#if security.hasEntityPermission("ORDERMGR", "_UPDATE", session) || 
security.hasRolePermission("ORDERMGR", "_UPDATE", "", "", session)>
         <#if orderHeader?has_content && orderHeader.statusId != 
"ORDER_CANCELLED">
           <#if orderHeader.statusId != "ORDER_COMPLETED">
             <#--

svn commit: r574317 - in /ofbiz/trunk/applications/order: script/org/ofbiz/order/order/OrderSimpleMethods.xml webapp/ordermgr/order/editorderitems.ftl webapp/ordermgr/order/orderitems.ftl

Reply via email to