Adrian,
What would be the correct permission to use to protect projects the user
is not part of ?
I am using "PROJECTMGR_ROLE_VIEW", based on my understanding but not
sure if this is correct.
Can you please kindly, explain (give a link) about the difference in
creating a separate service to check the permission, and specific
permission check in the screen the way I am doing it ? I understand
examples exist in another components, but examples for checking the
permission in a screen are used widely in the same file I am editing.
Thank you.
On Thu Jul 28,2011 06:51 pm, Adrian Crum wrote:
> Create a permission service, then use that in your screens instead of
> specific permission checks. You can find examples of this in the Party
> Manager.
>
> -Adrian
>
>
> On 7/28/2011 6:49 PM, Mansour Al Akeel wrote:
> > On my local system, any user with PROJECTMGR_VIEW can access projects
> > even if they are not listed as a resource. I wanted to limit this
> > permission so, I edited the ProjectScreens.xml to check for permissions.
> >
> > <screen name="ProjectView">
> > <section>
> > <condition>
> > <or>
> > <if-has-permission permission="PROJECTMGR_ADMIN"/>
> > <if-has-permission permission="PROJECTMGR_ROLE_VIEW"/>
> > </or>
> > </condition>
> > <actions>
> > <set field="titleProperty" value="ProjectMgrProjectSummary"/>
> > <set field="tabButtonItem" value="projectView"/>
> > <set field="projectId" from-field="parameters.projectId"
> > default-value="${parameters.workEffortId}"/>
> > <service service-name="getProject" result-map="result">
> > <field-map field-name="projectId" from-field="projectId"/>
> > </service>
> > <set field="project" from-field="result.projectInfo"/>
> > </actions>
> > <widgets>
> > <decorator-screen name="CommonProjectDecorator"
> > location="${parameters.mainDecoratorLocation}">
> > <decorator-section name="body">
> > <container style="lefthalf">
> > <screenlet
> > title="${uiLabelMap.PageTitleProjectInformation}">
> > <include-form name="ProjectInfo"
> > location="component://projectmgr/widget/forms/ProjectForms.xml"/>
> > </screenlet>
> > <include-screen name="SubProjectsInfo"/>
> > <include-screen name="PhasesInfo"/>
> > </container>
> > <container style="righthalf">
> > <include-screen name="PartiesInfo"/>
> > <include-screen name="NoteInfo"/>
> > <include-screen name="ListProjectContent"/>
> > <include-screen name="OrderInfo"/>
> > </container>
> > <container style="clear"/>
> > <include-screen name="TasksInfo"/>
> > </decorator-section>
> > </decorator-screen>
> > </widgets>
> > </section>
> > </screen>
> >
> > However, a user with PROJECTMGR_ROLE_VIEW can still view any project
> > regardless if she is a member of that project or not, by navigating to:
> >
> > https://localhost:8443/projectmgr/control/projectView?projectId=9100
> >
> > If I understand thing correctely, PROJECTMGR_ROLE_VIEW allows access to
> > entities owned by party, or if she is listed as a resource.
> >
> > Any advice ?
> >
> >
