Look in Party Manager. There are permission services that check to see
if the logged-in user is connected to another party in some way before
granting permission to do something.
-Adrian
On 7/28/2011 11:18 PM, Mansour Al Akeel wrote:
Adrian,
What would be the correct permission to use to protect projects the user
is not part of ?
I am using "PROJECTMGR_ROLE_VIEW", based on my understanding but not
sure if this is correct.
Can you please kindly, explain (give a link) about the difference in
creating a separate service to check the permission, and specific
permission check in the screen the way I am doing it ? I understand
examples exist in another components, but examples for checking the
permission in a screen are used widely in the same file I am editing.
Thank you.
On Thu Jul 28,2011 06:51 pm, Adrian Crum wrote:
Create a permission service, then use that in your screens instead of
specific permission checks. You can find examples of this in the Party
Manager.
-Adrian
On 7/28/2011 6:49 PM, Mansour Al Akeel wrote:
On my local system, any user with PROJECTMGR_VIEW can access projects
even if they are not listed as a resource. I wanted to limit this
permission so, I edited the ProjectScreens.xml to check for permissions.
<screen name="ProjectView">
<section>
<condition>
<or>
<if-has-permission permission="PROJECTMGR_ADMIN"/>
<if-has-permission permission="PROJECTMGR_ROLE_VIEW"/>
</or>
</condition>
<actions>
<set field="titleProperty" value="ProjectMgrProjectSummary"/>
<set field="tabButtonItem" value="projectView"/>
<set field="projectId" from-field="parameters.projectId"
default-value="${parameters.workEffortId}"/>
<service service-name="getProject" result-map="result">
<field-map field-name="projectId" from-field="projectId"/>
</service>
<set field="project" from-field="result.projectInfo"/>
</actions>
<widgets>
<decorator-screen name="CommonProjectDecorator"
location="${parameters.mainDecoratorLocation}">
<decorator-section name="body">
<container style="lefthalf">
<screenlet
title="${uiLabelMap.PageTitleProjectInformation}">
<include-form name="ProjectInfo"
location="component://projectmgr/widget/forms/ProjectForms.xml"/>
</screenlet>
<include-screen name="SubProjectsInfo"/>
<include-screen name="PhasesInfo"/>
</container>
<container style="righthalf">
<include-screen name="PartiesInfo"/>
<include-screen name="NoteInfo"/>
<include-screen name="ListProjectContent"/>
<include-screen name="OrderInfo"/>
</container>
<container style="clear"/>
<include-screen name="TasksInfo"/>
</decorator-section>
</decorator-screen>
</widgets>
</section>
</screen>
However, a user with PROJECTMGR_ROLE_VIEW can still view any project
regardless if she is a member of that project or not, by navigating to:
https://localhost:8443/projectmgr/control/projectView?projectId=9100
If I understand thing correctely, PROJECTMGR_ROLE_VIEW allows access to
entities owned by party, or if she is listed as a resource.
Any advice ?
