Adrian,
first of all, thank you for the fast response.
The issue is even admin can not login. I feel there's something wrong
with the parameters. Here's the declaration of the service in:
specialpurpose/projectmgr/servicedef/services.xml
<service name="projectMgrPermission" engine="simple"
location="component://projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml"
invoke="projectMgrPermission">
<implements service="permissionInterface"/>
<attribute name="projectId" type="String" mode="IN" optional="true"/>
<attribute name="phaseId" type="String" mode="IN" optional="true"/>
<attribute name="workEffortId" type="String" mode="IN" optional="true"/>
<attribute name="taskId" type="String" mode="IN" optional="true"/>
<attribute name="partyId" type="String" mode="IN" optional="true"/>
<attribute name="timesheetId" type="String" mode="IN" optional="true"/>
<attribute name="timeEntryId" type="String" mode="IN" optional="true"/>
</service>
None of these attributes I see them being set anywhere. Am I missing
something ?
On Fri Jul 29,2011 08:53 pm, Adrian Crum wrote:
> You have your code set up correctly. You just need to examine the
> permission service to see what conditions it is looking for to grant
> permission, then set up your user with those conditions.
>
> -Adrian
>
>
>
> On 7/29/2011 7:35 PM, Mansour Al Akeel wrote:
> > Adrian,
> > I think there's a service already that does that. However, I am not sure
> > I am using it or understand it properly.
> >
> > The service is in
> > "specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml"
> >
> > <simple-method method-name="projectMgrPermission"
> > short-description="general service to check access to the project
> > component">
> > <set field="primaryPermission" value="PROJECTMGR"/>
> > <set field="hasPermission" value="true" type="Boolean"/>
> > <set field="hasNoPermission" value="false" type="Boolean"/>
> > <set field="mainAction" from-field="parameters.mainAction"/>
> >
> > <!-- find object -->
> > <if-compare field="parameters.resourceDescription" value="Timesheet"
> > operator="contains">
> > <set field="sec_object" value="TIMESHEET"/>
> > <else>
> > <if-compare field="parameters.resourceDescription"
> > value="TimeEntry" operator="contains">
> > <set field="sec_object" value="TIMEENTRY"/>
> > <else>
> > <if-compare field="parameters.resourceDescription"
> > value="Task" operator="contains">
> > <set field="sec_object" value="TASK"/><!-- task
> > before project because of name 'getProjectTask' -->
> >
> > I am calling it from projectmgr/widget/ProjectScreens.xml. I just added
> > the<condition> part
> >
> > <screen name="ProjectView">
> > <section>
> > <condition>
> > <if-service-permission service-name="projectMgrPermission"
> > main-action="VIEW"/>
> > </condition>
> > <actions>
> > <set field="titleProperty" value="ProjectMgrProjectSummary"/>
> > <set field="tabButtonItem" value="projectView"/>
> > <set field="projectId" from-field="parameters.projectId"
> > default-value="${parameters.workEffortId}"/>
> > <service service-name="getProject" result-map="result">
> > <field-map field-name="projectId" from-field="projectId"/>
> > </service>
> >
> > The issue now is not user have access to any project.
> > What am I missing ?
> >
> > Thank you in advance.
> >
> > On Thu Jul 28,2011 11:34 pm, Adrian Crum wrote:
> >> Look in Party Manager. There are permission services that check to see
> >> if the logged-in user is connected to another party in some way before
> >> granting permission to do something.
> >>
> >> -Adrian
> >>
> >> On 7/28/2011 11:18 PM, Mansour Al Akeel wrote:
> >>> Adrian,
> >>> What would be the correct permission to use to protect projects the user
> >>> is not part of ?
> >>> I am using "PROJECTMGR_ROLE_VIEW", based on my understanding but not
> >>> sure if this is correct.
> >>>
> >>> Can you please kindly, explain (give a link) about the difference in
> >>> creating a separate service to check the permission, and specific
> >>> permission check in the screen the way I am doing it ? I understand
> >>> examples exist in another components, but examples for checking the
> >>> permission in a screen are used widely in the same file I am editing.
> >>>
> >>>
> >>> Thank you.
> >>>
> >>>
> >>> On Thu Jul 28,2011 06:51 pm, Adrian Crum wrote:
> >>>> Create a permission service, then use that in your screens instead of
> >>>> specific permission checks. You can find examples of this in the Party
> >>>> Manager.
> >>>>
> >>>> -Adrian
> >>>>
> >>>>
> >>>> On 7/28/2011 6:49 PM, Mansour Al Akeel wrote:
> >>>>> On my local system, any user with PROJECTMGR_VIEW can access projects
> >>>>> even if they are not listed as a resource. I wanted to limit this
> >>>>> permission so, I edited the ProjectScreens.xml to check for permissions.
> >>>>>
> >>>>> <screen name="ProjectView">
> >>>>> <section>
> >>>>> <condition>
> >>>>> <or>
> >>>>> <if-has-permission permission="PROJECTMGR_ADMIN"/>
> >>>>> <if-has-permission
> >>>>> permission="PROJECTMGR_ROLE_VIEW"/>
> >>>>> </or>
> >>>>> </condition>
> >>>>> <actions>
> >>>>> <set field="titleProperty"
> >>>>> value="ProjectMgrProjectSummary"/>
> >>>>> <set field="tabButtonItem" value="projectView"/>
> >>>>> <set field="projectId" from-field="parameters.projectId"
> >>>>> default-value="${parameters.workEffortId}"/>
> >>>>> <service service-name="getProject" result-map="result">
> >>>>> <field-map field-name="projectId"
> >>>>> from-field="projectId"/>
> >>>>> </service>
> >>>>> <set field="project" from-field="result.projectInfo"/>
> >>>>> </actions>
> >>>>> <widgets>
> >>>>> <decorator-screen name="CommonProjectDecorator"
> >>>>> location="${parameters.mainDecoratorLocation}">
> >>>>> <decorator-section name="body">
> >>>>> <container style="lefthalf">
> >>>>> <screenlet
> >>>>> title="${uiLabelMap.PageTitleProjectInformation}">
> >>>>> <include-form name="ProjectInfo"
> >>>>> location="component://projectmgr/widget/forms/ProjectForms.xml"/>
> >>>>> </screenlet>
> >>>>> <include-screen name="SubProjectsInfo"/>
> >>>>> <include-screen name="PhasesInfo"/>
> >>>>> </container>
> >>>>> <container style="righthalf">
> >>>>> <include-screen name="PartiesInfo"/>
> >>>>> <include-screen name="NoteInfo"/>
> >>>>> <include-screen name="ListProjectContent"/>
> >>>>> <include-screen name="OrderInfo"/>
> >>>>> </container>
> >>>>> <container style="clear"/>
> >>>>> <include-screen name="TasksInfo"/>
> >>>>> </decorator-section>
> >>>>> </decorator-screen>
> >>>>> </widgets>
> >>>>> </section>
> >>>>> </screen>
> >>>>>
> >>>>> However, a user with PROJECTMGR_ROLE_VIEW can still view any project
> >>>>> regardless if she is a member of that project or not, by navigating to:
> >>>>>
> >>>>> https://localhost:8443/projectmgr/control/projectView?projectId=9100
> >>>>>
> >>>>> If I understand thing correctely, PROJECTMGR_ROLE_VIEW allows access to
> >>>>> entities owned by party, or if she is listed as a resource.
> >>>>>
> >>>>> Any advice ?
> >>>>>
> >>>>>
