On my local system, any user with PROJECTMGR_VIEW can access projects
even if they are not listed as a resource. I wanted to limit this
permission so, I edited the ProjectScreens.xml to check for permissions.
<screen name="ProjectView">
<section>
<condition>
<or>
<if-has-permission permission="PROJECTMGR_ADMIN"/>
<if-has-permission permission="PROJECTMGR_ROLE_VIEW"/>
</or>
</condition>
<actions>
<set field="titleProperty" value="ProjectMgrProjectSummary"/>
<set field="tabButtonItem" value="projectView"/>
<set field="projectId" from-field="parameters.projectId"
default-value="${parameters.workEffortId}"/>
<service service-name="getProject" result-map="result">
<field-map field-name="projectId" from-field="projectId"/>
</service>
<set field="project" from-field="result.projectInfo"/>
</actions>
<widgets>
<decorator-screen name="CommonProjectDecorator"
location="${parameters.mainDecoratorLocation}">
<decorator-section name="body">
<container style="lefthalf">
<screenlet
title="${uiLabelMap.PageTitleProjectInformation}">
<include-form name="ProjectInfo"
location="component://projectmgr/widget/forms/ProjectForms.xml"/>
</screenlet>
<include-screen name="SubProjectsInfo"/>
<include-screen name="PhasesInfo"/>
</container>
<container style="righthalf">
<include-screen name="PartiesInfo"/>
<include-screen name="NoteInfo"/>
<include-screen name="ListProjectContent"/>
<include-screen name="OrderInfo"/>
</container>
<container style="clear"/>
<include-screen name="TasksInfo"/>
</decorator-section>
</decorator-screen>
</widgets>
</section>
</screen>
However, a user with PROJECTMGR_ROLE_VIEW can still view any project
regardless if she is a member of that project or not, by navigating to:
https://localhost:8443/projectmgr/control/projectView?projectId=9100
If I understand thing correctely, PROJECTMGR_ROLE_VIEW allows access to
entities owned by party, or if she is listed as a resource.
Any advice ?
