You have your code set up correctly. You just need to examine the
permission service to see what conditions it is looking for to grant
permission, then set up your user with those conditions.
-Adrian
On 7/29/2011 7:35 PM, Mansour Al Akeel wrote:
Adrian,
I think there's a service already that does that. However, I am not sure
I am using it or understand it properly.
The service is in
"specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml"
<simple-method method-name="projectMgrPermission" short-description="general service to
check access to the project component">
<set field="primaryPermission" value="PROJECTMGR"/>
<set field="hasPermission" value="true" type="Boolean"/>
<set field="hasNoPermission" value="false" type="Boolean"/>
<set field="mainAction" from-field="parameters.mainAction"/>
<!-- find object -->
<if-compare field="parameters.resourceDescription" value="Timesheet"
operator="contains">
<set field="sec_object" value="TIMESHEET"/>
<else>
<if-compare field="parameters.resourceDescription" value="TimeEntry"
operator="contains">
<set field="sec_object" value="TIMEENTRY"/>
<else>
<if-compare field="parameters.resourceDescription" value="Task"
operator="contains">
<set field="sec_object" value="TASK"/><!-- task before
project because of name 'getProjectTask' -->
I am calling it from projectmgr/widget/ProjectScreens.xml. I just added
the<condition> part
<screen name="ProjectView">
<section>
<condition>
<if-service-permission service-name="projectMgrPermission"
main-action="VIEW"/>
</condition>
<actions>
<set field="titleProperty" value="ProjectMgrProjectSummary"/>
<set field="tabButtonItem" value="projectView"/>
<set field="projectId" from-field="parameters.projectId"
default-value="${parameters.workEffortId}"/>
<service service-name="getProject" result-map="result">
<field-map field-name="projectId" from-field="projectId"/>
</service>
The issue now is not user have access to any project.
What am I missing ?
Thank you in advance.
On Thu Jul 28,2011 11:34 pm, Adrian Crum wrote:
Look in Party Manager. There are permission services that check to see
if the logged-in user is connected to another party in some way before
granting permission to do something.
-Adrian
On 7/28/2011 11:18 PM, Mansour Al Akeel wrote:
Adrian,
What would be the correct permission to use to protect projects the user
is not part of ?
I am using "PROJECTMGR_ROLE_VIEW", based on my understanding but not
sure if this is correct.
Can you please kindly, explain (give a link) about the difference in
creating a separate service to check the permission, and specific
permission check in the screen the way I am doing it ? I understand
examples exist in another components, but examples for checking the
permission in a screen are used widely in the same file I am editing.
Thank you.
On Thu Jul 28,2011 06:51 pm, Adrian Crum wrote:
Create a permission service, then use that in your screens instead of
specific permission checks. You can find examples of this in the Party
Manager.
-Adrian
On 7/28/2011 6:49 PM, Mansour Al Akeel wrote:
On my local system, any user with PROJECTMGR_VIEW can access projects
even if they are not listed as a resource. I wanted to limit this
permission so, I edited the ProjectScreens.xml to check for permissions.
<screen name="ProjectView">
<section>
<condition>
<or>
<if-has-permission permission="PROJECTMGR_ADMIN"/>
<if-has-permission permission="PROJECTMGR_ROLE_VIEW"/>
</or>
</condition>
<actions>
<set field="titleProperty" value="ProjectMgrProjectSummary"/>
<set field="tabButtonItem" value="projectView"/>
<set field="projectId" from-field="parameters.projectId"
default-value="${parameters.workEffortId}"/>
<service service-name="getProject" result-map="result">
<field-map field-name="projectId" from-field="projectId"/>
</service>
<set field="project" from-field="result.projectInfo"/>
</actions>
<widgets>
<decorator-screen name="CommonProjectDecorator"
location="${parameters.mainDecoratorLocation}">
<decorator-section name="body">
<container style="lefthalf">
<screenlet
title="${uiLabelMap.PageTitleProjectInformation}">
<include-form name="ProjectInfo"
location="component://projectmgr/widget/forms/ProjectForms.xml"/>
</screenlet>
<include-screen name="SubProjectsInfo"/>
<include-screen name="PhasesInfo"/>
</container>
<container style="righthalf">
<include-screen name="PartiesInfo"/>
<include-screen name="NoteInfo"/>
<include-screen name="ListProjectContent"/>
<include-screen name="OrderInfo"/>
</container>
<container style="clear"/>
<include-screen name="TasksInfo"/>
</decorator-section>
</decorator-screen>
</widgets>
</section>
</screen>
However, a user with PROJECTMGR_ROLE_VIEW can still view any project
regardless if she is a member of that project or not, by navigating to:
https://localhost:8443/projectmgr/control/projectView?projectId=9100
If I understand thing correctely, PROJECTMGR_ROLE_VIEW allows access to
entities owned by party, or if she is listed as a resource.
Any advice ?
