Re: Protecting Project Screen from parties not listed as a resource

Thu, 28 Jul 2011 12:34:53 -0700 

sorry that did not make much sense.
so Create a new Permisson Like PERSONPROJ with just PROJECTMGR_ you want
it to have.

BJ Freeman sent the following on 7/28/2011 12:13 PM:
> there is another permission in the ProjectMgrSecurityData.xml
> PROJECTUSER
> so remove the PROJECTMGR_ from those that you don't want to have that
> permission.
> 
> 
> Mansour Al Akeel sent the following on 7/28/2011 10:49 AM:
>> On my local system, any user with PROJECTMGR_VIEW can access projects
>> even if they are not listed as a resource. I wanted to limit this
>> permission so, I edited the ProjectScreens.xml to check for permissions.
>>
>> <screen name="ProjectView">
>>     <section>
>>         <condition>
>>             <or>
>>                 <if-has-permission permission="PROJECTMGR_ADMIN"/>
>>                 <if-has-permission permission="PROJECTMGR_ROLE_VIEW"/>
>>             </or>
>>         </condition>
>>         <actions>
>>             <set field="titleProperty" value="ProjectMgrProjectSummary"/>
>>             <set field="tabButtonItem" value="projectView"/>
>>             <set field="projectId" from-field="parameters.projectId" 
>> default-value="${parameters.workEffortId}"/>
>>             <service service-name="getProject" result-map="result">
>>                 <field-map field-name="projectId" from-field="projectId"/>
>>             </service>
>>             <set field="project" from-field="result.projectInfo"/>
>>         </actions>
>>         <widgets>
>>             <decorator-screen name="CommonProjectDecorator" 
>> location="${parameters.mainDecoratorLocation}">
>>                 <decorator-section name="body">
>>                     <container style="lefthalf">
>>                         <screenlet 
>> title="${uiLabelMap.PageTitleProjectInformation}">
>>                             <include-form name="ProjectInfo" 
>> location="component://projectmgr/widget/forms/ProjectForms.xml"/>
>>                         </screenlet>
>>                         <include-screen name="SubProjectsInfo"/>
>>                         <include-screen name="PhasesInfo"/>
>>                     </container>
>>                     <container style="righthalf">
>>                         <include-screen name="PartiesInfo"/>
>>                         <include-screen name="NoteInfo"/>
>>                         <include-screen name="ListProjectContent"/>
>>                         <include-screen name="OrderInfo"/>
>>                     </container>
>>                     <container style="clear"/>
>>                     <include-screen name="TasksInfo"/>
>>                 </decorator-section>
>>             </decorator-screen>
>>         </widgets>
>>     </section>
>> </screen>
>>
>> However, a user with PROJECTMGR_ROLE_VIEW can still view any project
>> regardless if she is a member of that project or not, by navigating to:
>>
>> https://localhost:8443/projectmgr/control/projectView?projectId=9100
>>
>> If I understand thing correctely, PROJECTMGR_ROLE_VIEW allows access to
>> entities owned by party, or if she is listed as a resource. 
>>
>> Any advice ? 
>>
>>
>>
>

Reply via email to