Adrian,
I think there's a service already that does that. However, I am not sure
I am using it or understand it properly.
The service is in
"specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml"
<simple-method method-name="projectMgrPermission" short-description="general
service to check access to the project component">
<set field="primaryPermission" value="PROJECTMGR"/>
<set field="hasPermission" value="true" type="Boolean"/>
<set field="hasNoPermission" value="false" type="Boolean"/>
<set field="mainAction" from-field="parameters.mainAction"/>
<!-- find object -->
<if-compare field="parameters.resourceDescription" value="Timesheet"
operator="contains">
<set field="sec_object" value="TIMESHEET"/>
<else>
<if-compare field="parameters.resourceDescription"
value="TimeEntry" operator="contains">
<set field="sec_object" value="TIMEENTRY"/>
<else>
<if-compare field="parameters.resourceDescription"
value="Task" operator="contains">
<set field="sec_object" value="TASK"/><!-- task before
project because of name 'getProjectTask' -->
I am calling it from projectmgr/widget/ProjectScreens.xml. I just added the
<condition> part
<screen name="ProjectView">
<section>
<condition>
<if-service-permission service-name="projectMgrPermission"
main-action="VIEW"/>
</condition>
<actions>
<set field="titleProperty" value="ProjectMgrProjectSummary"/>
<set field="tabButtonItem" value="projectView"/>
<set field="projectId" from-field="parameters.projectId"
default-value="${parameters.workEffortId}"/>
<service service-name="getProject" result-map="result">
<field-map field-name="projectId" from-field="projectId"/>
</service>
The issue now is not user have access to any project.
What am I missing ?
Thank you in advance.
On Thu Jul 28,2011 11:34 pm, Adrian Crum wrote:
> Look in Party Manager. There are permission services that check to see
> if the logged-in user is connected to another party in some way before
> granting permission to do something.
>
> -Adrian
>
> On 7/28/2011 11:18 PM, Mansour Al Akeel wrote:
> > Adrian,
> > What would be the correct permission to use to protect projects the user
> > is not part of ?
> > I am using "PROJECTMGR_ROLE_VIEW", based on my understanding but not
> > sure if this is correct.
> >
> > Can you please kindly, explain (give a link) about the difference in
> > creating a separate service to check the permission, and specific
> > permission check in the screen the way I am doing it ? I understand
> > examples exist in another components, but examples for checking the
> > permission in a screen are used widely in the same file I am editing.
> >
> >
> > Thank you.
> >
> >
> > On Thu Jul 28,2011 06:51 pm, Adrian Crum wrote:
> >> Create a permission service, then use that in your screens instead of
> >> specific permission checks. You can find examples of this in the Party
> >> Manager.
> >>
> >> -Adrian
> >>
> >>
> >> On 7/28/2011 6:49 PM, Mansour Al Akeel wrote:
> >>> On my local system, any user with PROJECTMGR_VIEW can access projects
> >>> even if they are not listed as a resource. I wanted to limit this
> >>> permission so, I edited the ProjectScreens.xml to check for permissions.
> >>>
> >>> <screen name="ProjectView">
> >>> <section>
> >>> <condition>
> >>> <or>
> >>> <if-has-permission permission="PROJECTMGR_ADMIN"/>
> >>> <if-has-permission permission="PROJECTMGR_ROLE_VIEW"/>
> >>> </or>
> >>> </condition>
> >>> <actions>
> >>> <set field="titleProperty"
> >>> value="ProjectMgrProjectSummary"/>
> >>> <set field="tabButtonItem" value="projectView"/>
> >>> <set field="projectId" from-field="parameters.projectId"
> >>> default-value="${parameters.workEffortId}"/>
> >>> <service service-name="getProject" result-map="result">
> >>> <field-map field-name="projectId"
> >>> from-field="projectId"/>
> >>> </service>
> >>> <set field="project" from-field="result.projectInfo"/>
> >>> </actions>
> >>> <widgets>
> >>> <decorator-screen name="CommonProjectDecorator"
> >>> location="${parameters.mainDecoratorLocation}">
> >>> <decorator-section name="body">
> >>> <container style="lefthalf">
> >>> <screenlet
> >>> title="${uiLabelMap.PageTitleProjectInformation}">
> >>> <include-form name="ProjectInfo"
> >>> location="component://projectmgr/widget/forms/ProjectForms.xml"/>
> >>> </screenlet>
> >>> <include-screen name="SubProjectsInfo"/>
> >>> <include-screen name="PhasesInfo"/>
> >>> </container>
> >>> <container style="righthalf">
> >>> <include-screen name="PartiesInfo"/>
> >>> <include-screen name="NoteInfo"/>
> >>> <include-screen name="ListProjectContent"/>
> >>> <include-screen name="OrderInfo"/>
> >>> </container>
> >>> <container style="clear"/>
> >>> <include-screen name="TasksInfo"/>
> >>> </decorator-section>
> >>> </decorator-screen>
> >>> </widgets>
> >>> </section>
> >>> </screen>
> >>>
> >>> However, a user with PROJECTMGR_ROLE_VIEW can still view any project
> >>> regardless if she is a member of that project or not, by navigating to:
> >>>
> >>> https://localhost:8443/projectmgr/control/projectView?projectId=9100
> >>>
> >>> If I understand thing correctely, PROJECTMGR_ROLE_VIEW allows access to
> >>> entities owned by party, or if she is listed as a resource.
> >>>
> >>> Any advice ?
> >>>
> >>>
