Re: Issue in Project Manager

Fri, 24 Apr 2009 01:07:49 -0700 

Hey Pranay,

Its good that you were able to figure out the problem.

Enjoy the day ahead man :-) !

--
Ashish

Pranay Pandey wrote:

Thanks a lot Ashish, Now I got the solution of my problem.
You showed me the right place to hit and to understand the basic difference for permissions which should be given. Issue was because of wrong permissions given by me to the user I was creating. I cleared it by again reading the document: OFBiz security <http://docs.ofbiz.org/display/OFBTECH/OFBiz+security> 


Thanks & Regards
--
Pranay Pandey


On Apr 23, 2009, at 11:59 AM, Ashish Vijaywargiya wrote:


Hello Pranay,
Let me help you (Only concentrate on my comments that is present inside code snippet taken from file ProjectPermissionServices.xml - I have put false statement and some comment in that) : The below code snippet is the only area which can help you to figure out the problem. 
Please discuss me in person if you are unable to figure out the issue.


      <if-compare field="sec_object" value="PROJECT" operator="equals">
<!--log level="info" message="======ProjectMGR Security===== action: ${parameters.mainAction} object: ${sec_object} Id: ${parameters.projectId} resourceDescription: ${parameters.resourceDescription}"/--> 
          <set field="projectId" from-field="parameters.projectId"/>
<set field="partyId" from-field="parameters.userLogin.partyId"/> 
          <call-simple-method method-name="checkProjectMembership"/>
          <if>
              <condition>
                  <or>
                      <and>
<!-- view a project with a null id is a null operation, so ok... --> 
                          <if-empty field="parameters.projectIdId"/>
<if-compare field="parameters.mainAction" value="VIEW" operator="equals"/> 
                      </and>
                      <and>
                          <!-- false -->
<if-has-permission permission="PROJECTMGR_ADMIN"/> <not><if-has-permission permission="PROJECTMGR_ROLE_ADMIN"/></not> 
                      </and>
                      <and>
<!-- return false for the user you have created --> <!-- In case of admin it returns true isMember flag returns true from method in the bottom "checkProjectMembership--> <!-- So we may need to add a record in either WorkEffortPartyAssignment or WorkEffortPartyAssignByGroup entity --> 
                          <!-- This is all from my side Pranay -->
<if-has-permission permission="PROJECTMGR_ROLE_ADMIN"/> <if-compare field="isMember" value="true" operator="equals"/> 
                      </and>
                      <and>
                          <!-- false -->
<if-has-permission permission="PROJECTMGR_VIEW"/> <not><if-has-permission permission="PROJECTMGR_ROLE_VIEW"/></not> <if-compare field="parameters.mainAction" value="VIEW" operator="equals"/> 
                      </and>
                      <and>
                          <!-- false -->
<if-has-permission permission="PROJECTMGR_ROLE_VIEW"/> <if-compare field="isMember" value="true" operator="equals"/> <if-compare field="parameters.mainAction" value="VIEW" operator="equals"/> 
                      </and>
                  </or>
              </condition>
              <then>
                  <field-to-result field="hasPermission"/>
                  <return/>
              </then>
              <else>
<property-to-field resource="ProjectMgrUiLabels" property="ProjectMgrNoAccessToProject" field="failMessage"/>

Reply via email to